Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tarantool-2.6.0/extra/lemon.c
Examining data/tarantool-2.6.0/extra/mkkeywordhash.c
Examining data/tarantool-2.6.0/extra/txt2c.c
Examining data/tarantool-2.6.0/extra/lempar.c
Examining data/tarantool-2.6.0/extra/bin2c.c
Examining data/tarantool-2.6.0/third_party/base64.h
Examining data/tarantool-2.6.0/third_party/tarantool_ev.h
Examining data/tarantool-2.6.0/third_party/coro/conftest.c
Examining data/tarantool-2.6.0/third_party/coro/coro.h
Examining data/tarantool-2.6.0/third_party/coro/coro.c
Examining data/tarantool-2.6.0/third_party/tarantool_eio.c
Examining data/tarantool-2.6.0/third_party/qsort_arg.c
Examining data/tarantool-2.6.0/third_party/qsort_arg_mt.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares__sortaddrinfo.c
Examining data/tarantool-2.6.0/third_party/c-ares/windows_port.c
Examining data/tarantool-2.6.0/third_party/c-ares/bitncmp.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_strcasecmp.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_init.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_private.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_parse_a_reply.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_library_init.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_search.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_data.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_getopt.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_getenv.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyaddr.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_nowarn.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares__close_sockets.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_iphlpapi.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares__readaddrinfo.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_android.c
Examining data/tarantool-2.6.0/third_party/c-ares/nameser.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_library_init.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_strerror.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_version.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_getenv.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_strsplit.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_timeout.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_llist.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_parse_aaaa_reply.c
Examining data/tarantool-2.6.0/third_party/c-ares/adig.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_process.c
Examining data/tarantool-2.6.0/third_party/c-ares/config-win32.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_cancel.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_getsock.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_version.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_strcasecmp.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_writev.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_nowarn.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_freeaddrinfo.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_send.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_expand_name.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_free_string.c
Examining data/tarantool-2.6.0/third_party/c-ares/acountry.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_free_hostent.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_writev.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_parse_ns_reply.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares__get_hostent.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_ipv6.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_destroy.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_platform.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_inet_net_pton.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_getopt.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_llist.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares__timeval.c
Examining data/tarantool-2.6.0/third_party/c-ares/setup_once.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_mkquery.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_dns.h
Examining data/tarantool-2.6.0/third_party/c-ares/inet_net_pton.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_parse_ptr_reply.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares__read_line.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_fds.c
Examining data/tarantool-2.6.0/third_party/c-ares/ahost.c
Examining data/tarantool-2.6.0/third_party/c-ares/config-dos.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_parse_soa_reply.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_parse_mx_reply.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_create_query.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares__parse_into_addrinfo.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_strsplit.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_parse_srv_reply.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_parse_txt_reply.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_rules.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_getaddrinfo.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_expand_string.c
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-parse.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-parse-mx.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test.h
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-parse-a.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-parse-soa.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-fuzz.c
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-fuzz-name.c
Examining data/tarantool-2.6.0/third_party/c-ares/test/dns-proto-test.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-parse-txt.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-main.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-parse-srv.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/dns-dump.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-parse-aaaa.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-ai.h
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/dns-proto.h
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-parse-naptr.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-misc.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/dns-proto.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-fuzz.c
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-parse-ns.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-parse-ptr.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-mock.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-mock-ai.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-init.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-ns.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/ares-test-internal.cc
Examining data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock/gmock.h
Examining data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gtest/gtest.h
Examining data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc
Examining data/tarantool-2.6.0/third_party/c-ares/ares_options.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_platform.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_android.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_query.c
Examining data/tarantool-2.6.0/third_party/c-ares/inet_ntop.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_strdup.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_data.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_strdup.c
Examining data/tarantool-2.6.0/third_party/c-ares/bitncmp.c
Examining data/tarantool-2.6.0/third_party/c-ares/ares_setup.h
Examining data/tarantool-2.6.0/third_party/c-ares/ares_parse_naptr_reply.c
Examining data/tarantool-2.6.0/third_party/memmem.c
Examining data/tarantool-2.6.0/third_party/tarantool_ev.c
Examining data/tarantool-2.6.0/third_party/compat/unwind.h
Examining data/tarantool-2.6.0/third_party/compat/sys/bsd_time.h
Examining data/tarantool-2.6.0/third_party/lua-yaml/b64.h
Examining data/tarantool-2.6.0/third_party/lua-yaml/lyaml.h
Examining data/tarantool-2.6.0/third_party/lua-yaml/lyaml.cc
Examining data/tarantool-2.6.0/third_party/lua-yaml/b64.c
Examining data/tarantool-2.6.0/third_party/sha1.c
Examining data/tarantool-2.6.0/third_party/libeio/xthread.h
Examining data/tarantool-2.6.0/third_party/libeio/ecb.h
Examining data/tarantool-2.6.0/third_party/libeio/demo.c
Examining data/tarantool-2.6.0/third_party/libeio/eio.h
Examining data/tarantool-2.6.0/third_party/libeio/etp.c
Examining data/tarantool-2.6.0/third_party/libeio/eio.c
Examining data/tarantool-2.6.0/third_party/libev/ev_win32.c
Examining data/tarantool-2.6.0/third_party/libev/ev_vars.h
Examining data/tarantool-2.6.0/third_party/libev/ev_wrap.h
Examining data/tarantool-2.6.0/third_party/libev/ev_epoll.c
Examining data/tarantool-2.6.0/third_party/libev/ev_kqueue.c
Examining data/tarantool-2.6.0/third_party/libev/ev.c
Examining data/tarantool-2.6.0/third_party/libev/ev++.h
Examining data/tarantool-2.6.0/third_party/libev/ev_select.c
Examining data/tarantool-2.6.0/third_party/libev/event.h
Examining data/tarantool-2.6.0/third_party/libev/ev_port.c
Examining data/tarantool-2.6.0/third_party/libev/ev_poll.c
Examining data/tarantool-2.6.0/third_party/libev/event_compat.h
Examining data/tarantool-2.6.0/third_party/libev/ev.h
Examining data/tarantool-2.6.0/third_party/libev/event.c
Examining data/tarantool-2.6.0/third_party/luarocks/spec/fixtures/mixed_deploy_type/mdt.c
Examining data/tarantool-2.6.0/third_party/luarocks/spec/fixtures/double_deploy_type/ddt.c
Examining data/tarantool-2.6.0/third_party/luarocks/spec/fixtures/with_external_dep.c
Examining data/tarantool-2.6.0/third_party/luarocks/spec/fixtures/with_external_dep/foo/foo.h
Examining data/tarantool-2.6.0/third_party/luarocks/win32/lua5.1/include/luaconf.h
Examining data/tarantool-2.6.0/third_party/luarocks/win32/lua5.1/include/lua.hpp
Examining data/tarantool-2.6.0/third_party/luarocks/win32/lua5.1/include/lauxlib.h
Examining data/tarantool-2.6.0/third_party/luarocks/win32/lua5.1/include/lualib.h
Examining data/tarantool-2.6.0/third_party/luarocks/win32/lua5.1/include/lua.h
Examining data/tarantool-2.6.0/third_party/crc32.h
Examining data/tarantool-2.6.0/third_party/PMurHash.c
Examining data/tarantool-2.6.0/third_party/memrchr.c
Examining data/tarantool-2.6.0/third_party/qsort_arg.h
Examining data/tarantool-2.6.0/third_party/decNumber/decSingle.c
Examining data/tarantool-2.6.0/third_party/decNumber/decQuad.c
Examining data/tarantool-2.6.0/third_party/decNumber/decBasic.c
Examining data/tarantool-2.6.0/third_party/decNumber/decimal64.c
Examining data/tarantool-2.6.0/third_party/decNumber/example5.c
Examining data/tarantool-2.6.0/third_party/decNumber/example3.c
Examining data/tarantool-2.6.0/third_party/decNumber/example6.c
Examining data/tarantool-2.6.0/third_party/decNumber/decimal64.h
Examining data/tarantool-2.6.0/third_party/decNumber/decSingle.h
Examining data/tarantool-2.6.0/third_party/decNumber/decContext.h
Examining data/tarantool-2.6.0/third_party/decNumber/decNumber.h
Examining data/tarantool-2.6.0/third_party/decNumber/decPacked.c
Examining data/tarantool-2.6.0/third_party/decNumber/decimal128.h
Examining data/tarantool-2.6.0/third_party/decNumber/example8.c
Examining data/tarantool-2.6.0/third_party/decNumber/decDouble.c
Examining data/tarantool-2.6.0/third_party/decNumber/decimal128.c
Examining data/tarantool-2.6.0/third_party/decNumber/example2.c
Examining data/tarantool-2.6.0/third_party/decNumber/example7.c
Examining data/tarantool-2.6.0/third_party/decNumber/decNumberLocal.h
Examining data/tarantool-2.6.0/third_party/decNumber/decimal32.h
Examining data/tarantool-2.6.0/third_party/decNumber/decCommon.c
Examining data/tarantool-2.6.0/third_party/decNumber/decNumber.c
Examining data/tarantool-2.6.0/third_party/decNumber/decPacked.h
Examining data/tarantool-2.6.0/third_party/decNumber/example1.c
Examining data/tarantool-2.6.0/third_party/decNumber/decDouble.h
Examining data/tarantool-2.6.0/third_party/decNumber/decContext.c
Examining data/tarantool-2.6.0/third_party/decNumber/example4.c
Examining data/tarantool-2.6.0/third_party/decNumber/decQuad.h
Examining data/tarantool-2.6.0/third_party/decNumber/decDPD.h
Examining data/tarantool-2.6.0/third_party/decNumber/decimal32.c
Examining data/tarantool-2.6.0/third_party/lua-cjson/lua_cjson.h
Examining data/tarantool-2.6.0/third_party/lua-cjson/strbuf.c
Examining data/tarantool-2.6.0/third_party/lua-cjson/lua_cjson.c
Examining data/tarantool-2.6.0/third_party/lua-cjson/strbuf.h
Examining data/tarantool-2.6.0/third_party/base64.c
Examining data/tarantool-2.6.0/third_party/zstd/programs/dibio.c
Examining data/tarantool-2.6.0/third_party/zstd/programs/platform.h
Examining data/tarantool-2.6.0/third_party/zstd/programs/windres/verrsrc.h
Examining data/tarantool-2.6.0/third_party/zstd/programs/bench.c
Examining data/tarantool-2.6.0/third_party/zstd/programs/dibio.h
Examining data/tarantool-2.6.0/third_party/zstd/programs/fileio.h
Examining data/tarantool-2.6.0/third_party/zstd/programs/util.h
Examining data/tarantool-2.6.0/third_party/zstd/programs/datagen.c
Examining data/tarantool-2.6.0/third_party/zstd/programs/fileio.c
Examining data/tarantool-2.6.0/third_party/zstd/programs/datagen.h
Examining data/tarantool-2.6.0/third_party/zstd/programs/bench.h
Examining data/tarantool-2.6.0/third_party/zstd/programs/zstdcli.c
Examining data/tarantool-2.6.0/third_party/zstd/examples/dictionary_decompression.c
Examining data/tarantool-2.6.0/third_party/zstd/examples/streaming_compression.c
Examining data/tarantool-2.6.0/third_party/zstd/examples/dictionary_compression.c
Examining data/tarantool-2.6.0/third_party/zstd/examples/streaming_memory_usage.c
Examining data/tarantool-2.6.0/third_party/zstd/examples/multiple_streaming_compression.c
Examining data/tarantool-2.6.0/third_party/zstd/examples/simple_compression.c
Examining data/tarantool-2.6.0/third_party/zstd/examples/streaming_decompression.c
Examining data/tarantool-2.6.0/third_party/zstd/examples/simple_decompression.c
Examining data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/fitblk.c
Examining data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/zwrapbench.c
Examining data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example_original.c
Examining data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c
Examining data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example.c
Examining data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/fitblk_original.c
Examining data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzcompatibility.h
Examining data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c
Examining data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzguts.h
Examining data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzclose.c
Examining data/tarantool-2.6.0/third_party/zstd/zlibWrapper/zstd_zlibwrapper.h
Examining data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzlib.c
Examining data/tarantool-2.6.0/third_party/zstd/zlibWrapper/zstd_zlibwrapper.c
Examining data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzread.c
Examining data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/zstd_decompress.h
Examining data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/harness.c
Examining data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/zstd_decompress.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/zbufftest.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/symbols.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/legacy.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/namespaceTest.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/fullbench.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/longmatch.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/poolTests.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/roundTripCrash.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/seqgen.h
Examining data/tarantool-2.6.0/third_party/zstd/tests/zstreamtest.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/paramgrill.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/seqgen.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/fuzzer.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/fuzz/regression_driver.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/fuzz/zstd_helpers.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/fuzz/simple_decompress.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/fuzz/simple_round_trip.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/fuzz/block_round_trip.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/fuzz/zstd_helpers.h
Examining data/tarantool-2.6.0/third_party/zstd/tests/fuzz/fuzz.h
Examining data/tarantool-2.6.0/third_party/zstd/tests/fuzz/stream_decompress.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/fuzz/stream_round_trip.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/fuzz/fuzz_helpers.h
Examining data/tarantool-2.6.0/third_party/zstd/tests/fuzz/block_decompress.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/decodecorpus.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/invalidDictionaries.c
Examining data/tarantool-2.6.0/third_party/zstd/tests/datagencli.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v02.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v03.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v01.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_legacy.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v03.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v02.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v01.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/deprecated/zbuff_common.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/deprecated/zbuff_decompress.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/deprecated/zbuff.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/deprecated/zbuff_compress.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/dictBuilder/zdict.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/dictBuilder/cover.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/dictBuilder/divsufsort.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/dictBuilder/zdict.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/dictBuilder/divsufsort.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/decompress/huf_decompress.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/zstd.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_fast.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_lazy.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_double_fast.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_compress_internal.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/huf_compress.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_compress.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_opt.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_fast.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/zstdmt_compress.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_opt.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_double_fast.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/fse_compress.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_ldm.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/zstdmt_compress.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_ldm.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_lazy.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/huf.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/bitstream.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/fse.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/zstd_internal.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/pool.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/error_private.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/compiler.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/zstd_common.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/threading.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/threading.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/error_private.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/mem.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/fse_decompress.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/xxhash.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/zstd_errors.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/xxhash.c
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/pool.h
Examining data/tarantool-2.6.0/third_party/zstd/lib/common/entropy_common.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/main.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/Options.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/Logging.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/ErrorHolder.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/SkippableFrame.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/SkippableFrame.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/Options.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/Pzstd.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/Pzstd.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/RoundTrip.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/RoundTripTest.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/PzstdTest.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/OptionsTest.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/Range.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/FileSystem.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/ThreadPool.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/WorkQueue.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/Likely.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/ResourcePool.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/test/RangeTest.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/test/ThreadPoolTest.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/test/ResourcePoolTest.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/test/BufferTest.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/test/ScopeGuardTest.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/test/WorkQueueTest.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/ScopeGuard.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/Buffer.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/seekable_decompression.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/parallel_processing.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/parallel_compression.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/seekable_compression.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/zstdseek_decompress.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/zstdseek_compress.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/zstd_seekable.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/gen_html/gen_html.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/ldm_common.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/ldm.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/ldm_params.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/main.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/ldm.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/fs/squashfs/zstd_wrapper.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/fs/btrfs/zstd.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/zstd_compress_test.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/xxhash_test.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/include/linux/xxhash.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/include/linux/zstd.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/zstd_decompress_test.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/huf.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/bitstream.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/fse.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/huf_decompress.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/zstd_internal.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/error_private.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/huf_compress.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/zstd_common.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/zstd_opt.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/mem.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/fse_decompress.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/fse_compress.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/entropy_common.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/xxhash.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/RoundTripCrash.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/XXHashUserlandTest.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/include/linux/errno.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/include/linux/compiler.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/include/linux/string.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/include/linux/types.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/include/linux/module.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/include/linux/math64.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/include/linux/kernel.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/include/asm/unaligned.h
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/DecompressCrash.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/UserlandTest.cpp
Examining data/tarantool-2.6.0/third_party/zstd/contrib/adaptive-compression/adapt.c
Examining data/tarantool-2.6.0/third_party/zstd/contrib/adaptive-compression/datagencli.c
Examining data/tarantool-2.6.0/third_party/crc32.c
Examining data/tarantool-2.6.0/third_party/sptree.h
Examining data/tarantool-2.6.0/third_party/sha1.h
Examining data/tarantool-2.6.0/third_party/libyaml/include/yaml.h
Examining data/tarantool-2.6.0/third_party/libyaml/src/api.c
Examining data/tarantool-2.6.0/third_party/libyaml/src/loader.c
Examining data/tarantool-2.6.0/third_party/libyaml/src/dumper.c
Examining data/tarantool-2.6.0/third_party/libyaml/src/yaml_private.h
Examining data/tarantool-2.6.0/third_party/libyaml/src/scanner.c
Examining data/tarantool-2.6.0/third_party/libyaml/src/parser.c
Examining data/tarantool-2.6.0/third_party/libyaml/src/emitter.c
Examining data/tarantool-2.6.0/third_party/libyaml/src/reader.c
Examining data/tarantool-2.6.0/third_party/libyaml/src/writer.c
Examining data/tarantool-2.6.0/third_party/libyaml/tests/run-scanner.c
Examining data/tarantool-2.6.0/third_party/libyaml/tests/example-reformatter.c
Examining data/tarantool-2.6.0/third_party/libyaml/tests/example-reformatter-alt.c
Examining data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter.c
Examining data/tarantool-2.6.0/third_party/libyaml/tests/example-deconstructor-alt.c
Examining data/tarantool-2.6.0/third_party/libyaml/tests/test-reader.c
Examining data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter-test-suite.c
Examining data/tarantool-2.6.0/third_party/libyaml/tests/run-parser.c
Examining data/tarantool-2.6.0/third_party/libyaml/tests/run-parser-test-suite.c
Examining data/tarantool-2.6.0/third_party/libyaml/tests/test-version.c
Examining data/tarantool-2.6.0/third_party/libyaml/tests/example-deconstructor.c
Examining data/tarantool-2.6.0/third_party/libyaml/tests/run-dumper.c
Examining data/tarantool-2.6.0/third_party/libyaml/tests/run-loader.c
Examining data/tarantool-2.6.0/third_party/tarantool_eio.h
Examining data/tarantool-2.6.0/third_party/PMurHash.h
Examining data/tarantool-2.6.0/third_party/libutil_freebsd/flopen.c
Examining data/tarantool-2.6.0/third_party/libutil_freebsd/libutil.h
Examining data/tarantool-2.6.0/third_party/libutil_freebsd/pidfile.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_opt_split.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_ccall.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_cparse.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_target_arm.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lib_io.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_trace.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lib_debug.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_char.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_bcread.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_emit_mips.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_cconv.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_emit_ppc.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_crecord.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_target_x86.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_meta.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_str.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lib_jit.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_opt_loop.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_dispatch.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_ir.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_vmmath.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_ff.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_err.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_carith.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_snap.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_profile.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_mcode.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_def.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lib_bit.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_lex.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_vm.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_carith.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_emit_arm64.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lib_ffi.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lib_os.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_lib.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_vmevent.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_cconv.c
Examining data/tarantool-2.6.0/third_party/luajit/src/luaconf.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_target_arm64.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lib_base.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_err.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_asm.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_gdbjit.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_udata.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_target.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_gc.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_bc.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_asm_arm.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_mcode.h
Examining data/tarantool-2.6.0/third_party/luajit/src/luajit.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_tab.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_errmsg.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lib_aux.c
Examining data/tarantool-2.6.0/third_party/luajit/src/ljamalg.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_jit.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_traceerr.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_parse.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_crecord.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_opt_mem.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_tab.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_opt_dce.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_target_ppc.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lib_table.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_ccallback.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_bcwrite.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_emit_x86.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_parse.c
Examining data/tarantool-2.6.0/third_party/luajit/src/host/buildvm.h
Examining data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c
Examining data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_peobj.c
Examining data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_libbc.h
Examining data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_fold.c
Examining data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c
Examining data/tarantool-2.6.0/third_party/luajit/src/host/buildvm.c
Examining data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_asm.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_frame.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_obj.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_cparse.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_udata.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_buf.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_opt_sink.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_vmevent.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_bcdump.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_func.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_state.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_ccallback.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lib_package.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_ircall.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_opt_fold.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_char.h
Examining data/tarantool-2.6.0/third_party/luajit/src/luajit.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_ctype.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lua.hpp
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_dispatch.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_cdata.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_debug.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_lex.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_clib.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_target_mips.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_ffrecord.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_record.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lauxlib.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_arch.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_ir.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_asm_ppc.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lualib.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt_num.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_opt_narrow.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_func.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_str.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lib_string.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_obj.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_emit_arm.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_strscan.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_api.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_bc.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_debug.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_buf.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_load.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_alloc.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lua.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_cdata.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_asm_x86.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_profile.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_trace.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_asm.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_state.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_lib.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_gdbjit.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_clib.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_record.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_ctype.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lib_math.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_ffrecord.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_asm_mips.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lib_init.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_iropt.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_gc.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_ccall.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_meta.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_strscan.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_alloc.c
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_asm_arm64.h
Examining data/tarantool-2.6.0/third_party/luajit/src/lj_snap.h
Examining data/tarantool-2.6.0/third_party/luajit/dynasm/dasm_arm64.h
Examining data/tarantool-2.6.0/third_party/luajit/dynasm/dasm_ppc.h
Examining data/tarantool-2.6.0/third_party/luajit/dynasm/dasm_x86.h
Examining data/tarantool-2.6.0/third_party/luajit/dynasm/dasm_arm.h
Examining data/tarantool-2.6.0/third_party/luajit/dynasm/dasm_proto.h
Examining data/tarantool-2.6.0/third_party/luajit/dynasm/dasm_mips.h
Examining data/tarantool-2.6.0/third_party/luajit/test/lj-flush-on-trace/libflush.c
Examining data/tarantool-2.6.0/third_party/luajit/test/gh-4427-ffi-sandwich/libsandwich.c
Examining data/tarantool-2.6.0/third_party/clock_gettime.c
Examining data/tarantool-2.6.0/third_party/queue.h
Examining data/tarantool-2.6.0/third_party/curl/CMake/CurlTests.c
Examining data/tarantool-2.6.0/third_party/curl/projects/wolfssl_options.h
Examining data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.h
Examining data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.h
Examining data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c
Examining data/tarantool-2.6.0/third_party/curl/packages/OS400/chkstrings.c
Examining data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c
Examining data/tarantool-2.6.0/third_party/curl/packages/vms/curlmsg_vms.h
Examining data/tarantool-2.6.0/third_party/curl/packages/vms/curlmsg.h
Examining data/tarantool-2.6.0/third_party/curl/packages/vms/curl_crtl_init.c
Examining data/tarantool-2.6.0/third_party/curl/packages/vms/vms_eco_level.h
Examining data/tarantool-2.6.0/third_party/curl/packages/vms/report_openssl_version.c
Examining data/tarantool-2.6.0/third_party/curl/include/curl/stdcheaders.h
Examining data/tarantool-2.6.0/third_party/curl/include/curl/system.h
Examining data/tarantool-2.6.0/third_party/curl/include/curl/easy.h
Examining data/tarantool-2.6.0/third_party/curl/include/curl/curlver.h
Examining data/tarantool-2.6.0/third_party/curl/include/curl/typecheck-gcc.h
Examining data/tarantool-2.6.0/third_party/curl/include/curl/multi.h
Examining data/tarantool-2.6.0/third_party/curl/include/curl/urlapi.h
Examining data/tarantool-2.6.0/third_party/curl/include/curl/curl.h
Examining data/tarantool-2.6.0/third_party/curl/include/curl/mprintf.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_cb_hdr.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_progress.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_getpass.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_setopt.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_operhlp.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_cb_see.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_helpers.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_cb_wrt.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_libinfo.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_help.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_easysrc.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_getpass.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_operate.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_cb_dbg.c
Examining data/tarantool-2.6.0/third_party/curl/src/macos/src/curl_GUSIConfig.cpp
Examining data/tarantool-2.6.0/third_party/curl/src/macos/src/macos_main.cpp
Examining data/tarantool-2.6.0/third_party/curl/src/tool_vms.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_msgs.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_cb_hdr.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_binmode.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_paramhlp.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_sleep.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_msgs.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_easysrc.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_util.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_operate.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_writeout_json.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_version.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_cb_see.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_convert.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_util.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_formparse.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_cb_wrt.c
Examining data/tarantool-2.6.0/third_party/curl/src/slist_wc.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_help.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_cb_rea.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_setup.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_writeout.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_cb_prg.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_sleep.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_metalink.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_strdup.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_writeout_json.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_panykey.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_sdecls.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_homedir.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_getparam.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_operhlp.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_convert.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_bname.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_progress.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_doswin.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_xattr.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_cb_dbg.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_binmode.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_cb_rea.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_filetime.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_filetime.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_main.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_helpers.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_dirhie.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_writeout.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_formparse.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_setopt.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_homedir.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_xattr.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_cfgable.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_paramhlp.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_dirhie.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_panykey.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_cfgable.c
Examining data/tarantool-2.6.0/third_party/curl/src/slist_wc.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_parsecfg.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_parsecfg.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_libinfo.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_vms.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_cb_prg.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_main.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_hugehelp.h
Examining data/tarantool-2.6.0/third_party/curl/src/tool_strdup.c
Examining data/tarantool-2.6.0/third_party/curl/src/tool_bname.h
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/libauthretry.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib525.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1523.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1591.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib643.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1511.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1533.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1564.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1557.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib589.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib568.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1905.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1910.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1556.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1550.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1537.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1509.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/testtrace.h
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/sethostname.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1501.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1594.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib547.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1565.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib537.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1538.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib513.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib668.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1555.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib505.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1554.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib552.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1532.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib554.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1593.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/chkhostname.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib572.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib562.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib599.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/test.h
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib503.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1536.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/first.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1502.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib659.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib560.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1517.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib579.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib571.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1508.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib521.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1900.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1541.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1507.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1525.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1518.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib574.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib511.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib667.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1592.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib544.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib578.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1908.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib509.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1156.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib518.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib512.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1500.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib549.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1512.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1559.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib658.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib653.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/stub_gssapi.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/sethostname.h
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib590.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib555.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib583.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1553.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib661.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1534.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1528.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib582.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib570.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1515.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib501.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib597.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib515.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1535.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1558.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1552.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1514.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib556.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib530.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib559.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1520.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib553.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1526.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib508.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/testutil.h
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib540.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib541.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib598.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1506.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib564.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1551.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib567.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib575.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/stub_gssapi.h
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib591.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/chkdecimalpoint.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1513.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib650.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib500.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib516.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1522.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib502.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1907.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib539.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib566.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib670.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib523.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/libntlmconnect.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib666.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib510.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib520.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib504.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib517.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1530.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib586.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib526.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib542.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1531.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib543.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib569.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib652.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1510.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib533.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/testutil.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib514.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib507.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib655.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib519.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1540.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib576.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib651.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib506.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib654.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib524.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1529.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/testtrace.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1906.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1527.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1560.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib573.c
Examining data/tarantool-2.6.0/third_party/curl/tests/libtest/lib558.c
Examining data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c
Examining data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c
Examining data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c
Examining data/tarantool-2.6.0/third_party/curl/tests/server/server_setup.h
Examining data/tarantool-2.6.0/third_party/curl/tests/server/tftpd.c
Examining data/tarantool-2.6.0/third_party/curl/tests/server/sockfilt.c
Examining data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c
Examining data/tarantool-2.6.0/third_party/curl/tests/server/tftp.h
Examining data/tarantool-2.6.0/third_party/curl/tests/server/util.h
Examining data/tarantool-2.6.0/third_party/curl/tests/server/getpart.h
Examining data/tarantool-2.6.0/third_party/curl/tests/server/sws.c
Examining data/tarantool-2.6.0/third_party/curl/tests/server/disabled.c
Examining data/tarantool-2.6.0/third_party/curl/tests/server/fake_ntlm.c
Examining data/tarantool-2.6.0/third_party/curl/tests/server/testpart.c
Examining data/tarantool-2.6.0/third_party/curl/tests/server/util.c
Examining data/tarantool-2.6.0/third_party/curl/tests/server/server_sockaddr.h
Examining data/tarantool-2.6.0/third_party/curl/tests/server/resolve.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1309.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1301.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1655.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1398.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1652.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1650.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1399.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1653.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1396.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1395.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1609.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1305.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1300.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1600.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1605.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1304.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1612.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1621.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1602.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1604.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1608.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1323.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1302.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1303.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1330.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1394.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1654.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1607.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1606.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/curlcheck.h
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1308.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1651.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1307.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1610.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1611.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1601.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1620.c
Examining data/tarantool-2.6.0/third_party/curl/tests/unit/unit1397.c
Examining data/tarantool-2.6.0/third_party/curl/lib/smtp.h
Examining data/tarantool-2.6.0/third_party/curl/lib/parsedate.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_sec.h
Examining data/tarantool-2.6.0/third_party/curl/lib/hostasyn.c
Examining data/tarantool-2.6.0/third_party/curl/lib/file.h
Examining data/tarantool-2.6.0/third_party/curl/lib/strerror.h
Examining data/tarantool-2.6.0/third_party/curl/lib/warnless.c
Examining data/tarantool-2.6.0/third_party/curl/lib/rtsp.h
Examining data/tarantool-2.6.0/third_party/curl/lib/sha256.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.c
Examining data/tarantool-2.6.0/third_party/curl/lib/x509asn1.h
Examining data/tarantool-2.6.0/third_party/curl/lib/ftp.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_ctype.h
Examining data/tarantool-2.6.0/third_party/curl/lib/config-amigaos.h
Examining data/tarantool-2.6.0/third_party/curl/lib/dict.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_md4.h
Examining data/tarantool-2.6.0/third_party/curl/lib/gopher.h
Examining data/tarantool-2.6.0/third_party/curl/lib/dynbuf.c
Examining data/tarantool-2.6.0/third_party/curl/lib/cookie.h
Examining data/tarantool-2.6.0/third_party/curl/lib/select.c
Examining data/tarantool-2.6.0/third_party/curl/lib/pingpong.c
Examining data/tarantool-2.6.0/third_party/curl/lib/progress.c
Examining data/tarantool-2.6.0/third_party/curl/lib/setopt.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_gssapi.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_threads.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_range.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c
Examining data/tarantool-2.6.0/third_party/curl/lib/dotdot.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_fnmatch.h
Examining data/tarantool-2.6.0/third_party/curl/lib/http_ntlm.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_rtmp.h
Examining data/tarantool-2.6.0/third_party/curl/lib/security.c
Examining data/tarantool-2.6.0/third_party/curl/lib/config-vxworks.h
Examining data/tarantool-2.6.0/third_party/curl/lib/url.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_wb.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_path.h
Examining data/tarantool-2.6.0/third_party/curl/lib/md4.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_printf.h
Examining data/tarantool-2.6.0/third_party/curl/lib/pop3.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curlx.h
Examining data/tarantool-2.6.0/third_party/curl/lib/socketpair.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_ldap.h
Examining data/tarantool-2.6.0/third_party/curl/lib/splay.h
Examining data/tarantool-2.6.0/third_party/curl/lib/doh.h
Examining data/tarantool-2.6.0/third_party/curl/lib/amigaos.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_wb.h
Examining data/tarantool-2.6.0/third_party/curl/lib/parsedate.c
Examining data/tarantool-2.6.0/third_party/curl/lib/wildcard.h
Examining data/tarantool-2.6.0/third_party/curl/lib/wildcard.c
Examining data/tarantool-2.6.0/third_party/curl/lib/asyn-thread.c
Examining data/tarantool-2.6.0/third_party/curl/lib/non-ascii.h
Examining data/tarantool-2.6.0/third_party/curl/lib/config-plan9.h
Examining data/tarantool-2.6.0/third_party/curl/lib/multi.c
Examining data/tarantool-2.6.0/third_party/curl/lib/fileinfo.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_multibyte.c
Examining data/tarantool-2.6.0/third_party/curl/lib/mprintf.c
Examining data/tarantool-2.6.0/third_party/curl/lib/quic.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_fnmatch.c
Examining data/tarantool-2.6.0/third_party/curl/lib/share.c
Examining data/tarantool-2.6.0/third_party/curl/lib/ftplistparser.c
Examining data/tarantool-2.6.0/third_party/curl/lib/memdebug.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_sspi.c
Examining data/tarantool-2.6.0/third_party/curl/lib/hostcheck.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_ctype.c
Examining data/tarantool-2.6.0/third_party/curl/lib/http_ntlm.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_endian.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_setup.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_des.c
Examining data/tarantool-2.6.0/third_party/curl/lib/hostip.c
Examining data/tarantool-2.6.0/third_party/curl/lib/connect.h
Examining data/tarantool-2.6.0/third_party/curl/lib/hash.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_setup_once.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_path.c
Examining data/tarantool-2.6.0/third_party/curl/lib/config-os400.h
Examining data/tarantool-2.6.0/third_party/curl/lib/transfer.c
Examining data/tarantool-2.6.0/third_party/curl/lib/hmac.c
Examining data/tarantool-2.6.0/third_party/curl/lib/smb.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vssh/wolfssh.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vssh/wolfssh.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vssh/ssh.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c
Examining data/tarantool-2.6.0/third_party/curl/lib/system_win32.c
Examining data/tarantool-2.6.0/third_party/curl/lib/telnet.c
Examining data/tarantool-2.6.0/third_party/curl/lib/http_chunks.h
Examining data/tarantool-2.6.0/third_party/curl/lib/idn_win32.c
Examining data/tarantool-2.6.0/third_party/curl/lib/mime.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_get_line.c
Examining data/tarantool-2.6.0/third_party/curl/lib/file.c
Examining data/tarantool-2.6.0/third_party/curl/lib/setup-win32.h
Examining data/tarantool-2.6.0/third_party/curl/lib/ftplistparser.h
Examining data/tarantool-2.6.0/third_party/curl/lib/config-win32.h
Examining data/tarantool-2.6.0/third_party/curl/lib/imap.h
Examining data/tarantool-2.6.0/third_party/curl/lib/content_encoding.c
Examining data/tarantool-2.6.0/third_party/curl/lib/warnless.h
Examining data/tarantool-2.6.0/third_party/curl/lib/select.h
Examining data/tarantool-2.6.0/third_party/curl/lib/memdebug.h
Examining data/tarantool-2.6.0/third_party/curl/lib/http_negotiate.h
Examining data/tarantool-2.6.0/third_party/curl/lib/asyn.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/mesalink.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/gskit.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/gskit.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/bearssl.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/mbedtls.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/mbedtls.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/keylog.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/mbedtls_threadlock.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/bearssl.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/nssg.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/mbedtls_threadlock.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/wolfssl.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/keylog.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/mesalink.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/wolfssl.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/nss.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c
Examining data/tarantool-2.6.0/third_party/curl/lib/urldata.h
Examining data/tarantool-2.6.0/third_party/curl/lib/setup-vms.h
Examining data/tarantool-2.6.0/third_party/curl/lib/inet_ntop.h
Examining data/tarantool-2.6.0/third_party/curl/lib/netrc.c
Examining data/tarantool-2.6.0/third_party/curl/lib/slist.c
Examining data/tarantool-2.6.0/third_party/curl/lib/sendf.c
Examining data/tarantool-2.6.0/third_party/curl/lib/easy.c
Examining data/tarantool-2.6.0/third_party/curl/lib/content_encoding.h
Examining data/tarantool-2.6.0/third_party/curl/lib/hostip4.c
Examining data/tarantool-2.6.0/third_party/curl/lib/strtoofft.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_rtmp.c
Examining data/tarantool-2.6.0/third_party/curl/lib/smb.c
Examining data/tarantool-2.6.0/third_party/curl/lib/share.h
Examining data/tarantool-2.6.0/third_party/curl/lib/multiif.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.h
Examining data/tarantool-2.6.0/third_party/curl/lib/openldap.c
Examining data/tarantool-2.6.0/third_party/curl/lib/nwos.c
Examining data/tarantool-2.6.0/third_party/curl/lib/config-tpf.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_sasl.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_des.h
Examining data/tarantool-2.6.0/third_party/curl/lib/dynbuf.h
Examining data/tarantool-2.6.0/third_party/curl/lib/timeval.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_memory.h
Examining data/tarantool-2.6.0/third_party/curl/lib/tftp.h
Examining data/tarantool-2.6.0/third_party/curl/lib/if2ip.c
Examining data/tarantool-2.6.0/third_party/curl/lib/socketpair.c
Examining data/tarantool-2.6.0/third_party/curl/lib/http_digest.h
Examining data/tarantool-2.6.0/third_party/curl/lib/hostip.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_gethostname.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_sha256.h
Examining data/tarantool-2.6.0/third_party/curl/lib/imap.c
Examining data/tarantool-2.6.0/third_party/curl/lib/arpa_telnet.h
Examining data/tarantool-2.6.0/third_party/curl/lib/rand.h
Examining data/tarantool-2.6.0/third_party/curl/lib/altsvc.h
Examining data/tarantool-2.6.0/third_party/curl/lib/escape.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_multibyte.h
Examining data/tarantool-2.6.0/third_party/curl/lib/altsvc.c
Examining data/tarantool-2.6.0/third_party/curl/lib/inet_pton.c
Examining data/tarantool-2.6.0/third_party/curl/lib/config-riscos.h
Examining data/tarantool-2.6.0/third_party/curl/lib/strtoofft.h
Examining data/tarantool-2.6.0/third_party/curl/lib/doh.c
Examining data/tarantool-2.6.0/third_party/curl/lib/mime.h
Examining data/tarantool-2.6.0/third_party/curl/lib/llist.h
Examining data/tarantool-2.6.0/third_party/curl/lib/getinfo.c
Examining data/tarantool-2.6.0/third_party/curl/lib/dict.h
Examining data/tarantool-2.6.0/third_party/curl/lib/rename.h
Examining data/tarantool-2.6.0/third_party/curl/lib/getinfo.h
Examining data/tarantool-2.6.0/third_party/curl/lib/http_proxy.c
Examining data/tarantool-2.6.0/third_party/curl/lib/config-win32ce.h
Examining data/tarantool-2.6.0/third_party/curl/lib/mqtt.h
Examining data/tarantool-2.6.0/third_party/curl/lib/nwlib.c
Examining data/tarantool-2.6.0/third_party/curl/lib/hostsyn.c
Examining data/tarantool-2.6.0/third_party/curl/lib/formdata.c
Examining data/tarantool-2.6.0/third_party/curl/lib/smtp.c
Examining data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c
Examining data/tarantool-2.6.0/third_party/curl/lib/urlapi-int.h
Examining data/tarantool-2.6.0/third_party/curl/lib/strcase.h
Examining data/tarantool-2.6.0/third_party/curl/lib/gopher.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_endian.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_sspi.h
Examining data/tarantool-2.6.0/third_party/curl/lib/sigpipe.h
Examining data/tarantool-2.6.0/third_party/curl/lib/config-symbian.h
Examining data/tarantool-2.6.0/third_party/curl/lib/strtok.h
Examining data/tarantool-2.6.0/third_party/curl/lib/setopt.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.h
Examining data/tarantool-2.6.0/third_party/curl/lib/netrc.h
Examining data/tarantool-2.6.0/third_party/curl/lib/llist.c
Examining data/tarantool-2.6.0/third_party/curl/lib/rand.c
Examining data/tarantool-2.6.0/third_party/curl/lib/setup-os400.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_get_line.h
Examining data/tarantool-2.6.0/third_party/curl/lib/conncache.h
Examining data/tarantool-2.6.0/third_party/curl/lib/amigaos.c
Examining data/tarantool-2.6.0/third_party/curl/lib/dotdot.c
Examining data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c
Examining data/tarantool-2.6.0/third_party/curl/lib/asyn-ares.c
Examining data/tarantool-2.6.0/third_party/curl/lib/strdup.h
Examining data/tarantool-2.6.0/third_party/curl/lib/non-ascii.c
Examining data/tarantool-2.6.0/third_party/curl/lib/hostcheck.c
Examining data/tarantool-2.6.0/third_party/curl/lib/url.h
Examining data/tarantool-2.6.0/third_party/curl/lib/cookie.c
Examining data/tarantool-2.6.0/third_party/curl/lib/system_win32.h
Examining data/tarantool-2.6.0/third_party/curl/lib/base64.c
Examining data/tarantool-2.6.0/third_party/curl/lib/getenv.c
Examining data/tarantool-2.6.0/third_party/curl/lib/sockaddr.h
Examining data/tarantool-2.6.0/third_party/curl/lib/connect.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_gssapi.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/cram.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/vauth.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/digest_sspi.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/cleartext.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/spnego_sspi.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm_sspi.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_sspi.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/vauth.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/oauth2.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/spnego_gssapi.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c
Examining data/tarantool-2.6.0/third_party/curl/lib/multihandle.h
Examining data/tarantool-2.6.0/third_party/curl/lib/formdata.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_memrchr.h
Examining data/tarantool-2.6.0/third_party/curl/lib/ldap.c
Examining data/tarantool-2.6.0/third_party/curl/lib/http_proxy.h
Examining data/tarantool-2.6.0/third_party/curl/lib/fileinfo.h
Examining data/tarantool-2.6.0/third_party/curl/lib/http_negotiate.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_gethostname.c
Examining data/tarantool-2.6.0/third_party/curl/lib/krb5.c
Examining data/tarantool-2.6.0/third_party/curl/lib/socks.c
Examining data/tarantool-2.6.0/third_party/curl/lib/config-dos.h
Examining data/tarantool-2.6.0/third_party/curl/lib/strerror.c
Examining data/tarantool-2.6.0/third_party/curl/lib/psl.c
Examining data/tarantool-2.6.0/third_party/curl/lib/if2ip.h
Examining data/tarantool-2.6.0/third_party/curl/lib/progress.h
Examining data/tarantool-2.6.0/third_party/curl/lib/ftp.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_memrchr.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_sasl.c
Examining data/tarantool-2.6.0/third_party/curl/lib/timeval.c
Examining data/tarantool-2.6.0/third_party/curl/lib/escape.h
Examining data/tarantool-2.6.0/third_party/curl/lib/transfer.h
Examining data/tarantool-2.6.0/third_party/curl/lib/pingpong.h
Examining data/tarantool-2.6.0/third_party/curl/lib/http.c
Examining data/tarantool-2.6.0/third_party/curl/lib/speedcheck.h
Examining data/tarantool-2.6.0/third_party/curl/lib/hostip6.c
Examining data/tarantool-2.6.0/third_party/curl/lib/strdup.c
Examining data/tarantool-2.6.0/third_party/curl/lib/splay.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_range.c
Examining data/tarantool-2.6.0/third_party/curl/lib/easyif.h
Examining data/tarantool-2.6.0/third_party/curl/lib/strcase.c
Examining data/tarantool-2.6.0/third_party/curl/lib/hash.c
Examining data/tarantool-2.6.0/third_party/curl/lib/nonblock.c
Examining data/tarantool-2.6.0/third_party/curl/lib/config-mac.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_hmac.h
Examining data/tarantool-2.6.0/third_party/curl/lib/strtok.c
Examining data/tarantool-2.6.0/third_party/curl/lib/speedcheck.c
Examining data/tarantool-2.6.0/third_party/curl/lib/md5.c
Examining data/tarantool-2.6.0/third_party/curl/lib/conncache.c
Examining data/tarantool-2.6.0/third_party/curl/lib/tftp.c
Examining data/tarantool-2.6.0/third_party/curl/lib/rtsp.c
Examining data/tarantool-2.6.0/third_party/curl/lib/nonblock.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_md5.h
Examining data/tarantool-2.6.0/third_party/curl/lib/slist.h
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_gssapi.c
Examining data/tarantool-2.6.0/third_party/curl/lib/psl.h
Examining data/tarantool-2.6.0/third_party/curl/lib/version.c
Examining data/tarantool-2.6.0/third_party/curl/lib/sendf.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vquic/vquic.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vquic/vquic.h
Examining data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c
Examining data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.h
Examining data/tarantool-2.6.0/third_party/curl/lib/http_chunks.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_base64.h
Examining data/tarantool-2.6.0/third_party/curl/lib/socks.h
Examining data/tarantool-2.6.0/third_party/curl/lib/inet_pton.h
Examining data/tarantool-2.6.0/third_party/curl/lib/rename.c
Examining data/tarantool-2.6.0/third_party/curl/lib/telnet.h
Examining data/tarantool-2.6.0/third_party/curl/lib/http2.h
Examining data/tarantool-2.6.0/third_party/curl/lib/mqtt.c
Examining data/tarantool-2.6.0/third_party/curl/lib/inet_ntop.c
Examining data/tarantool-2.6.0/third_party/curl/lib/pop3.h
Examining data/tarantool-2.6.0/third_party/curl/lib/http_digest.c
Examining data/tarantool-2.6.0/third_party/curl/lib/http.h
Examining data/tarantool-2.6.0/third_party/curl/lib/http2.c
Examining data/tarantool-2.6.0/third_party/curl/lib/curl_threads.c
Examining data/tarantool-2.6.0/third_party/curl/lib/x509asn1.c
Examining data/tarantool-2.6.0/third_party/curl/lib/urlapi.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/multi-event.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/pop3-top.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/multi-double.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/simplepost.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/xmlstream.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-append.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/ftpsget.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/pop3-multi.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/multi-poll.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-authzid.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/multi-uv.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/certinfo.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/ftpget.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-copy.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/httpput.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/progressfunc.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/multi-single.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/href_extractor.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/https.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/pop3-list.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/cookie_interface.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/threaded-shared-conn.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/ephiperfifo.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-ssl.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/pop3-noop.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/externalsocket.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/pop3-retr.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-list.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-multi.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/sslbackend.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/pop3-uidl.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/sampleconv.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/postinmemory.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/simplessl.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/ftpuploadresume.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-mime.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/parseurl.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/multi-app.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-lsub.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/sftpuploadresume.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/postit2.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/http2-download.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-examine.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/getredirect.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/url2file.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/ghiper.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/sendrecv.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/threaded-ssl.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/persistent.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-multi.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/multithread.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/cacertinmem.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/usercertinmem.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/opensslthreadlock.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/sepheaders.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/postit2-formadd.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-fetch.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-noop.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/http2-pushinmemory.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/http3.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/altsvc.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/getinfo.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/pop3-tls.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-tls.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/crawler.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/ftpgetinfo.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-authzid.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/multi-post.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/getinmemory.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/debug.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/evhiperfifo.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/ftp-wildcard.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/fileupload.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/http-post.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/pop3-ssl.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-mail.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/htmltitle.cpp
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/10-at-a-time.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/simple.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/multi-formadd.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/http3-present.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-delete.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-ssl.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/pop3-stat.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-vrfy.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/sftpget.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/fopen.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/http2-upload.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/ftpupload.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/http2-serverpush.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-create.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/anyauthput.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/htmltidy.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/pop3-dele.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/hiperfifo.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/multi-debugcallback.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/shared-connection-cache.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/resolve.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/rtsp.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/post-callback.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/ftpgetresp.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-expn.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-tls.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/httpcustomheader.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/ftpuploadfrommem.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/smooth-gtk-thread.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/curlx.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/synctime.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-search.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/chkspeed.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/curlgtk.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/pop3-authzid.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/imap-store.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/urlapi.c
Examining data/tarantool-2.6.0/third_party/curl/docs/examples/sessioninfo.c
Examining data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/sysdep.h
Examining data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack.h
Examining data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/unpack_template.h
Examining data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/unpack.h
Examining data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/unpack_define.h
Examining data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h
Examining data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/sysdep.h
Examining data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack.h
Examining data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/unpack_template.h
Examining data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/unpack.h
Examining data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/unpack_define.h
Examining data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h
Examining data/tarantool-2.6.0/src/exports.c
Examining data/tarantool-2.6.0/src/curl.c
Examining data/tarantool-2.6.0/src/scoped_guard.h
Examining data/tarantool-2.6.0/src/pickle.c
Examining data/tarantool-2.6.0/src/lua/errno.h
Examining data/tarantool-2.6.0/src/lua/swim.h
Examining data/tarantool-2.6.0/src/lua/pickle.c
Examining data/tarantool-2.6.0/src/lua/tnt_iconv.c
Examining data/tarantool-2.6.0/src/lua/fiber_cond.h
Examining data/tarantool-2.6.0/src/lua/utils.h
Examining data/tarantool-2.6.0/src/lua/msgpack.h
Examining data/tarantool-2.6.0/src/lua/socket.c
Examining data/tarantool-2.6.0/src/lua/digest.c
Examining data/tarantool-2.6.0/src/lua/info.c
Examining data/tarantool-2.6.0/src/lua/fiber_channel.h
Examining data/tarantool-2.6.0/src/lua/init.c
Examining data/tarantool-2.6.0/src/lua/fiber_cond.c
Examining data/tarantool-2.6.0/src/lua/info.h
Examining data/tarantool-2.6.0/src/lua/decimal.c
Examining data/tarantool-2.6.0/src/lua/errno.c
Examining data/tarantool-2.6.0/src/lua/string.h
Examining data/tarantool-2.6.0/src/lua/trigger.h
Examining data/tarantool-2.6.0/src/lua/swim.c
Examining data/tarantool-2.6.0/src/lua/pickle.h
Examining data/tarantool-2.6.0/src/lua/fio.c
Examining data/tarantool-2.6.0/src/lua/httpc.c
Examining data/tarantool-2.6.0/src/lua/buffer.c
Examining data/tarantool-2.6.0/src/lua/popen.h
Examining data/tarantool-2.6.0/src/lua/httpc.h
Examining data/tarantool-2.6.0/src/lua/digest.h
Examining data/tarantool-2.6.0/src/lua/error.c
Examining data/tarantool-2.6.0/src/lua/popen.c
Examining data/tarantool-2.6.0/src/lua/fiber.c
Examining data/tarantool-2.6.0/src/lua/init.h
Examining data/tarantool-2.6.0/src/lua/fiber.h
Examining data/tarantool-2.6.0/src/lua/fiber_channel.c
Examining data/tarantool-2.6.0/src/lua/error.h
Examining data/tarantool-2.6.0/src/lua/msgpack.c
Examining data/tarantool-2.6.0/src/lua/utf8.c
Examining data/tarantool-2.6.0/src/lua/trigger.c
Examining data/tarantool-2.6.0/src/lua/decimal.h
Examining data/tarantool-2.6.0/src/lua/utf8.h
Examining data/tarantool-2.6.0/src/lua/socket.h
Examining data/tarantool-2.6.0/src/lua/string.c
Examining data/tarantool-2.6.0/src/lua/fio.h
Examining data/tarantool-2.6.0/src/lua/utils.c
Examining data/tarantool-2.6.0/src/path_lock.c
Examining data/tarantool-2.6.0/src/histogram.c
Examining data/tarantool-2.6.0/src/main.cc
Examining data/tarantool-2.6.0/src/path_lock.h
Examining data/tarantool-2.6.0/src/latency.h
Examining data/tarantool-2.6.0/src/tt_pthread.h
Examining data/tarantool-2.6.0/src/module_footer.h
Examining data/tarantool-2.6.0/src/title.c
Examining data/tarantool-2.6.0/src/find_path.c
Examining data/tarantool-2.6.0/src/exports.h
Examining data/tarantool-2.6.0/src/systemd.c
Examining data/tarantool-2.6.0/src/latency.c
Examining data/tarantool-2.6.0/src/scramble.c
Examining data/tarantool-2.6.0/src/box/iproto_constants.c
Examining data/tarantool-2.6.0/src/box/tuple_dictionary.c
Examining data/tarantool-2.6.0/src/box/user.cc
Examining data/tarantool-2.6.0/src/box/txn_limbo.h
Examining data/tarantool-2.6.0/src/box/xrow_update_array.c
Examining data/tarantool-2.6.0/src/box/vy_read_iterator.c
Examining data/tarantool-2.6.0/src/box/vy_tx.c
Examining data/tarantool-2.6.0/src/box/vy_scheduler.h
Examining data/tarantool-2.6.0/src/box/checkpoint_schedule.h
Examining data/tarantool-2.6.0/src/box/relay.cc
Examining data/tarantool-2.6.0/src/box/lua/merger.c
Examining data/tarantool-2.6.0/src/box/lua/sequence.h
Examining data/tarantool-2.6.0/src/box/lua/session.h
Examining data/tarantool-2.6.0/src/box/lua/key_def.h
Examining data/tarantool-2.6.0/src/box/lua/merger.h
Examining data/tarantool-2.6.0/src/box/lua/index.h
Examining data/tarantool-2.6.0/src/box/lua/xlog.c
Examining data/tarantool-2.6.0/src/box/lua/sequence.c
Examining data/tarantool-2.6.0/src/box/lua/console.h
Examining data/tarantool-2.6.0/src/box/lua/info.c
Examining data/tarantool-2.6.0/src/box/lua/init.c
Examining data/tarantool-2.6.0/src/box/lua/space.cc
Examining data/tarantool-2.6.0/src/box/lua/console.c
Examining data/tarantool-2.6.0/src/box/lua/tuple.h
Examining data/tarantool-2.6.0/src/box/lua/call.c
Examining data/tarantool-2.6.0/src/box/lua/info.h
Examining data/tarantool-2.6.0/src/box/lua/ctl.h
Examining data/tarantool-2.6.0/src/box/lua/serialize_lua.c
Examining data/tarantool-2.6.0/src/box/lua/call.h
Examining data/tarantool-2.6.0/src/box/lua/slab.c
Examining data/tarantool-2.6.0/src/box/lua/net_box.c
Examining data/tarantool-2.6.0/src/box/lua/ctl.c
Examining data/tarantool-2.6.0/src/box/lua/error.cc
Examining data/tarantool-2.6.0/src/box/lua/key_def.c
Examining data/tarantool-2.6.0/src/box/lua/execute.c
Examining data/tarantool-2.6.0/src/box/lua/index.c
Examining data/tarantool-2.6.0/src/box/lua/misc.cc
Examining data/tarantool-2.6.0/src/box/lua/serialize_lua.h
Examining data/tarantool-2.6.0/src/box/lua/space.h
Examining data/tarantool-2.6.0/src/box/lua/execute.h
Examining data/tarantool-2.6.0/src/box/lua/stat.c
Examining data/tarantool-2.6.0/src/box/lua/init.h
Examining data/tarantool-2.6.0/src/box/lua/error.h
Examining data/tarantool-2.6.0/src/box/lua/cfg.h
Examining data/tarantool-2.6.0/src/box/lua/slab.h
Examining data/tarantool-2.6.0/src/box/lua/stat.h
Examining data/tarantool-2.6.0/src/box/lua/misc.h
Examining data/tarantool-2.6.0/src/box/lua/session.c
Examining data/tarantool-2.6.0/src/box/lua/xlog.h
Examining data/tarantool-2.6.0/src/box/lua/cfg.cc
Examining data/tarantool-2.6.0/src/box/lua/tuple.c
Examining data/tarantool-2.6.0/src/box/lua/net_box.h
Examining data/tarantool-2.6.0/src/box/xstream.cc
Examining data/tarantool-2.6.0/src/box/merger.c
Examining data/tarantool-2.6.0/src/box/identifier.c
Examining data/tarantool-2.6.0/src/box/coll_id_cache.c
Examining data/tarantool-2.6.0/src/box/vy_quota.c
Examining data/tarantool-2.6.0/src/box/user.h
Examining data/tarantool-2.6.0/src/box/memtx_engine.c
Examining data/tarantool-2.6.0/src/box/sequence.h
Examining data/tarantool-2.6.0/src/box/checkpoint_schedule.c
Examining data/tarantool-2.6.0/src/box/session.h
Examining data/tarantool-2.6.0/src/box/errcode.h
Examining data/tarantool-2.6.0/src/box/engine.c
Examining data/tarantool-2.6.0/src/box/vy_log.h
Examining data/tarantool-2.6.0/src/box/vy_stmt.c
Examining data/tarantool-2.6.0/src/box/coll_id_def.c
Examining data/tarantool-2.6.0/src/box/msgpack.h
Examining data/tarantool-2.6.0/src/box/vy_upsert.c
Examining data/tarantool-2.6.0/src/box/vy_read_set.h
Examining data/tarantool-2.6.0/src/box/field_map.h
Examining data/tarantool-2.6.0/src/box/key_def.h
Examining data/tarantool-2.6.0/src/box/txn.h
Examining data/tarantool-2.6.0/src/box/merger.h
Examining data/tarantool-2.6.0/src/box/vy_write_iterator.h
Examining data/tarantool-2.6.0/src/box/index.h
Examining data/tarantool-2.6.0/src/box/errcode.c
Examining data/tarantool-2.6.0/src/box/txn_limbo.c
Examining data/tarantool-2.6.0/src/box/xrow_update.h
Examining data/tarantool-2.6.0/src/box/txn.c
Examining data/tarantool-2.6.0/src/box/vy_regulator.h
Examining data/tarantool-2.6.0/src/box/xlog.c
Examining data/tarantool-2.6.0/src/box/vy_history.h
Examining data/tarantool-2.6.0/src/box/service_engine.c
Examining data/tarantool-2.6.0/src/box/vy_quota.h
Examining data/tarantool-2.6.0/src/box/xrow_update_bar.c
Examining data/tarantool-2.6.0/src/box/sequence.c
Examining data/tarantool-2.6.0/src/box/opt_def.c
Examining data/tarantool-2.6.0/src/box/memtx_rtree.c
Examining data/tarantool-2.6.0/src/box/bind.c
Examining data/tarantool-2.6.0/src/box/vy_point_lookup.h
Examining data/tarantool-2.6.0/src/box/identifier.h
Examining data/tarantool-2.6.0/src/box/vy_regulator.c
Examining data/tarantool-2.6.0/src/box/user_def.c
Examining data/tarantool-2.6.0/src/box/bind.h
Examining data/tarantool-2.6.0/src/box/vy_stmt_stream.h
Examining data/tarantool-2.6.0/src/box/vy_tx.h
Examining data/tarantool-2.6.0/src/box/memtx_rtree.h
Examining data/tarantool-2.6.0/src/box/ck_constraint.h
Examining data/tarantool-2.6.0/src/box/key_list.h
Examining data/tarantool-2.6.0/src/box/func_def.c
Examining data/tarantool-2.6.0/src/box/space_def.c
Examining data/tarantool-2.6.0/src/box/request.h
Examining data/tarantool-2.6.0/src/box/tuple.h
Examining data/tarantool-2.6.0/src/box/call.c
Examining data/tarantool-2.6.0/src/box/space.c
Examining data/tarantool-2.6.0/src/box/box.cc
Examining data/tarantool-2.6.0/src/box/vy_stmt.h
Examining data/tarantool-2.6.0/src/box/iproto.h
Examining data/tarantool-2.6.0/src/box/sql/sqlLimit.h
Examining data/tarantool-2.6.0/src/box/sql/whereInt.h
Examining data/tarantool-2.6.0/src/box/sql/os.c
Examining data/tarantool-2.6.0/src/box/sql/vdbe.h
Examining data/tarantool-2.6.0/src/box/sql/tarantoolInt.h
Examining data/tarantool-2.6.0/src/box/sql/select.c
Examining data/tarantool-2.6.0/src/box/sql/build.c
Examining data/tarantool-2.6.0/src/box/sql/date.c
Examining data/tarantool-2.6.0/src/box/sql/whereexpr.c
Examining data/tarantool-2.6.0/src/box/sql/legacy.c
Examining data/tarantool-2.6.0/src/box/sql/utf.c
Examining data/tarantool-2.6.0/src/box/sql/insert.c
Examining data/tarantool-2.6.0/src/box/sql/callback.c
Examining data/tarantool-2.6.0/src/box/sql/hash.h
Examining data/tarantool-2.6.0/src/box/sql/vdbe.c
Examining data/tarantool-2.6.0/src/box/sql/malloc.c
Examining data/tarantool-2.6.0/src/box/sql/random.c
Examining data/tarantool-2.6.0/src/box/sql/prepare.c
Examining data/tarantool-2.6.0/src/box/sql/parse_def.c
Examining data/tarantool-2.6.0/src/box/sql/vdbeaux.c
Examining data/tarantool-2.6.0/src/box/sql/main.c
Examining data/tarantool-2.6.0/src/box/sql/os_unix.c
Examining data/tarantool-2.6.0/src/box/sql/vdbeInt.h
Examining data/tarantool-2.6.0/src/box/sql/vdbeapi.c
Examining data/tarantool-2.6.0/src/box/sql/vdbetrace.c
Examining data/tarantool-2.6.0/src/box/sql/analyze.c
Examining data/tarantool-2.6.0/src/box/sql/cursor.h
Examining data/tarantool-2.6.0/src/box/sql/os.h
Examining data/tarantool-2.6.0/src/box/sql/fk_constraint.c
Examining data/tarantool-2.6.0/src/box/sql/printf.c
Examining data/tarantool-2.6.0/src/box/sql/vdbesort.c
Examining data/tarantool-2.6.0/src/box/sql/func.c
Examining data/tarantool-2.6.0/src/box/sql/hwtime.h
Examining data/tarantool-2.6.0/src/box/sql/alter.c
Examining data/tarantool-2.6.0/src/box/sql/wherecode.c
Examining data/tarantool-2.6.0/src/box/sql/pragma.c
Examining data/tarantool-2.6.0/src/box/sql/vdbemem.c
Examining data/tarantool-2.6.0/src/box/sql/cursor.c
Examining data/tarantool-2.6.0/src/box/sql/tokenize.c
Examining data/tarantool-2.6.0/src/box/sql/util.c
Examining data/tarantool-2.6.0/src/box/sql/trigger.c
Examining data/tarantool-2.6.0/src/box/sql/global.c
Examining data/tarantool-2.6.0/src/box/sql/update.c
Examining data/tarantool-2.6.0/src/box/sql/treeview.c
Examining data/tarantool-2.6.0/src/box/sql/parse_def.h
Examining data/tarantool-2.6.0/src/box/sql/sqlInt.h
Examining data/tarantool-2.6.0/src/box/sql/hash.c
Examining data/tarantool-2.6.0/src/box/sql/walker.c
Examining data/tarantool-2.6.0/src/box/sql/delete.c
Examining data/tarantool-2.6.0/src/box/sql/pragma.h
Examining data/tarantool-2.6.0/src/box/sql/resolve.c
Examining data/tarantool-2.6.0/src/box/sql/where.c
Examining data/tarantool-2.6.0/src/box/sql/expr.c
Examining data/tarantool-2.6.0/src/box/vy_run.h
Examining data/tarantool-2.6.0/src/box/index_def.h
Examining data/tarantool-2.6.0/src/box/request.c
Examining data/tarantool-2.6.0/src/box/memtx_space.h
Examining data/tarantool-2.6.0/src/box/xrow_update_route.c
Examining data/tarantool-2.6.0/src/box/call.h
Examining data/tarantool-2.6.0/src/box/user_def.h
Examining data/tarantool-2.6.0/src/box/iproto_constants.h
Examining data/tarantool-2.6.0/src/box/vinyl.c
Examining data/tarantool-2.6.0/src/box/tuple_dictionary.h
Examining data/tarantool-2.6.0/src/box/sql.c
Examining data/tarantool-2.6.0/src/box/session_settings.h
Examining data/tarantool-2.6.0/src/box/memtx_tree.c
Examining data/tarantool-2.6.0/src/box/schema_def.c
Examining data/tarantool-2.6.0/src/box/tuple_bloom.h
Examining data/tarantool-2.6.0/src/box/coll_id_def.h
Examining data/tarantool-2.6.0/src/box/coll_id.c
Examining data/tarantool-2.6.0/src/box/tuple_format.h
Examining data/tarantool-2.6.0/src/box/xstream.h
Examining data/tarantool-2.6.0/src/box/vinyl.h
Examining data/tarantool-2.6.0/src/box/index.cc
Examining data/tarantool-2.6.0/src/box/vy_entry.h
Examining data/tarantool-2.6.0/src/box/gc.c
Examining data/tarantool-2.6.0/src/box/vy_write_iterator.c
Examining data/tarantool-2.6.0/src/box/memtx_hash.c
Examining data/tarantool-2.6.0/src/box/error.cc
Examining data/tarantool-2.6.0/src/box/xrow_update_map.c
Examining data/tarantool-2.6.0/src/box/key_def.c
Examining data/tarantool-2.6.0/src/box/execute.c
Examining data/tarantool-2.6.0/src/box/ck_constraint.c
Examining data/tarantool-2.6.0/src/box/schema_def.h
Examining data/tarantool-2.6.0/src/box/sql_stmt_cache.h
Examining data/tarantool-2.6.0/src/box/schema.cc
Examining data/tarantool-2.6.0/src/box/coll_id_cache.h
Examining data/tarantool-2.6.0/src/box/memtx_hash.h
Examining data/tarantool-2.6.0/src/box/memtx_engine.h
Examining data/tarantool-2.6.0/src/box/mp_error.h
Examining data/tarantool-2.6.0/src/box/fk_constraint.h
Examining data/tarantool-2.6.0/src/box/blackhole.h
Examining data/tarantool-2.6.0/src/box/func.h
Examining data/tarantool-2.6.0/src/box/vy_mem.c
Examining data/tarantool-2.6.0/src/box/vy_history.c
Examining data/tarantool-2.6.0/src/box/memtx_bitset.c
Examining data/tarantool-2.6.0/src/box/opt_def.h
Examining data/tarantool-2.6.0/src/box/index_def.c
Examining data/tarantool-2.6.0/src/box/replication.h
Examining data/tarantool-2.6.0/src/box/field_map.c
Examining data/tarantool-2.6.0/src/box/fk_constraint.c
Examining data/tarantool-2.6.0/src/box/vy_range.h
Examining data/tarantool-2.6.0/src/box/journal.c
Examining data/tarantool-2.6.0/src/box/tuple_compare.h
Examining data/tarantool-2.6.0/src/box/vy_cache.c
Examining data/tarantool-2.6.0/src/box/vy_mem.h
Examining data/tarantool-2.6.0/src/box/box.h
Examining data/tarantool-2.6.0/src/box/vy_point_lookup.c
Examining data/tarantool-2.6.0/src/box/alter.h
Examining data/tarantool-2.6.0/src/box/func.c
Examining data/tarantool-2.6.0/src/box/constraint_id.h
Examining data/tarantool-2.6.0/src/box/sql.h
Examining data/tarantool-2.6.0/src/box/tuple_extract_key.h
Examining data/tarantool-2.6.0/src/box/vy_upsert.h
Examining data/tarantool-2.6.0/src/box/vy_lsm.c
Examining data/tarantool-2.6.0/src/box/recovery.cc
Examining data/tarantool-2.6.0/src/box/wal.c
Examining data/tarantool-2.6.0/src/box/tuple_compare.cc
Examining data/tarantool-2.6.0/src/box/sysview.h
Examining data/tarantool-2.6.0/src/box/tuple_convert.c
Examining data/tarantool-2.6.0/src/box/space.h
Examining data/tarantool-2.6.0/src/box/sql_stmt_cache.c
Examining data/tarantool-2.6.0/src/box/journal.h
Examining data/tarantool-2.6.0/src/box/xrow_update_field.h
Examining data/tarantool-2.6.0/src/box/execute.h
Examining data/tarantool-2.6.0/src/box/service_engine.h
Examining data/tarantool-2.6.0/src/box/schema.h
Examining data/tarantool-2.6.0/src/box/memtx_tree.h
Examining data/tarantool-2.6.0/src/box/recovery.h
Examining data/tarantool-2.6.0/src/box/authentication.cc
Examining data/tarantool-2.6.0/src/box/vy_read_view.h
Examining data/tarantool-2.6.0/src/box/xrow_update_field.c
Examining data/tarantool-2.6.0/src/box/tuple_convert.h
Examining data/tarantool-2.6.0/src/box/vy_read_iterator.h
Examining data/tarantool-2.6.0/src/box/error.h
Examining data/tarantool-2.6.0/src/box/column_mask.h
Examining data/tarantool-2.6.0/src/box/port.h
Examining data/tarantool-2.6.0/src/box/xrow_io.cc
Examining data/tarantool-2.6.0/src/box/field_def.c
Examining data/tarantool-2.6.0/src/box/msgpack.c
Examining data/tarantool-2.6.0/src/box/vy_lsm.h
Examining data/tarantool-2.6.0/src/box/tuple_extract_key.cc
Examining data/tarantool-2.6.0/src/box/xrow.c
Examining data/tarantool-2.6.0/src/box/vy_stat.h
Examining data/tarantool-2.6.0/src/box/replication.cc
Examining data/tarantool-2.6.0/src/box/applier.cc
Examining data/tarantool-2.6.0/src/box/vclock.c
Examining data/tarantool-2.6.0/src/box/tuple_format.c
Examining data/tarantool-2.6.0/src/box/vy_read_set.c
Examining data/tarantool-2.6.0/src/box/vclock.h
Examining data/tarantool-2.6.0/src/box/engine.h
Examining data/tarantool-2.6.0/src/box/xrow_io.h
Examining data/tarantool-2.6.0/src/box/tuple_bloom.c
Examining data/tarantool-2.6.0/src/box/tuple_hash.h
Examining data/tarantool-2.6.0/src/box/coll_id.h
Examining data/tarantool-2.6.0/src/box/vy_run.c
Examining data/tarantool-2.6.0/src/box/xlog.h
Examining data/tarantool-2.6.0/src/box/gc.h
Examining data/tarantool-2.6.0/src/box/alter.cc
Examining data/tarantool-2.6.0/src/box/space_def.h
Examining data/tarantool-2.6.0/src/box/iterator_type.c
Examining data/tarantool-2.6.0/src/box/applier.h
Examining data/tarantool-2.6.0/src/box/port.c
Examining data/tarantool-2.6.0/src/box/sysview.c
Examining data/tarantool-2.6.0/src/box/xrow_update.c
Examining data/tarantool-2.6.0/src/box/authentication.h
Examining data/tarantool-2.6.0/src/box/vy_range.c
Examining data/tarantool-2.6.0/src/box/vy_cache.h
Examining data/tarantool-2.6.0/src/box/iproto.cc
Examining data/tarantool-2.6.0/src/box/tuple_hash.cc
Examining data/tarantool-2.6.0/src/box/tuple.c
Examining data/tarantool-2.6.0/src/box/blackhole.c
Examining data/tarantool-2.6.0/src/box/iterator_type.h
Examining data/tarantool-2.6.0/src/box/func_def.h
Examining data/tarantool-2.6.0/src/box/vy_scheduler.c
Examining data/tarantool-2.6.0/src/box/mp_error.cc
Examining data/tarantool-2.6.0/src/box/wal.h
Examining data/tarantool-2.6.0/src/box/relay.h
Examining data/tarantool-2.6.0/src/box/key_list.c
Examining data/tarantool-2.6.0/src/box/field_def.h
Examining data/tarantool-2.6.0/src/box/xrow.h
Examining data/tarantool-2.6.0/src/box/memtx_space.c
Examining data/tarantool-2.6.0/src/box/session.cc
Examining data/tarantool-2.6.0/src/box/memtx_bitset.h
Examining data/tarantool-2.6.0/src/box/session_settings.c
Examining data/tarantool-2.6.0/src/box/vy_log.c
Examining data/tarantool-2.6.0/src/box/constraint_id.c
Examining data/tarantool-2.6.0/src/proc_title.h
Examining data/tarantool-2.6.0/src/pickle.h
Examining data/tarantool-2.6.0/src/crc32.h
Examining data/tarantool-2.6.0/src/cfg.c
Examining data/tarantool-2.6.0/src/httpc.c
Examining data/tarantool-2.6.0/src/histogram.h
Examining data/tarantool-2.6.0/src/title.h
Examining data/tarantool-2.6.0/src/proc_title.c
Examining data/tarantool-2.6.0/src/httpc.h
Examining data/tarantool-2.6.0/src/main.h
Examining data/tarantool-2.6.0/src/crc32.c
Examining data/tarantool-2.6.0/src/module_header.h
Examining data/tarantool-2.6.0/src/cfg.h
Examining data/tarantool-2.6.0/src/scramble.h
Examining data/tarantool-2.6.0/src/lib/uuid/mp_uuid.h
Examining data/tarantool-2.6.0/src/lib/uuid/tt_uuid.c
Examining data/tarantool-2.6.0/src/lib/uuid/mp_uuid.c
Examining data/tarantool-2.6.0/src/lib/uuid/tt_uuid.h
Examining data/tarantool-2.6.0/src/lib/http_parser/http_parser.h
Examining data/tarantool-2.6.0/src/lib/http_parser/http_parser.c
Examining data/tarantool-2.6.0/src/lib/small/pmatomic/stdatomic.h
Examining data/tarantool-2.6.0/src/lib/small/third_party/pmatomic.h
Examining data/tarantool-2.6.0/src/lib/small/third_party/valgrind/valgrind.h
Examining data/tarantool-2.6.0/src/lib/small/third_party/valgrind/memcheck.h
Examining data/tarantool-2.6.0/src/lib/small/small/region.c
Examining data/tarantool-2.6.0/src/lib/small/small/mempool.h
Examining data/tarantool-2.6.0/src/lib/small/small/lsregion.h
Examining data/tarantool-2.6.0/src/lib/small/small/lifo.h
Examining data/tarantool-2.6.0/src/lib/small/small/slab_arena.h
Examining data/tarantool-2.6.0/src/lib/small/small/rb.h
Examining data/tarantool-2.6.0/src/lib/small/small/features.c
Examining data/tarantool-2.6.0/src/lib/small/small/matras.c
Examining data/tarantool-2.6.0/src/lib/small/small/obuf.c
Examining data/tarantool-2.6.0/src/lib/small/small/static.h
Examining data/tarantool-2.6.0/src/lib/small/small/features.h
Examining data/tarantool-2.6.0/src/lib/small/small/rlist.h
Examining data/tarantool-2.6.0/src/lib/small/small/slab_arena.c
Examining data/tarantool-2.6.0/src/lib/small/small/ibuf.h
Examining data/tarantool-2.6.0/src/lib/small/small/ibuf.c
Examining data/tarantool-2.6.0/src/lib/small/small/region.h
Examining data/tarantool-2.6.0/src/lib/small/small/quota_lessor.h
Examining data/tarantool-2.6.0/src/lib/small/small/slab_cache.c
Examining data/tarantool-2.6.0/src/lib/small/small/mempool.c
Examining data/tarantool-2.6.0/src/lib/small/small/small.c
Examining data/tarantool-2.6.0/src/lib/small/small/lsregion.c
Examining data/tarantool-2.6.0/src/lib/small/small/lf_lifo.h
Examining data/tarantool-2.6.0/src/lib/small/small/slab_cache.h
Examining data/tarantool-2.6.0/src/lib/small/small/obuf.h
Examining data/tarantool-2.6.0/src/lib/small/small/small.h
Examining data/tarantool-2.6.0/src/lib/small/small/quota.h
Examining data/tarantool-2.6.0/src/lib/small/small/matras.h
Examining data/tarantool-2.6.0/src/lib/small/small/static.c
Examining data/tarantool-2.6.0/src/lib/small/test/region.c
Examining data/tarantool-2.6.0/src/lib/small/test/small_alloc.c
Examining data/tarantool-2.6.0/src/lib/small/test/lf_lifo.c
Examining data/tarantool-2.6.0/src/lib/small/test/quota.cc
Examining data/tarantool-2.6.0/src/lib/small/test/obuf.c
Examining data/tarantool-2.6.0/src/lib/small/test/slab_arena.c
Examining data/tarantool-2.6.0/src/lib/small/test/ibuf.c
Examining data/tarantool-2.6.0/src/lib/small/test/matras.cc
Examining data/tarantool-2.6.0/src/lib/small/test/unit.c
Examining data/tarantool-2.6.0/src/lib/small/test/rb_rand.cc
Examining data/tarantool-2.6.0/src/lib/small/test/unit.h
Examining data/tarantool-2.6.0/src/lib/small/test/slab_cache.c
Examining data/tarantool-2.6.0/src/lib/small/test/mempool.c
Examining data/tarantool-2.6.0/src/lib/small/test/arena_mt.c
Examining data/tarantool-2.6.0/src/lib/small/test/lsregion.c
Examining data/tarantool-2.6.0/src/lib/small/test/static.c
Examining data/tarantool-2.6.0/src/lib/small/test/quota_lessor.c
Examining data/tarantool-2.6.0/src/lib/small/test/rb_aug.c
Examining data/tarantool-2.6.0/src/lib/small/test/rb.c
Examining data/tarantool-2.6.0/src/lib/small/test/rlist.c
Examining data/tarantool-2.6.0/src/lib/swim/swim_proto.c
Examining data/tarantool-2.6.0/src/lib/swim/swim.h
Examining data/tarantool-2.6.0/src/lib/swim/swim_constants.h
Examining data/tarantool-2.6.0/src/lib/swim/swim_ev.c
Examining data/tarantool-2.6.0/src/lib/swim/swim_transport.h
Examining data/tarantool-2.6.0/src/lib/swim/swim.c
Examining data/tarantool-2.6.0/src/lib/swim/swim_proto.h
Examining data/tarantool-2.6.0/src/lib/swim/swim_io.c
Examining data/tarantool-2.6.0/src/lib/swim/swim_ev.h
Examining data/tarantool-2.6.0/src/lib/swim/swim_transport_udp.c
Examining data/tarantool-2.6.0/src/lib/swim/swim_io.h
Examining data/tarantool-2.6.0/src/lib/bit/int96.h
Examining data/tarantool-2.6.0/src/lib/bit/bit.c
Examining data/tarantool-2.6.0/src/lib/bit/bit.h
Examining data/tarantool-2.6.0/src/lib/coll/coll.h
Examining data/tarantool-2.6.0/src/lib/coll/coll_def.c
Examining data/tarantool-2.6.0/src/lib/coll/coll.c
Examining data/tarantool-2.6.0/src/lib/coll/coll_def.h
Examining data/tarantool-2.6.0/src/lib/core/mp_decimal.h
Examining data/tarantool-2.6.0/src/lib/core/coio_task.c
Examining data/tarantool-2.6.0/src/lib/core/fiber_cond.h
Examining data/tarantool-2.6.0/src/lib/core/say.c
Examining data/tarantool-2.6.0/src/lib/core/random.h
Examining data/tarantool-2.6.0/src/lib/core/fiber_channel.h
Examining data/tarantool-2.6.0/src/lib/core/coio_file.c
Examining data/tarantool-2.6.0/src/lib/core/fiber_cond.c
Examining data/tarantool-2.6.0/src/lib/core/coio_file.h
Examining data/tarantool-2.6.0/src/lib/core/ratelimit.h
Examining data/tarantool-2.6.0/src/lib/core/clock.h
Examining data/tarantool-2.6.0/src/lib/core/random.c
Examining data/tarantool-2.6.0/src/lib/core/exception.h
Examining data/tarantool-2.6.0/src/lib/core/decimal.c
Examining data/tarantool-2.6.0/src/lib/core/coio.h
Examining data/tarantool-2.6.0/src/lib/core/errinj.h
Examining data/tarantool-2.6.0/src/lib/core/mp_extension_types.h
Examining data/tarantool-2.6.0/src/lib/core/assoc.c
Examining data/tarantool-2.6.0/src/lib/core/latch.c
Examining data/tarantool-2.6.0/src/lib/core/sio.h
Examining data/tarantool-2.6.0/src/lib/core/trigger.cc
Examining data/tarantool-2.6.0/src/lib/core/clock.c
Examining data/tarantool-2.6.0/src/lib/core/trigger.h
Examining data/tarantool-2.6.0/src/lib/core/reflection.h
Examining data/tarantool-2.6.0/src/lib/core/backtrace.h
Examining data/tarantool-2.6.0/src/lib/core/fio.c
Examining data/tarantool-2.6.0/src/lib/core/tt_static.h
Examining data/tarantool-2.6.0/src/lib/core/errinj.c
Examining data/tarantool-2.6.0/src/lib/core/popen.h
Examining data/tarantool-2.6.0/src/lib/core/evio.h
Examining data/tarantool-2.6.0/src/lib/core/mp_decimal.c
Examining data/tarantool-2.6.0/src/lib/core/say.h
Examining data/tarantool-2.6.0/src/lib/core/backtrace.cc
Examining data/tarantool-2.6.0/src/lib/core/diag.c
Examining data/tarantool-2.6.0/src/lib/core/popen.c
Examining data/tarantool-2.6.0/src/lib/core/fiber.c
Examining data/tarantool-2.6.0/src/lib/core/assoc.h
Examining data/tarantool-2.6.0/src/lib/core/fiber.h
Examining data/tarantool-2.6.0/src/lib/core/fiber_channel.c
Examining data/tarantool-2.6.0/src/lib/core/diag.h
Examining data/tarantool-2.6.0/src/lib/core/port.h
Examining data/tarantool-2.6.0/src/lib/core/cbus.h
Examining data/tarantool-2.6.0/src/lib/core/util.c
Examining data/tarantool-2.6.0/src/lib/core/fiber_pool.c
Examining data/tarantool-2.6.0/src/lib/core/decimal.h
Examining data/tarantool-2.6.0/src/lib/core/sio.c
Examining data/tarantool-2.6.0/src/lib/core/evio.c
Examining data/tarantool-2.6.0/src/lib/core/coio_buf.h
Examining data/tarantool-2.6.0/src/lib/core/latch.h
Examining data/tarantool-2.6.0/src/lib/core/port.c
Examining data/tarantool-2.6.0/src/lib/core/coio.cc
Examining data/tarantool-2.6.0/src/lib/core/coio_task.h
Examining data/tarantool-2.6.0/src/lib/core/cbus.c
Examining data/tarantool-2.6.0/src/lib/core/reflection.c
Examining data/tarantool-2.6.0/src/lib/core/memory.h
Examining data/tarantool-2.6.0/src/lib/core/fio.h
Examining data/tarantool-2.6.0/src/lib/core/memory.c
Examining data/tarantool-2.6.0/src/lib/core/exception.cc
Examining data/tarantool-2.6.0/src/lib/core/fiber_pool.h
Examining data/tarantool-2.6.0/src/lib/core/coio_buf.cc
Examining data/tarantool-2.6.0/src/lib/info/info.h
Examining data/tarantool-2.6.0/src/lib/salad/bps_tree.h
Examining data/tarantool-2.6.0/src/lib/salad/rope.c
Examining data/tarantool-2.6.0/src/lib/salad/bloom.c
Examining data/tarantool-2.6.0/src/lib/salad/rope.h
Examining data/tarantool-2.6.0/src/lib/salad/rtree.c
Examining data/tarantool-2.6.0/src/lib/salad/guava.c
Examining data/tarantool-2.6.0/src/lib/salad/light.h
Examining data/tarantool-2.6.0/src/lib/salad/bloom.h
Examining data/tarantool-2.6.0/src/lib/salad/mhash.h
Examining data/tarantool-2.6.0/src/lib/salad/guava.h
Examining data/tarantool-2.6.0/src/lib/salad/fifo.h
Examining data/tarantool-2.6.0/src/lib/salad/heap.h
Examining data/tarantool-2.6.0/src/lib/salad/rtree.h
Examining data/tarantool-2.6.0/src/lib/salad/stailq.h
Examining data/tarantool-2.6.0/src/lib/mpstream/mpstream.c
Examining data/tarantool-2.6.0/src/lib/mpstream/mpstream.h
Examining data/tarantool-2.6.0/src/lib/uri/uri.c
Examining data/tarantool-2.6.0/src/lib/uri/uri.h
Examining data/tarantool-2.6.0/src/lib/csv/csv.h
Examining data/tarantool-2.6.0/src/lib/csv/csv.c
Examining data/tarantool-2.6.0/src/lib/msgpuck/hints.c
Examining data/tarantool-2.6.0/src/lib/msgpuck/msgpuck.h
Examining data/tarantool-2.6.0/src/lib/msgpuck/test/test.c
Examining data/tarantool-2.6.0/src/lib/msgpuck/test/test.h
Examining data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c
Examining data/tarantool-2.6.0/src/lib/msgpuck/msgpuck.c
Examining data/tarantool-2.6.0/src/lib/crypto/crypto.h
Examining data/tarantool-2.6.0/src/lib/crypto/crypto.c
Examining data/tarantool-2.6.0/src/lib/bitset/bitset.c
Examining data/tarantool-2.6.0/src/lib/bitset/bitset.h
Examining data/tarantool-2.6.0/src/lib/bitset/index.h
Examining data/tarantool-2.6.0/src/lib/bitset/iterator.h
Examining data/tarantool-2.6.0/src/lib/bitset/iterator.c
Examining data/tarantool-2.6.0/src/lib/bitset/page.c
Examining data/tarantool-2.6.0/src/lib/bitset/index.c
Examining data/tarantool-2.6.0/src/lib/bitset/expr.h
Examining data/tarantool-2.6.0/src/lib/bitset/page.h
Examining data/tarantool-2.6.0/src/lib/bitset/expr.c
Examining data/tarantool-2.6.0/src/lib/json/json.c
Examining data/tarantool-2.6.0/src/lib/json/json.h
Examining data/tarantool-2.6.0/src/curl.h
Examining data/tarantool-2.6.0/src/rmean.c
Examining data/tarantool-2.6.0/src/cpu_feature.c
Examining data/tarantool-2.6.0/src/systemd.h
Examining data/tarantool-2.6.0/src/version.h
Examining data/tarantool-2.6.0/src/serializer_opts.h
Examining data/tarantool-2.6.0/src/trivia/util.h
Examining data/tarantool-2.6.0/src/version.c
Examining data/tarantool-2.6.0/src/rmean.h
Examining data/tarantool-2.6.0/src/cpu_feature.h
Examining data/tarantool-2.6.0/test/app-tap/module_api.c
Examining data/tarantool-2.6.0/test/box/reload1.c
Examining data/tarantool-2.6.0/test/box/function1.c
Examining data/tarantool-2.6.0/test/box/reload2.c
Examining data/tarantool-2.6.0/test/box/tuple_bench.c
Examining data/tarantool-2.6.0/test/box-tap/check_merge_source.c
Examining data/tarantool-2.6.0/test/unit/swim_proto.c
Examining data/tarantool-2.6.0/test/unit/rope.c
Examining data/tarantool-2.6.0/test/unit/bps_tree.cc
Examining data/tarantool-2.6.0/test/unit/bps_tree_iterator.cc
Examining data/tarantool-2.6.0/test/unit/uri.c
Examining data/tarantool-2.6.0/test/unit/swim_test_ev.c
Examining data/tarantool-2.6.0/test/unit/mhash_body.c
Examining data/tarantool-2.6.0/test/unit/bloom.cc
Examining data/tarantool-2.6.0/test/unit/tuple_bigref.c
Examining data/tarantool-2.6.0/test/unit/bitset_iterator.c
Examining data/tarantool-2.6.0/test/unit/swim_test_utils.c
Examining data/tarantool-2.6.0/test/unit/checkpoint_schedule.c
Examining data/tarantool-2.6.0/test/unit/swim_test_transport.h
Examining data/tarantool-2.6.0/test/unit/bitset_basic.c
Examining data/tarantool-2.6.0/test/unit/fiber_channel.cc
Examining data/tarantool-2.6.0/test/unit/fiber.cc
Examining data/tarantool-2.6.0/test/unit/guava.c
Examining data/tarantool-2.6.0/test/unit/histogram.c
Examining data/tarantool-2.6.0/test/unit/queue.c
Examining data/tarantool-2.6.0/test/unit/say.c
Examining data/tarantool-2.6.0/test/unit/column_mask.c
Examining data/tarantool-2.6.0/test/unit/fiber_cond.c
Examining data/tarantool-2.6.0/test/unit/snap_quorum_delay.cc
Examining data/tarantool-2.6.0/test/unit/rope_basic.c
Examining data/tarantool-2.6.0/test/unit/vy_iterators_helper.h
Examining data/tarantool-2.6.0/test/unit/heap.c
Examining data/tarantool-2.6.0/test/unit/decimal.c
Examining data/tarantool-2.6.0/test/unit/find_path.c
Examining data/tarantool-2.6.0/test/unit/popen-child.c
Examining data/tarantool-2.6.0/test/unit/json.c
Examining data/tarantool-2.6.0/test/unit/scramble.c
Examining data/tarantool-2.6.0/test/unit/guard.cc
Examining data/tarantool-2.6.0/test/unit/vy_write_iterator.c
Examining data/tarantool-2.6.0/test/unit/xrow.cc
Examining data/tarantool-2.6.0/test/unit/swim.c
Examining data/tarantool-2.6.0/test/unit/rope_stress.c
Examining data/tarantool-2.6.0/test/unit/ratelimit.c
Examining data/tarantool-2.6.0/test/unit/vy_mem.c
Examining data/tarantool-2.6.0/test/unit/fiber_stress.cc
Examining data/tarantool-2.6.0/test/unit/cbus_stress.c
Examining data/tarantool-2.6.0/test/unit/vy_cache.c
Examining data/tarantool-2.6.0/test/unit/stailq.c
Examining data/tarantool-2.6.0/test/unit/vy_point_lookup.c
Examining data/tarantool-2.6.0/test/unit/swim_test_ev.h
Examining data/tarantool-2.6.0/test/unit/fiber_stack.c
Examining data/tarantool-2.6.0/test/unit/vy_log_stub.c
Examining data/tarantool-2.6.0/test/unit/unit.c
Examining data/tarantool-2.6.0/test/unit/rtree_iterator.cc
Examining data/tarantool-2.6.0/test/unit/rope_common.h
Examining data/tarantool-2.6.0/test/unit/unit.h
Examining data/tarantool-2.6.0/test/unit/fiber_channel_stress.cc
Examining data/tarantool-2.6.0/test/unit/luaT_tuple_new.c
Examining data/tarantool-2.6.0/test/unit/popen.c
Examining data/tarantool-2.6.0/test/unit/reflection_cxx.cc
Examining data/tarantool-2.6.0/test/unit/base64.c
Examining data/tarantool-2.6.0/test/unit/int96.cc
Examining data/tarantool-2.6.0/test/unit/csv.c
Examining data/tarantool-2.6.0/test/unit/bit.c
Examining data/tarantool-2.6.0/test/unit/crc32.c
Examining data/tarantool-2.6.0/test/unit/luaL_iterator.c
Examining data/tarantool-2.6.0/test/unit/swim_errinj.c
Examining data/tarantool-2.6.0/test/unit/merger.test.c
Examining data/tarantool-2.6.0/test/unit/light.cc
Examining data/tarantool-2.6.0/test/unit/crypto.c
Examining data/tarantool-2.6.0/test/unit/coll.cpp
Examining data/tarantool-2.6.0/test/unit/mhash_bytemap.c
Examining data/tarantool-2.6.0/test/unit/rtree.cc
Examining data/tarantool-2.6.0/test/unit/sio.c
Examining data/tarantool-2.6.0/test/unit/mhash.c
Examining data/tarantool-2.6.0/test/unit/heap_iterator.c
Examining data/tarantool-2.6.0/test/unit/swim_test_utils.h
Examining data/tarantool-2.6.0/test/unit/rmean.cc
Examining data/tarantool-2.6.0/test/unit/uuid.c
Examining data/tarantool-2.6.0/test/unit/reflection_c.c
Examining data/tarantool-2.6.0/test/unit/coio.cc
Examining data/tarantool-2.6.0/test/unit/cbus.c
Examining data/tarantool-2.6.0/test/unit/cbus_hang.c
Examining data/tarantool-2.6.0/test/unit/rtree_multidim.cc
Examining data/tarantool-2.6.0/test/unit/mp_error.cc
Examining data/tarantool-2.6.0/test/unit/vy_iterators_helper.c
Examining data/tarantool-2.6.0/test/unit/rope_avl.c
Examining data/tarantool-2.6.0/test/unit/swim_test_transport.c
Examining data/tarantool-2.6.0/test/unit/vclock.cc
Examining data/tarantool-2.6.0/test/unit/bitset_index.c
Examining data/tarantool-2.6.0/test/app/loaderslib.c
Examining data/tarantool-2.6.0/cmake/luatest.cpp

FINAL RESULTS:

data/tarantool-2.6.0/src/find_path.c:61:8:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
		rc = readlink("/proc/self/exe", buf, size);
data/tarantool-2.6.0/src/lib/core/coio_file.c:91:5:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
		} readlink;
data/tarantool-2.6.0/src/lib/core/coio_file.c:474:16:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	req->result = readlink(eio->readlink.pathname,
data/tarantool-2.6.0/src/lib/core/coio_file.c:474:30:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	req->result = readlink(eio->readlink.pathname,
data/tarantool-2.6.0/src/lib/core/coio_file.c:475:16:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
			       eio->readlink.buf, eio->readlink.bufsize);
data/tarantool-2.6.0/src/lib/core/coio_file.c:475:35:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
			       eio->readlink.buf, eio->readlink.bufsize);
data/tarantool-2.6.0/src/lib/core/coio_file.c:483:6:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	eio.readlink.pathname = pathname;
data/tarantool-2.6.0/src/lib/core/coio_file.c:484:6:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	eio.readlink.buf = buf;
data/tarantool-2.6.0/src/lib/core/coio_file.c:485:6:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	eio.readlink.bufsize = bufsize;
data/tarantool-2.6.0/src/lib/core/fio.c:56:15:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	ssize_t sz = readlink(proc_path, filename_path, TT_STATIC_BUF_LEN);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-init.cc:495:5:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    chmod(filename_.c_str(), 0000);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-init.cc:497:23:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
  ~MakeUnreadable() { chmod(filename_.c_str(), 0644); }
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-mock.cc:1012:3:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
  chmod(aliases.filename(), 0);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-mock.cc:1019:3:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
  chmod(aliases.filename(), 0777);
data/tarantool-2.6.0/third_party/libeio/eio.c:121:11:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
  #define chmod(path,mode)     _chmod (path, mode)
data/tarantool-2.6.0/third_party/libeio/eio.c:127:11:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
  #define chown(path,uid,gid)  EIO_ENOSYS ()
data/tarantool-2.6.0/third_party/libeio/eio.c:133:11:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
  #define readlink(path,buf,s) EIO_ENOSYS ()
data/tarantool-2.6.0/third_party/libeio/eio.c:1022:23:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
        req->result = readlink (tmp1, res, PATH_MAX);
data/tarantool-2.6.0/third_party/libeio/eio.c:1102:19:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
        linklen = readlink (tmpbuf->ptr, tmp1, PATH_MAX);
data/tarantool-2.6.0/third_party/libeio/eio.c:1915:41:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
      case EIO_CHOWN:     req->result = chown     (path     , req->int2, req->int3); break;
data/tarantool-2.6.0/third_party/libeio/eio.c:1916:41:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
      case EIO_CHMOD:     req->result = chmod     (path     , (mode_t)req->int2); break;
data/tarantool-2.6.0/third_party/libeio/eio.c:1928:41:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
                          req->result = readlink  (path, req->ptr2, PATH_MAX); break;
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:272:5:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    chmod(path, _S_IWRITE);
data/tarantool-2.6.0/third_party/zstd/programs/util.h:242:13:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    #define chmod _chmod
data/tarantool-2.6.0/third_party/zstd/programs/util.h:259:12:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
    res += chown(filename, statbuf->st_uid, statbuf->st_gid);  /* Copy ownership */
data/tarantool-2.6.0/third_party/zstd/programs/util.h:262:12:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    res += chmod(filename, statbuf->st_mode & 07777);  /* Copy file permissions */
data/tarantool-2.6.0/extra/lemon.c:36:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
extern int access(const char *path, int mode);
data/tarantool-2.6.0/extra/lemon.c:1460:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr,format,ap);
data/tarantool-2.6.0/extra/lemon.c:3309:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if( access(path,modemask)==0 ) break;
data/tarantool-2.6.0/extra/lemon.c:3380:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if( access(user_templatename,004)==-1 ){
data/tarantool-2.6.0/extra/lemon.c:3402:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if( access(buf,004)==0 ){
data/tarantool-2.6.0/extra/lemon.c:3404:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  }else if( access(templatename,004)==0 ){
data/tarantool-2.6.0/src/box/alter.cc:77:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	struct access *object = entity_access_get(type);
data/tarantool-2.6.0/src/box/alter.cc:79:3:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		access &= ~object[cr->auth_token].effective;
data/tarantool-2.6.0/src/box/alter.cc:90:36:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access == 0 || (is_owner && !(access & (PRIV_U | PRIV_C))))
data/tarantool-2.6.0/src/box/alter.cc:95:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (!(access & PRIV_U)) {
data/tarantool-2.6.0/src/box/alter.cc:97:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		struct access *object = access_find(type, object_id);
data/tarantool-2.6.0/src/box/alter.cc:99:4:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			access &= ~object[cr->auth_token].effective;
data/tarantool-2.6.0/src/box/alter.cc:109:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access & PRIV_U) {
data/tarantool-2.6.0/src/box/alter.cc:115:21:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		pname = priv_name(access);
data/tarantool-2.6.0/src/box/alter.cc:191:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		p += snprintf(p, e - p, i ? ", %s" : "%s", mp_type_strs[type]);
data/tarantool-2.6.0/src/box/alter.cc:1137:27:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	memcpy(alter->new_space->access, alter->old_space->access,
data/tarantool-2.6.0/src/box/alter.cc:1137:53:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	memcpy(alter->new_space->access, alter->old_space->access,
data/tarantool-2.6.0/src/box/alter.cc:1138:34:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	       sizeof(alter->old_space->access));
data/tarantool-2.6.0/src/box/alter.cc:3969:42:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		    (role->def->uid != PUBLIC || priv->access != PRIV_X)) {
data/tarantool-2.6.0/src/box/alter.cc:4039:46:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (priv->object_type == SC_ROLE && !(priv->access & ~PRIV_X)) {
data/tarantool-2.6.0/src/box/alter.cc:4043:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (priv->access) {
data/tarantool-2.6.0/src/box/func.c:283:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	rc = snprintf(load_name, sizeof(load_name), "%s/%.*s." TARANTOOL_LIBEXT,
data/tarantool-2.6.0/src/box/func.c:458:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	memset(func->access, 0, sizeof(func->access));
data/tarantool-2.6.0/src/box/func.c:458:39:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	memset(func->access, 0, sizeof(func->access));
data/tarantool-2.6.0/src/box/func.c:621:2:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	access &= ~entity_access_get(SC_FUNCTION)[credentials->auth_token].effective;
data/tarantool-2.6.0/src/box/func.c:622:30:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	user_access_t func_access = access & ~credentials->universal_access;
data/tarantool-2.6.0/src/box/func.c:625:28:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	     func_access & ~func->access[credentials->auth_token].effective)) {
data/tarantool-2.6.0/src/box/func.h:84:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	struct access access[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/func.h:84:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	struct access access[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/gc.c:531:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(ref->name, GC_NAME_MAX, format, ap);
data/tarantool-2.6.0/src/box/gc.c:556:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(consumer->name, GC_NAME_MAX, format, ap);
data/tarantool-2.6.0/src/box/gc.h:273:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
CFORMAT(printf, 3, 4)
data/tarantool-2.6.0/src/box/gc.h:297:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
CFORMAT(printf, 2, 3)
data/tarantool-2.6.0/src/box/key_def.c:448:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, "[");
data/tarantool-2.6.0/src/box/key_def.c:452:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "[%d, '%s'",
data/tarantool-2.6.0/src/box/key_def.c:455:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			SNPRINT(total, snprintf, buf, size, ", path='%s'",
data/tarantool-2.6.0/src/box/key_def.c:458:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "]");
data/tarantool-2.6.0/src/box/key_def.c:460:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			SNPRINT(total, snprintf, buf, size, ", ");
data/tarantool-2.6.0/src/box/key_def.c:462:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, "]");
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:188:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(&mask_str[pos], nd_type_names[i]);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:801:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf, sizeof(buf), "%" PRIu64, field->ival);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:806:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf, sizeof(buf), "%" PRIi64, field->ival);
data/tarantool-2.6.0/src/box/mp_error.cc:580:23:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define MP_PRINT_FUNC snprintf
data/tarantool-2.6.0/src/box/mp_error.cc:588:23:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define MP_PRINT_FUNC fprintf
data/tarantool-2.6.0/src/box/schema.h:244:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
       struct access space[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/schema.h:245:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
       struct access function[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/schema.h:246:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
       struct access user[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/schema.h:247:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
       struct access role[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/schema.h:248:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
       struct access sequence[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/schema.h:255:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
struct access *
data/tarantool-2.6.0/src/box/sequence.c:274:34:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	user_access_t sequence_access = access & ~cr->universal_access;
data/tarantool-2.6.0/src/box/sequence.c:281:32:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	      sequence_access & ~seq->access[cr->auth_token].effective))) {
data/tarantool-2.6.0/src/box/sequence.c:293:17:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
					 priv_name(access),
data/tarantool-2.6.0/src/box/sequence.h:86:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	struct access access[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/sequence.h:86:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	struct access access[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/session.cc:306:17:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (!(universe.access[user->auth_token].effective & PRIV_S)) {
data/tarantool-2.6.0/src/box/session.cc:316:44:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
access_check_universe_object(user_access_t access,
data/tarantool-2.6.0/src/box/session.cc:321:2:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	access |= PRIV_U;
data/tarantool-2.6.0/src/box/session.cc:322:39:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if ((credentials->universal_access & access) ^ access) {
data/tarantool-2.6.0/src/box/session.cc:322:49:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if ((credentials->universal_access & access) ^ access) {
data/tarantool-2.6.0/src/box/session.cc:328:23:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		int denied_access = access & ((credentials->universal_access
data/tarantool-2.6.0/src/box/session.cc:329:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
					       & access) ^ access);
data/tarantool-2.6.0/src/box/session.cc:329:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
					       & access) ^ access);
data/tarantool-2.6.0/src/box/session.cc:350:37:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
access_check_universe(user_access_t access)
data/tarantool-2.6.0/src/box/session.cc:352:38:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	return access_check_universe_object(access, SC_UNIVERSE, "");
data/tarantool-2.6.0/src/box/session.h:333:37:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
access_check_universe(user_access_t access);
data/tarantool-2.6.0/src/box/session.h:341:44:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
access_check_universe_object(user_access_t access,
data/tarantool-2.6.0/src/box/session.h:391:40:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
access_check_universe_xc(user_access_t access)
data/tarantool-2.6.0/src/box/session.h:393:28:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access_check_universe(access) != 0)
data/tarantool-2.6.0/src/box/space.c:52:55:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
access_check_space(struct space *space, user_access_t access)
data/tarantool-2.6.0/src/box/space.c:56:2:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	access |= PRIV_U;
data/tarantool-2.6.0/src/box/space.c:64:31:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	user_access_t space_access = access & ~cr->universal_access;
data/tarantool-2.6.0/src/box/space.c:76:30:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	     space_access & ~space->access[cr->auth_token].effective))) {
data/tarantool-2.6.0/src/box/space.c:92:17:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
					 priv_name(access),
data/tarantool-2.6.0/src/box/space.h:159:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	struct access access[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/space.h:159:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	struct access access[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/space.h:384:55:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
access_check_space(struct space *space, user_access_t access);
data/tarantool-2.6.0/src/box/space.h:593:58:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
access_check_space_xc(struct space *space, user_access_t access)
data/tarantool-2.6.0/src/box/space.h:595:32:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access_check_space(space, access) != 0)
data/tarantool-2.6.0/src/box/sql/build.c:231:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(new_space->def->engine_name,
data/tarantool-2.6.0/src/box/sql/build.c:1570:31:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			uint32_t object_id, struct access *access)
data/tarantool-2.6.0/src/box/sql/build.c:1570:39:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			uint32_t object_id, struct access *access)
data/tarantool-2.6.0/src/box/sql/build.c:1582:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (!access[token].granted)
data/tarantool-2.6.0/src/box/sql/build.c:1618:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
				space->access);
data/tarantool-2.6.0/src/box/sql/build.c:1665:24:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
						space->sequence->access);
data/tarantool-2.6.0/src/box/sql/os_unix.c:1446:31:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		    S_ISDIR(buf.st_mode) && access(zDir, 03) == 0)
data/tarantool-2.6.0/src/box/sql/os_unix.c:1485:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	} while (access(zBuf, 0) == 0);
data/tarantool-2.6.0/src/box/sql/select.c:4902:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(space->def->name, "%s", name);
data/tarantool-2.6.0/src/box/sql/tokenize.c:572:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(stmt, "%s%.*s", outer, expr_len, expr);
data/tarantool-2.6.0/src/box/sql/vdbeaux.c:1190:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(pOut, zFormat1, fiber_self()->fid, pc,
data/tarantool-2.6.0/src/box/sysview.c:285:23:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (PRIV_R & source->access[cr->auth_token].effective)
data/tarantool-2.6.0/src/box/sysview.c:293:35:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	user_access_t effective = space->access[cr->auth_token].effective;
data/tarantool-2.6.0/src/box/sysview.c:312:23:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (PRIV_R & source->access[cr->auth_token].effective)
data/tarantool-2.6.0/src/box/sysview.c:335:23:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (PRIV_R & source->access[cr->auth_token].effective)
data/tarantool-2.6.0/src/box/sysview.c:362:23:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (PRIV_R & source->access[cr->auth_token].effective)
data/tarantool-2.6.0/src/box/sysview.c:372:34:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	user_access_t effective = func->access[cr->auth_token].effective;
data/tarantool-2.6.0/src/box/sysview.c:391:23:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (PRIV_R & source->access[cr->auth_token].effective)
data/tarantool-2.6.0/src/box/sysview.c:400:38:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	user_access_t effective = sequence->access[cr->auth_token].effective;
data/tarantool-2.6.0/src/box/tuple.c:754:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "<NULL>");
data/tarantool-2.6.0/src/box/user.cc:205:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		old->access |= def->access;
data/tarantool-2.6.0/src/box/user.cc:205:23:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		old->access |= def->access;
data/tarantool-2.6.0/src/box/user.cc:214:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
struct access *
data/tarantool-2.6.0/src/box/user.cc:217:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	struct access *access = NULL;
data/tarantool-2.6.0/src/box/user.cc:221:21:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		access = universe.access;
data/tarantool-2.6.0/src/box/user.cc:253:20:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			access = space->access;
data/tarantool-2.6.0/src/box/user.cc:260:19:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			access = func->access;
data/tarantool-2.6.0/src/box/user.cc:267:19:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			access = user->access;
data/tarantool-2.6.0/src/box/user.cc:274:19:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			access = role->access;
data/tarantool-2.6.0/src/box/user.cc:281:18:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			access = seq->access;
data/tarantool-2.6.0/src/box/user.cc:287:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	return access;
data/tarantool-2.6.0/src/box/user.cc:302:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		struct access *object = access_find(priv->object_type,
data/tarantool-2.6.0/src/box/user.cc:307:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		struct access *access = &object[user->auth_token];
data/tarantool-2.6.0/src/box/user.cc:308:47:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		access->effective = access->granted | priv->access;
data/tarantool-2.6.0/src/box/user.cc:368:46:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
			if (priv.object_type != SC_ROLE || !(priv.access & PRIV_X))
data/tarantool-2.6.0/src/box/user.cc:393:38:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	user_access_t new_access = universe.access[user->auth_token].effective;
data/tarantool-2.6.0/src/box/user.cc:603:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	universe.access[ADMIN].effective = USER_ACCESS_FULL;
data/tarantool-2.6.0/src/box/user.cc:773:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	struct access *object = access_find(priv->object_type, priv->object_id);
data/tarantool-2.6.0/src/box/user.cc:777:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    priv->access != USER_ACCESS_FULL) {
data/tarantool-2.6.0/src/box/user.cc:782:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	struct access *access = &object[grantee->auth_token];
data/tarantool-2.6.0/src/box/user.cc:783:26:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	access->granted = priv->access;
data/tarantool-2.6.0/src/box/user.cc:795:34:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	cr->universal_access = universe.access[user->auth_token].effective;
data/tarantool-2.6.0/src/box/user.h:44:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	struct access access[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/user.h:44:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	struct access access[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/user.h:98:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	struct access access[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/user.h:98:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	struct access access[BOX_USER_MAX];
data/tarantool-2.6.0/src/box/user.h:101:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
struct access *
data/tarantool-2.6.0/src/box/user_def.c:36:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
priv_name(user_access_t access)
data/tarantool-2.6.0/src/box/user_def.c:55:35:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	int bit_no = __builtin_ffs((int) access);
data/tarantool-2.6.0/src/box/user_def.h:124:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	user_access_t access;
data/tarantool-2.6.0/src/box/user_def.h:131:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
priv_name(user_access_t access);
data/tarantool-2.6.0/src/box/user_def.h:138:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
struct access {
data/tarantool-2.6.0/src/box/vclock.c:58:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, "{");
data/tarantool-2.6.0/src/box/vclock.c:64:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s%u: %lld",
data/tarantool-2.6.0/src/box/vclock.c:69:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, "}");
data/tarantool-2.6.0/src/box/vinyl.c:733:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(env->path, F_OK) != 0) {
data/tarantool-2.6.0/src/box/vy_log.c:248:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, "%s{",
data/tarantool-2.6.0/src/box/vy_log.c:251:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=%"PRIi64", ",
data/tarantool-2.6.0/src/box/vy_log.c:254:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=%"PRIi64", ",
data/tarantool-2.6.0/src/box/vy_log.c:258:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=%"PRIi64", ",
data/tarantool-2.6.0/src/box/vy_log.c:262:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=",
data/tarantool-2.6.0/src/box/vy_log.c:265:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, ", ");
data/tarantool-2.6.0/src/box/vy_log.c:268:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=",
data/tarantool-2.6.0/src/box/vy_log.c:271:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, ", ");
data/tarantool-2.6.0/src/box/vy_log.c:274:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=%"PRIu32", ",
data/tarantool-2.6.0/src/box/vy_log.c:277:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=%"PRIu32", ",
data/tarantool-2.6.0/src/box/vy_log.c:280:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=%"PRIu32", ",
data/tarantool-2.6.0/src/box/vy_log.c:283:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=",
data/tarantool-2.6.0/src/box/vy_log.c:287:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, ", ");
data/tarantool-2.6.0/src/box/vy_log.c:290:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=%"PRIi64", ",
data/tarantool-2.6.0/src/box/vy_log.c:294:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=%"PRIi64", ",
data/tarantool-2.6.0/src/box/vy_log.c:298:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=%"PRIi64", ",
data/tarantool-2.6.0/src/box/vy_log.c:302:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=%"PRIi64", ",
data/tarantool-2.6.0/src/box/vy_log.c:306:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=%"PRIi64", ",
data/tarantool-2.6.0/src/box/vy_log.c:310:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=%"PRIi64", ",
data/tarantool-2.6.0/src/box/vy_log.c:314:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "%s=%"PRIu32", ",
data/tarantool-2.6.0/src/box/vy_log.c:317:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, "}");
data/tarantool-2.6.0/src/box/vy_log.c:945:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(path, F_OK) == 0)
data/tarantool-2.6.0/src/box/vy_log.c:1233:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(path, F_OK) == -1 && errno == ENOENT)
data/tarantool-2.6.0/src/box/vy_log.c:2340:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(path, F_OK) < 0 && errno == ENOENT)
data/tarantool-2.6.0/src/box/vy_range.c:220:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, "(");
data/tarantool-2.6.0/src/box/vy_range.c:224:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "-inf");
data/tarantool-2.6.0/src/box/vy_range.c:225:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, "..");
data/tarantool-2.6.0/src/box/vy_range.c:229:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "inf");
data/tarantool-2.6.0/src/box/vy_range.c:230:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, ")");
data/tarantool-2.6.0/src/box/vy_run.h:439:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, "/");
data/tarantool-2.6.0/src/box/vy_stmt.c:775:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "<NULL>");
data/tarantool-2.6.0/src/box/vy_stmt.c:782:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, "%s(",
data/tarantool-2.6.0/src/box/vy_stmt.c:786:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, ", ops=");
data/tarantool-2.6.0/src/box/vy_stmt.c:790:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, ", lsn=%lld)",
data/tarantool-2.6.0/src/box/wal.c:477:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(path, F_OK) != 0) {
data/tarantool-2.6.0/src/box/xlog.c:155:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size,
data/tarantool-2.6.0/src/box/xlog.c:163:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, VCLOCK_KEY ": %s\n",
data/tarantool-2.6.0/src/box/xlog.c:167:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, PREV_VCLOCK_KEY ": %s\n",
data/tarantool-2.6.0/src/box/xlog.c:170:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, "\n");
data/tarantool-2.6.0/src/box/xlog.c:806:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(name, F_OK) == 0) {
data/tarantool-2.6.0/src/box/xrow.c:793:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, "{type: '%s', "
data/tarantool-2.6.0/src/box/xrow.c:802:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, ", key: ");
data/tarantool-2.6.0/src/box/xrow.c:806:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, ", tuple: ");
data/tarantool-2.6.0/src/box/xrow.c:810:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, ", ops: ");
data/tarantool-2.6.0/src/box/xrow.c:813:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, size, "}");
data/tarantool-2.6.0/src/histogram.c:176:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			SNPRINT(total, snprintf, buf, size, " ");
data/tarantool-2.6.0/src/histogram.c:178:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "[%"PRIi64, min);
data/tarantool-2.6.0/src/histogram.c:180:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			SNPRINT(total, snprintf, buf, size, "-%"PRIi64, max);
data/tarantool-2.6.0/src/histogram.c:181:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, size, "]:%"PRIi64, count);
data/tarantool-2.6.0/src/httpc.c:187:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	int rc = vsnprintf(header, MAX_HEADER_LEN + 1, fmt, ap);
data/tarantool-2.6.0/src/lib/coll/coll.c:316:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buffer, size, "{locale: %s,"\
data/tarantool-2.6.0/src/lib/coll/coll.c:320:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buffer, size, "}");
data/tarantool-2.6.0/src/lib/coll/coll.c:323:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buffer, size, "{type = binary}");
data/tarantool-2.6.0/src/lib/core/backtrace.cc:164:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		p += snprintf(p, end - p, CRLF);
data/tarantool-2.6.0/src/lib/core/diag.c:149:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(e->errmsg, sizeof(e->errmsg), format, ap);
data/tarantool-2.6.0/src/lib/core/exception.cc:175:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), format, ap);
data/tarantool-2.6.0/src/lib/core/exception.cc:405:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(buf, sizeof(buf), format, ap);
data/tarantool-2.6.0/src/lib/core/popen.c:211:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(pos, opts->argv[i]);
data/tarantool-2.6.0/src/lib/core/popen.c:564:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		snprintf(buf, size, fmt, wstatus,
data/tarantool-2.6.0/src/lib/core/say.c:414:3:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		execv(argv[0], argv); /* does not return */
data/tarantool-2.6.0/src/lib/core/say.c:770:17:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, vsnprintf, buf, len, format, ap);
data/tarantool-2.6.0/src/lib/core/say.c:772:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, len, ": %s", error);
data/tarantool-2.6.0/src/lib/core/say.c:773:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, "\n");
data/tarantool-2.6.0/src/lib/core/say.c:789:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, len, " %s", cord->name);
data/tarantool-2.6.0/src/lib/core/say.c:791:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			SNPRINT(total, snprintf, buf, len, "/%i/%s",
data/tarantool-2.6.0/src/lib/core/say.c:802:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			SNPRINT(total, snprintf, buf, len, " %s:%i", filename,
data/tarantool-2.6.0/src/lib/core/say.c:807:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, " %c> ", level_to_char(level));
data/tarantool-2.6.0/src/lib/core/say.c:809:17:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, vsnprintf, buf, len, format, ap);
data/tarantool-2.6.0/src/lib/core/say.c:811:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, len, ": %s", error);
data/tarantool-2.6.0/src/lib/core/say.c:813:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, "\n");
data/tarantool-2.6.0/src/lib/core/say.c:835:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, ":%06.3f",
data/tarantool-2.6.0/src/lib/core/say.c:839:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, " [%i]", getpid());
data/tarantool-2.6.0/src/lib/core/say.c:861:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, "{\"time\": \"");
data/tarantool-2.6.0/src/lib/core/say.c:870:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, ":%06.3f",
data/tarantool-2.6.0/src/lib/core/say.c:874:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, "\", ");
data/tarantool-2.6.0/src/lib/core/say.c:876:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, "\"level\": \"%s\", ",
data/tarantool-2.6.0/src/lib/core/say.c:888:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, len, "%.*s, ",
data/tarantool-2.6.0/src/lib/core/say.c:893:7:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		if (vsnprintf(tmp, TT_STATIC_BUF_LEN, format, ap) < 0)
data/tarantool-2.6.0/src/lib/core/say.c:895:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, len, "\"message\": \"");
data/tarantool-2.6.0/src/lib/core/say.c:898:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, len, "\", ");
data/tarantool-2.6.0/src/lib/core/say.c:903:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, len, "\"error\": \"");
data/tarantool-2.6.0/src/lib/core/say.c:905:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, len, "\", ");
data/tarantool-2.6.0/src/lib/core/say.c:908:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, "\"pid\": %i ", getpid());
data/tarantool-2.6.0/src/lib/core/say.c:912:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, len, ", \"cord_name\": \"");
data/tarantool-2.6.0/src/lib/core/say.c:914:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, len, "\"");
data/tarantool-2.6.0/src/lib/core/say.c:916:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			SNPRINT(total, snprintf, buf, len,
data/tarantool-2.6.0/src/lib/core/say.c:918:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			SNPRINT(total, snprintf, buf, len,
data/tarantool-2.6.0/src/lib/core/say.c:922:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			SNPRINT(total, snprintf, buf, len, "\"");
data/tarantool-2.6.0/src/lib/core/say.c:927:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, len, ", \"file\": \"");
data/tarantool-2.6.0/src/lib/core/say.c:929:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, buf, len, "\", \"line\": %i", line);
data/tarantool-2.6.0/src/lib/core/say.c:931:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, "}\n");
data/tarantool-2.6.0/src/lib/core/say.c:965:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, "<%d>",
data/tarantool-2.6.0/src/lib/core/say.c:968:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, "%s[%d]:", log->syslog_ident, getpid());
data/tarantool-2.6.0/src/lib/core/say.h:290:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
CFORMAT(printf, 5, 0) extern sayfunc_t _say;
data/tarantool-2.6.0/src/lib/core/tt_static.h:80:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	int rc = vsnprintf(buf, size, format, ap);
data/tarantool-2.6.0/src/lib/core/util.c:215:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(abspath, filename);
data/tarantool-2.6.0/src/lib/core/util.c:323:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			SNPRINT(total, snprintf, buf, size, "%s",
data/tarantool-2.6.0/src/lib/core/util.c:326:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			SNPRINT(total, snprintf, buf, size, "%c", c);
data/tarantool-2.6.0/src/lib/msgpuck/msgpuck.c:364:27:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define PRINT(...) HANDLE(fprintf, __VA_ARGS__)
data/tarantool-2.6.0/src/lib/msgpuck/msgpuck.c:402:27:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define PRINT(...) HANDLE(snprintf, __VA_ARGS__)
data/tarantool-2.6.0/src/lib/msgpuck/test/test.c:100:2:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vprintf(fmt, ap);
data/tarantool-2.6.0/src/lib/msgpuck/test/test.h:63:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(stream, __VA_ARGS__); fprintf(stream, "\n"); })
data/tarantool-2.6.0/src/lib/msgpuck/test/test.h:87:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr, fmt, ##args);		\
data/tarantool-2.6.0/src/lib/msgpuck/test/test.h:99:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr, fmt, ##args);		\
data/tarantool-2.6.0/src/lib/msgpuck/test/test.h:111:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr, fmt, ##args);		\
data/tarantool-2.6.0/src/lib/salad/bps_tree.h:4753:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(elem_fmt, block->elems[i]);
data/tarantool-2.6.0/src/lib/salad/bps_tree.h:4775:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(elem_fmt, block->elems[i]);
data/tarantool-2.6.0/src/lib/small/test/slab_arena.c:92:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access("/proc/self/smaps", F_OK))
data/tarantool-2.6.0/src/lib/small/test/unit.c:69:2:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vprintf(fmt, ap);
data/tarantool-2.6.0/src/lib/small/test/unit.h:84:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(stream, __VA_ARGS__); fprintf(stream, "\n"); })
data/tarantool-2.6.0/src/lib/small/test/unit.h:108:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr, fmt, ##args);		\
data/tarantool-2.6.0/src/lib/small/test/unit.h:120:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr, fmt, ##args);		\
data/tarantool-2.6.0/src/lib/small/test/unit.h:132:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr, fmt, ##args);		\
data/tarantool-2.6.0/src/lib/uri/uri.c:6307:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, str, len, "%.*s://",
data/tarantool-2.6.0/src/lib/uri/uri.c:6312:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			SNPRINT(total, snprintf, str, len, "%.*s",
data/tarantool-2.6.0/src/lib/uri/uri.c:6315:20:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
				SNPRINT(total, snprintf, str, len, ":%.*s",
data/tarantool-2.6.0/src/lib/uri/uri.c:6319:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			SNPRINT(total, snprintf, str, len, "@");
data/tarantool-2.6.0/src/lib/uri/uri.c:6321:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, str, len, "%.*s",
data/tarantool-2.6.0/src/lib/uri/uri.c:6324:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
			SNPRINT(total, snprintf, str, len, ":%.*s",
data/tarantool-2.6.0/src/lib/uri/uri.c:6329:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, str, len, "%.*s",
data/tarantool-2.6.0/src/lib/uri/uri.c:6333:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, str, len, "?%.*s",
data/tarantool-2.6.0/src/lib/uri/uri.c:6337:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		SNPRINT(total, snprintf, str, len, "#%.*s",
data/tarantool-2.6.0/src/lua/init.c:615:40:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (path && strcmp(path, "-") != 0 && access(path, F_OK) == 0) {
data/tarantool-2.6.0/src/main.cc:778:42:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (argc > 1 && strcmp(argv[1], "-") && access(argv[1], R_OK) != 0) {
data/tarantool-2.6.0/src/proc_title.c:314:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	buflen = vsnprintf(ps_buffer,
data/tarantool-2.6.0/src/proc_title.c:364:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(name, "pgident(%d): %s", MyProcPid, ps_buffer);
data/tarantool-2.6.0/src/proc_title.h:41:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
CFORMAT(printf, 1, 2) void proc_title_set(const char *format, ...);
data/tarantool-2.6.0/src/systemd.c:154:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
CFORMAT(printf, 1, 2) int
data/tarantool-2.6.0/src/title.c:141:21:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define OUTPUT(...) snprintf(output, output_end - output, __VA_ARGS__)
data/tarantool-2.6.0/src/trivia/util.h:405:65:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
fdprintf(int fd, const char *format, ...) __attribute__((format(printf, 2, 3)));
data/tarantool-2.6.0/src/trivia/util.h:440:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	return snprintf(str, FPCONV_G_FMT_BUFSIZE, fmt, num);
data/tarantool-2.6.0/test/unit/say.c:64:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, "\"msg\" = \"");
data/tarantool-2.6.0/test/unit/say.c:65:17:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, vsnprintf, buf, len, format, ap);
data/tarantool-2.6.0/test/unit/say.c:66:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	SNPRINT(total, snprintf, buf, len, "\"\n");
data/tarantool-2.6.0/test/unit/say.c:89:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmp_filename, "%s/%i.log", tmp_dir, create_log->id);
data/tarantool-2.6.0/test/unit/say.c:136:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(tmp_filename, "%s/%i.log", tmp_dir, i);
data/tarantool-2.6.0/test/unit/say.c:210:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(tmp_filename, "%s/1.log", tmp_dir);
data/tarantool-2.6.0/test/unit/unit.c:69:2:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vprintf(fmt, ap);
data/tarantool-2.6.0/test/unit/unit.h:77:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(stream, __VA_ARGS__); fprintf(stream, "\n"); })
data/tarantool-2.6.0/test/unit/unit.h:101:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr, fmt, ##args);		\
data/tarantool-2.6.0/test/unit/unit.h:113:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr, fmt, ##args);		\
data/tarantool-2.6.0/test/unit/unit.h:125:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr, fmt, ##args);		\
data/tarantool-2.6.0/test/unit/vy_point_lookup.c:114:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(path, dir_name);
data/tarantool-2.6.0/test/unit/vy_point_lookup.c:317:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(path, dir_name);
data/tarantool-2.6.0/test/unit/vy_point_lookup.c:318:2:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	system(path);
data/tarantool-2.6.0/third_party/c-ares/acountry.c:80:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                       printf fmt ;   \
data/tarantool-2.6.0/third_party/c-ares/acountry.c:92:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, fmt, args);
data/tarantool-2.6.0/third_party/c-ares/acountry.c:164:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
      sprintf(buf, nerd_fmt,
data/tarantool-2.6.0/third_party/c-ares/ares_getaddrinfo.c:475:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(PATH_HOSTS, WIN_PATH_HOSTS);
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyaddr.c:208:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(PATH_HOSTS, WIN_PATH_HOSTS);
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c:376:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(PATH_HOSTS, WIN_PATH_HOSTS);
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:410:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(&buf[bufl], tmpbuf);
data/tarantool-2.6.0/third_party/c-ares/ares_options.c:275:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(csv, _csv);
data/tarantool-2.6.0/third_party/c-ares/ares_parse_ns_reply.c:135:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(nameservers[nameservers_num],rr_data);
data/tarantool-2.6.0/third_party/c-ares/inet_ntop.c:93:15:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
  if ((size_t)sprintf(tmp, fmt, src[0], src[1], src[2], src[3]) >= size) {
data/tarantool-2.6.0/third_party/c-ares/inet_ntop.c:97:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(dst, tmp);
data/tarantool-2.6.0/third_party/c-ares/inet_ntop.c:194:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(dst, tmp);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:1594:10:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
# define vsnprintf _vsnprintf
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:4419:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(fmt, args);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:4439:3:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vprintf(fmt, args);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:4446:3:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vprintf(fmt, args);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gtest/gtest.h:3631:20:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
inline const char* StrNCpy(char* dest, const char* src, size_t n) {
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gtest/gtest.h:3702:26:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
# define GTEST_SNPRINTF_ _snprintf
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gtest/gtest.h:3704:26:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
# define GTEST_SNPRINTF_ snprintf
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gtest/gtest.h:9177:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(\
data/tarantool-2.6.0/third_party/curl/docs/examples/cookie_interface.c:93:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/tarantool-2.6.0/third_party/curl/docs/examples/cookie_interface.c:93:18:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/tarantool-2.6.0/third_party/curl/docs/examples/evhiperfifo.c:76:22:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DPRINT(x...) printf(x)
data/tarantool-2.6.0/third_party/curl/docs/examples/htmltidy.c:56:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(tidyAttrName(attr));
data/tarantool-2.6.0/third_party/curl/docs/examples/rtsp.c:173:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      sscanf(s, " a = control: %s", control);
data/tarantool-2.6.0/third_party/curl/docs/examples/synctime.c:158:22:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        int RetVal = sscanf((char *)(ptr), "Date: %s %hu %s %hu %hu:%hu:%hu",
data/tarantool-2.6.0/third_party/curl/docs/examples/threaded-shared-conn.c:63:38:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    curl_lock_access access, void *userptr)
data/tarantool-2.6.0/third_party/curl/docs/examples/threaded-shared-conn.c:65:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  (void)access; /* unused */
data/tarantool-2.6.0/third_party/curl/lib/content_encoding.c:782:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(p, ce->name);
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_wb.c:186:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if(access(ntlm_auth, X_OK) != 0) {
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_wb.c:226:7:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      execl(ntlm_auth, ntlm_auth,
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_wb.c:233:7:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      execl(ntlm_auth, ntlm_auth,
data/tarantool-2.6.0/third_party/curl/lib/curl_path.c:181:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(*path, homedir);
data/tarantool-2.6.0/third_party/curl/lib/curl_printf.h:32:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# undef printf
data/tarantool-2.6.0/third_party/curl/lib/curl_printf.h:33:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# undef fprintf
data/tarantool-2.6.0/third_party/curl/lib/curl_printf.h:35:9:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# undef vprintf
data/tarantool-2.6.0/third_party/curl/lib/curl_printf.h:36:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# undef vfprintf
data/tarantool-2.6.0/third_party/curl/lib/curl_printf.h:37:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
# undef vsnprintf
data/tarantool-2.6.0/third_party/curl/lib/curl_printf.h:40:10:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# define printf curl_mprintf
data/tarantool-2.6.0/third_party/curl/lib/curl_printf.h:41:10:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# define fprintf curl_mfprintf
data/tarantool-2.6.0/third_party/curl/lib/curl_printf.h:43:10:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# define vprintf curl_mvprintf
data/tarantool-2.6.0/third_party/curl/lib/curl_printf.h:44:10:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# define vfprintf curl_mvfprintf
data/tarantool-2.6.0/third_party/curl/lib/curl_setup.h:338:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
#  define access(fname,mode)         curlx_win32_access(fname, mode)
data/tarantool-2.6.0/third_party/curl/lib/curl_setup.h:359:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
#    define access(fname,mode)         curlx_win32_access(fname, mode)
data/tarantool-2.6.0/third_party/curl/lib/curlx.h:91:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# undef printf
data/tarantool-2.6.0/third_party/curl/lib/curlx.h:92:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# undef fprintf
data/tarantool-2.6.0/third_party/curl/lib/curlx.h:93:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
# undef sprintf
data/tarantool-2.6.0/third_party/curl/lib/curlx.h:95:9:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# undef vprintf
data/tarantool-2.6.0/third_party/curl/lib/curlx.h:96:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# undef vfprintf
data/tarantool-2.6.0/third_party/curl/lib/curlx.h:97:9:  [4] (buffer) vsprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
# undef vsprintf
data/tarantool-2.6.0/third_party/curl/lib/curlx.h:102:10:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# define printf curlx_mprintf
data/tarantool-2.6.0/third_party/curl/lib/curlx.h:103:10:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# define fprintf curlx_mfprintf
data/tarantool-2.6.0/third_party/curl/lib/curlx.h:104:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
# define sprintf curlx_msprintf
data/tarantool-2.6.0/third_party/curl/lib/curlx.h:106:10:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# define vprintf curlx_mvprintf
data/tarantool-2.6.0/third_party/curl/lib/curlx.h:107:10:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
# define vfprintf curlx_mvfprintf
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:988:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(addr, string_ftpport);
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:998:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(addr, string_ftpport);
data/tarantool-2.6.0/third_party/curl/lib/inet_ntop.c:69:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(dst, tmp);
data/tarantool-2.6.0/third_party/curl/lib/inet_ntop.c:166:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(dst, tmp);
data/tarantool-2.6.0/third_party/curl/lib/ldap.c:773:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, fmt, args);
data/tarantool-2.6.0/third_party/curl/lib/mime.c:1448:33:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if(stat(filename, &sbuf) || access(filename, R_OK))
data/tarantool-2.6.0/third_party/curl/lib/mprintf.c:946:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        (sprintf)(work, formatbuf, p->data.dnum);
data/tarantool-2.6.0/third_party/curl/lib/security.c:403:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(buffer, buf);
data/tarantool-2.6.0/third_party/curl/lib/sendf.c:274:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(data->set.errorbuffer, error);
data/tarantool-2.6.0/third_party/curl/lib/smb.c:127:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(p, (str));                             \
data/tarantool-2.6.0/third_party/curl/lib/smb.c:132:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(p, (str));                             \
data/tarantool-2.6.0/third_party/curl/lib/smb.c:530:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(msg.bytes, req->path);
data/tarantool-2.6.0/third_party/curl/lib/smb.h:169:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  unsigned int access;
data/tarantool-2.6.0/third_party/curl/lib/socks.c:343:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy((char *)socksreq + packetsize, hostname);
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:68:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(buf + len, (char *) status_string.value);
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:89:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(buf + len, (char *) status_string.value);
data/tarantool-2.6.0/third_party/curl/lib/system_win32.c:412:9:  [4] (buffer) _tcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
        _tcscpy(path + _tcslen(path), TEXT("\\"));
data/tarantool-2.6.0/third_party/curl/lib/system_win32.c:413:9:  [4] (buffer) _tcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
        _tcscpy(path + _tcslen(path), filename);
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:411:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(buf, option);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:706:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(path, &url[5]);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:1461:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(p, u->query); /* original query */
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:1464:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(&p[querylen + addamperand], newp); /* new suffix */
data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_sspi.c:423:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy((char *) message + sizeof(outdata), user_name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:111:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, fmt, ap);
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:916:21:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
            else if(access(sshc->rsa, R_OK) != 0) {
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:921:23:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
              else if(access(sshc->rsa, R_OK) != 0) {
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:930:29:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
            if(sshc->rsa && access(sshc->rsa, R_OK) != 0) {
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:933:31:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
              if(sshc->rsa && access(sshc->rsa, R_OK) != 0) {
data/tarantool-2.6.0/third_party/curl/lib/vtls/gskit.c:367:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(ciphers[i].ptr, ctp->gsktoken);
data/tarantool-2.6.0/third_party/curl/lib/vtls/gskit.c:417:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(ciphers[CURL_GSKPROTO_SSLV3].ptr,
data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.c:595:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(prioritysrp, prioritylist);
data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.c:596:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(prioritysrp + len, ":" GNUTLS_SRP);
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c:1341:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(buffer, backends);
data/tarantool-2.6.0/third_party/curl/lib/vtls/wolfssl.c:477:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(protocols + strlen(protocols), NGHTTP2_PROTO_VERSION_ID ",");
data/tarantool-2.6.0/third_party/curl/lib/vtls/wolfssl.c:482:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:1155:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(cp, cp2);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:1188:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(cp, cp2);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:1221:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(cp, cp2);
data/tarantool-2.6.0/third_party/curl/src/tool_cb_hdr.c:222:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf(outs->stream, BOLD "%.*s" BOLDOFF ":", namelen, ptr);
data/tarantool-2.6.0/third_party/curl/src/tool_cb_prg.c:198:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(bar->out, format, line, percent);
data/tarantool-2.6.0/third_party/curl/src/tool_dirhie.c:150:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(dirbuildup, tempdir);
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:1408:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(n, enc);
data/tarantool-2.6.0/third_party/curl/src/tool_help.c:592:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(CURL_ID "%s\n", curl_version());
data/tarantool-2.6.0/third_party/curl/src/tool_main.c:113:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fname, env);
data/tarantool-2.6.0/third_party/curl/src/tool_msgs.c:117:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(errors, fmt, ap);
data/tarantool-2.6.0/third_party/curl/src/tool_paramhlp.c:99:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(string + stringlen, buffer);
data/tarantool-2.6.0/third_party/curl/src/tool_parsecfg.c:364:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(&line[linelen], buf);
data/tarantool-2.6.0/third_party/curl/src/tool_progress.c:284:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(global->errors,
data/tarantool-2.6.0/third_party/curl/src/tool_writeout.c:316:19:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                  fprintf(stream, version);
data/tarantool-2.6.0/third_party/curl/src/tool_writeout_json.c:87:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(str, "\"%s\":%" CURL_FORMAT_CURL_OFF_T
data/tarantool-2.6.0/third_party/curl/src/tool_writeout_json.c:120:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(str, "\"%s\":%" CURL_FORMAT_CURL_OFF_T, key, val);
data/tarantool-2.6.0/third_party/curl/tests/libtest/first.c:97:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fname, env);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1541.c:49:38:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    curl_lock_access access, void *userptr)
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1541.c:51:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  (void)access; /* unused */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib547.c:57:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ptr, UPLOADTHIS);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib555.c:64:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ptr, uploadthis);
data/tarantool-2.6.0/third_party/curl/tests/libtest/stub_gssapi.c:195:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ctx->creds, creds);
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:47:17:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define show(x) printf x
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:433:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(couter, ptag);
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:439:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(cmain, ptag);
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:445:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(csub, ptag);
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:158:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(config.addr, CONFIG_ADDR);
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:199:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(config.addr, value);
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:207:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(config.user, value);
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:211:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(config.password, value);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1307.c:268:6:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
enum system {
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1307.c:278:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  enum system machine;
data/tarantool-2.6.0/third_party/decNumber/decNumber.c:7994:11:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
     else printf(spec, ar[i]);
data/tarantool-2.6.0/third_party/libeio/eio.c:1349:5:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    _snprintf (path, MAX_PATH, fmt, reqpath);
data/tarantool-2.6.0/third_party/libev/ev.c:4356:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy (path, w->path);
data/tarantool-2.6.0/third_party/libyaml/src/dumper.c:254:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf((char *)anchor, ANCHOR_TEMPLATE, anchor_id);
data/tarantool-2.6.0/third_party/lua-cjson/strbuf.c:37:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, arg);
data/tarantool-2.6.0/third_party/lua-cjson/strbuf.c:210:15:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    fmt_len = vsnprintf(s->buf + s->length, len, fmt, arg);
data/tarantool-2.6.0/third_party/lua-cjson/strbuf.c:236:19:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        fmt_len = vsnprintf(s->buf + s->length, empty_len + 1, fmt, arg);
data/tarantool-2.6.0/third_party/lua-yaml/lyaml.cc:628:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(buf, sizeof(buf) - 1, "%" PRIu64, field.ival);
data/tarantool-2.6.0/third_party/lua-yaml/lyaml.cc:634:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(buf, sizeof(buf) - 1, "%" PRIi64, field.ival);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm.c:112:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(name, "%s%s%s", symprefix, prefix, suffix);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm.c:127:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(p, name);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm.c:378:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  fprintf(stderr, LUAJIT_VERSION " VM builder.\n");
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm.c:379:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  fprintf(stderr, LUAJIT_COPYRIGHT ", " LUAJIT_URL "\n");
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_asm.c:327:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  fprintf(ctx->fp,
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:94:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(modname, p);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:142:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(funcname, p);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:225:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(p, name);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:747:1:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
strcat(out,source);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:759:1:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
strcat(out,source);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:7601:1:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
sprintf(buff,form,(int)luaL_checknumber(L,arg));
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:7606:1:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
sprintf(buff,form,(long)luaL_checknumber(L,arg));
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:7611:1:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
sprintf(buff,form,(unsigned long)luaL_checknumber(L,arg));
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:7616:1:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
sprintf(buff,form,(double)luaL_checknumber(L,arg));
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:7632:1:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
sprintf(buff,form,s);
data/tarantool-2.6.0/third_party/luajit/src/lib_io.c:129:7:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
  if (fscanf(fp, LUA_NUMBER_SCAN, &d) == 1) {
data/tarantool-2.6.0/third_party/luajit/src/lib_io.c:417:13:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  iof->fp = popen(fname, mode);
data/tarantool-2.6.0/third_party/luajit/src/lib_os.c:52:14:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  int stat = system(cmd);
data/tarantool-2.6.0/third_party/luajit/src/lj_debug.c:332:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(out, src);
data/tarantool-2.6.0/third_party/luajit/src/lj_debug.c:337:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(out, line == ~(BCLine)0 ? "[builtin:" : "[string \""); out += 9;
data/tarantool-2.6.0/third_party/luajit/src/lj_debug.c:343:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(out, src); out += len;
data/tarantool-2.6.0/third_party/luajit/src/lj_debug.c:345:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(out, line == ~(BCLine)0 ? "]" : "\"]");
data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt.h:121:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  __attribute__ ((format (printf, 2, 3)))
data/tarantool-2.6.0/third_party/luajit/src/luaconf.h:130:30:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
#define lua_number2str(s, n)	sprintf((s), LUA_NUMBER_FMT, (n))
data/tarantool-2.6.0/third_party/luarocks/win32/lua5.1/include/luaconf.h:526:29:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
#define lua_number2str(s,n)	sprintf((s), LUA_NUMBER_FMT, (n))
data/tarantool-2.6.0/third_party/luarocks/win32/lua5.1/include/luaconf.h:673:50:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#define lua_popen(L,c,m)	((void)L, fflush(NULL), popen(c,m))
data/tarantool-2.6.0/third_party/zstd/contrib/adaptive-compression/adapt.c:17:22:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...) fprintf(stderr, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/contrib/adaptive-compression/adapt.c:18:20:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define PRINT(...) fprintf(stdout, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/contrib/adaptive-compression/datagencli.c:34:30:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)         fprintf(stderr, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/Logging.h:46:10:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    std::fprintf(out_, fmt, args...);
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/Logging.h:59:12:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      std::fprintf(out_, fmt, args...);
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/parallel_compression.c:192:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(outSpace, filename);
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/seekable_compression.c:110:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(outSpace, filename);
data/tarantool-2.6.0/third_party/zstd/examples/dictionary_compression.c:125:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(outSpace, filename);
data/tarantool-2.6.0/third_party/zstd/examples/multiple_streaming_compression.c:155:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(ofnBuffer, ifn);
data/tarantool-2.6.0/third_party/zstd/examples/simple_compression.c:113:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(outSpace, filename);
data/tarantool-2.6.0/third_party/zstd/examples/streaming_compression.c:109:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(outSpace, filename);
data/tarantool-2.6.0/third_party/zstd/lib/common/zstd_internal.h:67:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                    fprintf(stderr, __VA_ARGS__);               \
data/tarantool-2.6.0/third_party/zstd/lib/common/zstd_internal.h:71:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                    fprintf(stderr, __FILE__ ": " __VA_ARGS__); \
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstdmt_compress.c:37:52:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define DEBUGLOGRAW(l, ...) if (l<=ZSTD_DEBUG) { fprintf(stderr, __VA_ARGS__); }
data/tarantool-2.6.0/third_party/zstd/lib/dictBuilder/cover.c:49:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stderr, __VA_ARGS__);                                              \
data/tarantool-2.6.0/third_party/zstd/lib/dictBuilder/zdict.c:71:32:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)         { fprintf(stderr, __VA_ARGS__); fflush( stderr ); }
data/tarantool-2.6.0/third_party/zstd/programs/bench.c:70:30:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)         fprintf(stderr, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/programs/datagen.c:30:37:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define TRACE(...)   if (RDG_DEBUG) fprintf(stderr, __VA_ARGS__ )
data/tarantool-2.6.0/third_party/zstd/programs/dibio.c:54:30:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)         fprintf(stderr, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:78:30:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)         fprintf(stderr, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:79:30:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAYOUT(...)      fprintf(stdout, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:969:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(dstFileName, inFileNamesTable[u]);
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:970:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(dstFileName, suffix);
data/tarantool-2.6.0/third_party/zstd/programs/platform.h:27:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#    define snprintf sprintf_s       /* snprintf unsupported by Visual <= 2013 */
data/tarantool-2.6.0/third_party/zstd/programs/util.h:112:35:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define UTIL_DISPLAY(...)         fprintf(stderr, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/programs/zstdcli.c:90:30:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)         fprintf(g_displayOut, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/tests/datagencli.c:35:30:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)         fprintf(stderr, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/tests/decodecorpus.c:46:31:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)          fprintf(stderr, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/tests/fullbench.c:54:23:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)  fprintf(stderr, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/tests/fuzzer.c:56:31:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)          fprintf(stdout, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/tests/legacy.c:29:31:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)          fprintf(stderr, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/tests/paramgrill.c:61:23:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)  fprintf(stderr, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/tests/roundTripCrash.c:49:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(stderr,                         \
data/tarantool-2.6.0/third_party/zstd/tests/zbufftest.c:57:31:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)          fprintf(stderr, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/tests/zstreamtest.c:59:31:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)          fprintf(stderr, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:47:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define snprintf _snprintf
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:47:20:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define snprintf _snprintf
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:476:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(outfile, file);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:477:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(outfile, GZ_SUFFIX);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:516:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buf, file);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:529:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(infile, GZ_SUFFIX);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/zwrapbench.c:73:30:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DISPLAY(...)         fprintf(displayOut, __VA_ARGS__)
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzguts.h:91:18:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#    if !defined(vsnprintf) && !defined(NO_vsnprintf)
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzguts.h:93:18:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#         define vsnprintf _vsnprintf
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzguts.h:115:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define snprintf _snprintf
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzguts.h:115:20:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define snprintf _snprintf
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzlib.c:219:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(state.state->path, path);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzlib.c:617:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(state.state->msg, state.state->path);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzlib.c:619:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(state.state->msg, msg);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:420:11:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    (void)vsprintf(next, format, va);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:424:11:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    len = vsprintf(next, format, va);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:428:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    (void)vsnprintf(next, state.state->size, format, va);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:431:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    len = vsnprintf(next, state.state->size, format, va);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:514:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12,
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:520:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    len = sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11,
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:525:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(next, state.state->size, format, a1, a2, a3, a4, a5, a6, a7, a8, a9,
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:529:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    len = snprintf(next, state.state->size, format, a1, a2, a3, a4, a5, a6, a7, a8,
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/zstd_zlibwrapper.c:525:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(zwd->version, version);
data/tarantool-2.6.0/extra/bin2c.c:21:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "np:s:h")) != -1) {
data/tarantool-2.6.0/extra/lemon.c:3293:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    pathlist = getenv("PATH");
data/tarantool-2.6.0/extra/txt2c.c:22:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "np:s:h")) != -1) {
data/tarantool-2.6.0/src/box/func.c:133:6:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
	if (realpath(lua_tostring(L, -1), resolved) == NULL) {
data/tarantool-2.6.0/src/box/func.c:267:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	const char *tmpdir = getenv("TMPDIR");
data/tarantool-2.6.0/src/box/index.h:410:8:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	int (*random)(struct index *index, uint32_t rnd, struct tuple **result);
data/tarantool-2.6.0/src/box/index.h:608:22:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	return index->vtab->random(index, rnd, result);
data/tarantool-2.6.0/src/box/sql/os_unix.c:1441:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		azDirs[0] = getenv("SQL_TMPDIR");
data/tarantool-2.6.0/src/box/sql/os_unix.c:1443:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		azDirs[1] = getenv("TMPDIR");
data/tarantool-2.6.0/src/find_path.c:77:41:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			snprintf(buf, sizeof(buf) - 1, "%s", getenv("_"));
data/tarantool-2.6.0/src/find_path.c:79:6:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
	if (realpath(buf, path) == NULL)
data/tarantool-2.6.0/src/lib/core/coio_file.c:509:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	const char *tmpdir = getenv("TMPDIR");
data/tarantool-2.6.0/src/lib/core/random.c:53:8:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		goto srand;
data/tarantool-2.6.0/src/lib/core/random.c:63:1:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
srand:
data/tarantool-2.6.0/src/lib/core/random.c:64:2:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srandom(seed);
data/tarantool-2.6.0/src/lib/core/random.c:65:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(seed);
data/tarantool-2.6.0/src/lib/salad/bps_tree.h:366:35:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define bps_tree_random _api_name(random)
data/tarantool-2.6.0/src/lib/salad/mhash.h:239:5:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
_mh(random)(struct _mh(t) *h, mh_int_t rnd)
data/tarantool-2.6.0/src/lib/small/test/mempool.c:120:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(seed);
data/tarantool-2.6.0/src/lib/small/test/obuf.c:70:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(seed);
data/tarantool-2.6.0/src/lib/small/test/quota.cc:67:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(0));
data/tarantool-2.6.0/src/lib/small/test/rb_aug.c:190:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(NULL));
data/tarantool-2.6.0/src/lib/small/test/rb_rand.cc:231:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand (time(NULL));
data/tarantool-2.6.0/src/lib/small/test/slab_cache.c:15:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(0));
data/tarantool-2.6.0/src/lib/small/test/slab_cache.c:29:13:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		int run = random() % NRUNS;
data/tarantool-2.6.0/src/lib/small/test/slab_cache.c:30:14:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		int size = random() % MAX_ALLOC;
data/tarantool-2.6.0/src/lib/small/test/small_alloc.c:135:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(seed);
data/tarantool-2.6.0/src/lua/init.c:310:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	const char *path = getenv(envname);
data/tarantool-2.6.0/src/lua/init.c:327:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	const char *home = getenv("HOME");
data/tarantool-2.6.0/src/main.cc:742:15:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((ch = getopt_long(argc, argv, opts, longopts, NULL)) != -1) {
data/tarantool-2.6.0/src/systemd.c:54:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	sd_unix_path = getenv("NOTIFY_SOCKET");
data/tarantool-2.6.0/test/unit/bitset_basic.c:200:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(NULL));
data/tarantool-2.6.0/test/unit/bloom.cc:17:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(0));
data/tarantool-2.6.0/test/unit/bloom.cc:56:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(0));
data/tarantool-2.6.0/test/unit/bps_tree.cc:719:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(0);
data/tarantool-2.6.0/test/unit/bps_tree_iterator.cc:295:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(0);
data/tarantool-2.6.0/test/unit/bps_tree_iterator.cc:342:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(0);
data/tarantool-2.6.0/test/unit/bps_tree_iterator.cc:394:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(0);
data/tarantool-2.6.0/test/unit/bps_tree_iterator.cc:469:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(0);
data/tarantool-2.6.0/test/unit/bps_tree_iterator.cc:549:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(0));
data/tarantool-2.6.0/test/unit/cbus_stress.c:369:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(NULL));
data/tarantool-2.6.0/test/unit/checkpoint_schedule.c:22:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(NULL));
data/tarantool-2.6.0/test/unit/guava.c:27:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(NULL));
data/tarantool-2.6.0/test/unit/heap.c:536:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(179);
data/tarantool-2.6.0/test/unit/heap_iterator.c:190:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(179);
data/tarantool-2.6.0/test/unit/histogram.c:180:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(NULL));
data/tarantool-2.6.0/test/unit/light.cc:254:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(0);
data/tarantool-2.6.0/test/unit/light.cc:323:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(0));
data/tarantool-2.6.0/test/unit/popen.c:241:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("BUILDDIR") == NULL) {
data/tarantool-2.6.0/test/unit/popen.c:247:33:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			 "%s/test/unit/popen-child", getenv("BUILDDIR"));
data/tarantool-2.6.0/test/unit/ratelimit.c:19:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(NULL));
data/tarantool-2.6.0/test/unit/rope_stress.c:67:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(NULL));
data/tarantool-2.6.0/test/unit/rtree_iterator.cc:211:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(0);
data/tarantool-2.6.0/test/unit/rtree_iterator.cc:259:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(0);
data/tarantool-2.6.0/test/unit/rtree_multidim.cc:535:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(0));
data/tarantool-2.6.0/test/unit/swim_test_utils.c:867:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(seed);
data/tarantool-2.6.0/third_party/c-ares/ares_getaddrinfo.c:442:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      path_hosts = getenv("CARES_HOSTS");
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:119:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *env = getenv("CARES_MEMDEBUG");
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:123:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = getenv("CARES_MEMLIMIT");
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:564:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  localdomain = getenv("LOCALDOMAIN");
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:572:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  res_options = getenv("RES_OPTIONS");
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:1495:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  line = getenv("Inet$Resolvers");
data/tarantool-2.6.0/third_party/c-ares/ares_private.h:100:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
#  define getenv(ptr) ares_getenv(ptr)
data/tarantool-2.6.0/third_party/c-ares/ares_search.c:256:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      hostaliases = getenv("HOSTALIASES");
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-ns.cc:74:7:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
  if (chroot(buffer) != 0) {
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-ns.cc:167:9:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
    if (realpath(mountpt.c_str(), buffer)) {
data/tarantool-2.6.0/third_party/c-ares/test/ares-test.cc:750:13:  [3] (tmpfile) tempnam:
  Temporary file race condition (CWE-377).
  char *p = tempnam(dir, prefix);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test.h:365:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!overwrite && getenv(name) != NULL) {
data/tarantool-2.6.0/third_party/c-ares/test/ares-test.h:389:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *original = getenv(name);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test.h:441:25:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
    ContainerFilesystem chroot(files, "..");                                    \
data/tarantool-2.6.0/third_party/c-ares/test/ares-test.h:443:34:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
    EXPECT_EQ(0, RunInContainer(&chroot, hostname, domainname, fn));            \
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:719:37:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
void ShuffleRange(internal::Random* random, int begin, int end,
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:740:39:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
inline void Shuffle(internal::Random* random, std::vector<E>* v) {
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:741:16:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  ShuffleRange(random, 0, static_cast<int>(v->size()), v);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:1199:21:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  internal::Random* random() { return &random_; }
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:1642:44:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char* const testbridge_test_only = getenv(GTEST_TEST_FILTER_ENV_VAR_);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:4241:47:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
void TestCase::ShuffleTests(internal::Random* random) {
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:4242:11:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  Shuffle(random, &test_indices_);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:6075:7:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
      random()->Reseed(random_seed_);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:6389:16:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  ShuffleRange(random(), 0, last_death_test_case_ + 1, &test_case_indices_);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:6392:16:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  ShuffleRange(random(), last_death_test_case_ + 1,
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:6397:34:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    test_cases_[i]->ShuffleTests(random());
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:8792:5:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
  ::InitializeCriticalSection(critical_section_);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:8810:5:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  ::EnterCriticalSection(critical_section_);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:8842:11:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
        ::InitializeCriticalSection(critical_section_);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gtest/gtest.h:3670:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char* const env = getenv(name);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gtest/gtest.h:3673:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  return getenv(name);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gtest/gtest.h:19524:39:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  void ShuffleTests(internal::Random* random);
data/tarantool-2.6.0/third_party/curl/docs/examples/curlx.c:332:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        p.pst = getenv(*(++args));
data/tarantool-2.6.0/third_party/curl/include/curl/curl.h:2372:19:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
CURL_EXTERN char *curl_getenv(const char *variable);
data/tarantool-2.6.0/third_party/curl/lib/altsvc.c:421:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  char *timestr = getenv("CURL_TIME");
data/tarantool-2.6.0/third_party/curl/lib/curl_gethostname.c:67:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *force_hostname = getenv("CURL_GETHOSTNAME");
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:659:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  char *force_timestamp = getenv("CURL_FORCETIME");
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_wb.c:149:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    username = getenv("NTLMUSER");
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_wb.c:151:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      username = getenv("LOGNAME");
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_wb.c:153:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      username = getenv("USER");
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_wb.c:179:21:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  ntlm_auth_alloc = curl_getenv("CURL_NTLM_WB_FILE");
data/tarantool-2.6.0/third_party/curl/lib/curl_threads.h:43:34:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
#    define Curl_mutex_init(m)   InitializeCriticalSection(m)
data/tarantool-2.6.0/third_party/curl/lib/curl_threads.h:47:34:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
#  define Curl_mutex_acquire(m)  EnterCriticalSection(m)
data/tarantool-2.6.0/third_party/curl/lib/curlx.h:75:22:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
#define curlx_getenv curl_getenv
data/tarantool-2.6.0/third_party/curl/lib/getenv.c:69:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  char *env = getenv(variable);
data/tarantool-2.6.0/third_party/curl/lib/getenv.c:74:7:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
char *curl_getenv(const char *v)
data/tarantool-2.6.0/third_party/curl/lib/getinfo.c:151:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  char *timestr = getenv("CURL_TIME");
data/tarantool-2.6.0/third_party/curl/lib/getinfo.c:163:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  timestr = getenv("CURL_DEBUG_SIZE");
data/tarantool-2.6.0/third_party/curl/lib/getinfo.c:294:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  char *timestr = getenv("CURL_TIME");
data/tarantool-2.6.0/third_party/curl/lib/getinfo.c:373:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  char *timestr = getenv("CURL_TIME");
data/tarantool-2.6.0/third_party/curl/lib/http.c:1230:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *p = getenv("CURL_SMALLREQSEND");
data/tarantool-2.6.0/third_party/curl/lib/http.c:4002:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
             getenv("CURL_ALTSVC_HTTP")
data/tarantool-2.6.0/third_party/curl/lib/ldap.c:766:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *env = getenv("CURL_TRACE");
data/tarantool-2.6.0/third_party/curl/lib/netrc.c:222:19:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *homea = curl_getenv("HOME"); /* portable environment reader */
data/tarantool-2.6.0/third_party/curl/lib/openldap.c:225:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *env = getenv("CURL_OPENLDAP_TRACE");
data/tarantool-2.6.0/third_party/curl/lib/rand.c:47:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  char *force_entropy = getenv("CURL_ENTROPY");
data/tarantool-2.6.0/third_party/curl/lib/setup-vms.h:37:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
#define getenv decc_getenv
data/tarantool-2.6.0/third_party/curl/lib/setup-vms.h:50:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
#undef getenv
data/tarantool-2.6.0/third_party/curl/lib/setup-vms.h:52:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
#define getenv vms_getenv
data/tarantool-2.6.0/third_party/curl/lib/system_win32.c:393:7:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
      LoadLibrary(filename);
data/tarantool-2.6.0/third_party/curl/lib/system_win32.c:419:11:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
          LoadLibrary(path);
data/tarantool-2.6.0/third_party/curl/lib/url.c:2191:10:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  prox = curl_getenv(proxy_env);
data/tarantool-2.6.0/third_party/curl/lib/url.c:2208:12:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    prox = curl_getenv(proxy_env);
data/tarantool-2.6.0/third_party/curl/lib/url.c:2217:13:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    proxy = curl_getenv(envp); /* default proxy to use */
data/tarantool-2.6.0/third_party/curl/lib/url.c:2220:15:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      proxy = curl_getenv(envp);
data/tarantool-2.6.0/third_party/curl/lib/url.c:2436:16:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    no_proxy = curl_getenv(p);
data/tarantool-2.6.0/third_party/curl/lib/url.c:2439:18:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      no_proxy = curl_getenv(p);
data/tarantool-2.6.0/third_party/curl/lib/url.c:3077:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      getenv("CURL_ALTSVC_HTTP")
data/tarantool-2.6.0/third_party/curl/lib/version.c:135:30:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *debugversion = getenv("CURL_VERSION");
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:201:18:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  gnutls_datum_t srandom;
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:203:49:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  gnutls_session_get_random(session, &crandom, &srandom);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:207:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  keylog_file = getenv("SSLKEYLOGFILE");
data/tarantool-2.6.0/third_party/curl/lib/vquic/vquic.c:54:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *qlog_dir = getenv("QLOGDIR");
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:908:24:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
          char *home = curl_getenv("HOME");
data/tarantool-2.6.0/third_party/curl/lib/vtls/keylog.c:51:24:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    keylog_file_name = curl_getenv("SSLKEYLOGFILE");
data/tarantool-2.6.0/third_party/curl/lib/vtls/nss.c:1379:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  cert_dir = getenv("SSL_DIR");
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c:808:20:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  return Curl_ssl->random(data, entropy, length);
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c:1361:19:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = env_tmp = curl_getenv("CURL_SSL_BACKEND");
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.h:55:14:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  CURLcode (*random)(struct Curl_easy *data, unsigned char *entropy,
data/tarantool-2.6.0/third_party/curl/src/tool_homedir.c:38:9:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = curl_getenv(variable);
data/tarantool-2.6.0/third_party/curl/src/tool_main.c:338:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if(getenv("_IN_NETWARE_BASH_") == NULL)
data/tarantool-2.6.0/third_party/curl/src/tool_vms.c:56:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  shell = getenv("SHELL");
data/tarantool-2.6.0/third_party/curl/tests/libtest/first.c:91:9:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = curl_getenv("CURL_MEMDEBUG");
data/tarantool-2.6.0/third_party/curl/tests/libtest/first.c:105:9:  [3] (buffer) curl_getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = curl_getenv("CURL_MEMLIMIT");
data/tarantool-2.6.0/third_party/curl/tests/libtest/sethostname.c:32:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *force_hostname = getenv("CURL_GETHOSTNAME");
data/tarantool-2.6.0/third_party/curl/tests/libtest/stub_gssapi.c:103:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  creds = getenv("CURL_STUB_GSS_CREDS");
data/tarantool-2.6.0/third_party/curl/tests/server/fake_ntlm.c:160:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = getenv("CURL_NTLM_AUTH_TESTNUM");
data/tarantool-2.6.0/third_party/curl/tests/server/fake_ntlm.c:183:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env = getenv("CURL_NTLM_AUTH_SRCDIR");
data/tarantool-2.6.0/third_party/libeio/etp.c:328:31:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  ts.tv_nsec = (unsigned long)random() * (1000000000UL / RAND_MAX);
data/tarantool-2.6.0/third_party/libev/ev.c:2906:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
          && getenv ("LIBEV_FLAGS"))
data/tarantool-2.6.0/third_party/libev/ev.c:2907:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        flags = atoi (getenv ("LIBEV_FLAGS"));
data/tarantool-2.6.0/third_party/luajit/src/lib_os.c:94:7:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
  if (tmpnam(buf) == NULL)
data/tarantool-2.6.0/third_party/luajit/src/lib_os.c:107:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  lua_pushstring(L, getenv(luaL_checkstring(L, 1)));  /* if NULL push nil */
data/tarantool-2.6.0/third_party/luajit/src/lib_package.c:544:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *path = getenv(envname);
data/tarantool-2.6.0/third_party/luajit/src/lj_profile.c:52:26:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
#define profile_lock(ps)	EnterCriticalSection(&ps->lock)
data/tarantool-2.6.0/third_party/luajit/src/lj_profile.c:280:3:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
  InitializeCriticalSection(&ps->lock);
data/tarantool-2.6.0/third_party/luajit/src/luajit.c:494:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *init = getenv(LUA_INIT);
data/tarantool-2.6.0/third_party/luarocks/win32/lua5.1/include/luaconf.h:660:33:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
#define lua_tmpnam(b,e)		{ e = (tmpnam(b) == NULL); }
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/PzstdTest.cpp:34:34:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    std::string inputFile = std::tmpnam(nullptr);
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/PzstdTest.cpp:69:34:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
    std::string inputFile = std::tmpnam(nullptr);
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/PzstdTest.cpp:103:32:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
  std::string inputFile = std::tmpnam(nullptr);
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/PzstdTest.cpp:133:32:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
  std::string inputFile = std::tmpnam(nullptr);
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/RoundTrip.h:62:37:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
  std::string compressedFile = std::tmpnam(nullptr);
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/RoundTrip.h:63:39:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
  std::string decompressedFile = std::tmpnam(nullptr);
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/RoundTripTest.cpp:30:17:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
  string file = tmpnam(nullptr);
data/tarantool-2.6.0/third_party/zstd/lib/common/threading.h:48:41:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
#define ZSTD_pthread_mutex_init(a, b)  (InitializeCriticalSection((a)), 0)
data/tarantool-2.6.0/third_party/zstd/lib/common/threading.h:50:40:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
#define ZSTD_pthread_mutex_lock(a)     EnterCriticalSection((a))
data/tarantool-2.6.0/third_party/zstd/tests/fuzz/fuzz_helpers.h:85:19:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    return min + (random % (max - min + 1));
data/tarantool-2.6.0/extra/bin2c.c:38:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if (!(in = fopen(argv[optind], "r"))) {
data/tarantool-2.6.0/extra/bin2c.c:47:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				if (!(out = fopen(argv[optind + 1], "w"))) {
data/tarantool-2.6.0/extra/lemon.c:90:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&zBuf[*pnUsed], zIn, nIn);
data/tarantool-2.6.0/extra/lemon.c:99:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char zTemp[50];
data/tarantool-2.6.0/extra/lemon.c:1486:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  azDefine = (char **) realloc(azDefine, sizeof(azDefine[0])*nDefine);
data/tarantool-2.6.0/extra/lemon.c:1848:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *set[LISTSIZE];
data/tarantool-2.6.0/extra/lemon.c:1942:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    (*(void(*)(char *))(op[j].arg))(&argv[i][2]);
data/tarantool-2.6.0/extra/lemon.c:2036:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        (*(void(*)(char *))(op[j].arg))(sv);
data/tarantool-2.6.0/extra/lemon.c:2186:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *alias[MAXRHS]; /* Aliases for each RHS symbol (or NULL) */
data/tarantool-2.6.0/extra/lemon.c:2566:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char zLine[50];
data/tarantool-2.6.0/extra/lemon.c:2593:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(zBuf, zLine, nLine);
data/tarantool-2.6.0/extra/lemon.c:2608:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(zBuf, zNew, nNew);
data/tarantool-2.6.0/extra/lemon.c:2776:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fp = fopen(ps.filename,"rb");
data/tarantool-2.6.0/extra/lemon.c:3017:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fp = fopen(lemp->outname,mode);
data/tarantool-2.6.0/extra/lemon.c:3223:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[20];
data/tarantool-2.6.0/extra/lemon.c:3348:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[LINESIZE];
data/tarantool-2.6.0/extra/lemon.c:3373:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1000];
data/tarantool-2.6.0/extra/lemon.c:3386:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    in = fopen(user_templatename,"rb");
data/tarantool-2.6.0/extra/lemon.c:3415:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  in = fopen(tpltname,"rb");
data/tarantool-2.6.0/extra/lemon.c:3529:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char empty[1] = { 0 };
data/tarantool-2.6.0/extra/lemon.c:3534:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char zInt[40];
data/tarantool-2.6.0/extra/lemon.c:3584:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char used[MAXRHS];     /* True for each RHS element which is used */
data/tarantool-2.6.0/extra/lemon.c:3585:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char zLhs[50];         /* Convert the LHS symbol into this string */
data/tarantool-2.6.0/extra/lemon.c:3586:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char zOvwrt[900];      /* Comment that to allow LHS to overwrite RHS */
data/tarantool-2.6.0/extra/lemon.c:3592:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char newlinestr[2] = { '\n', '\0' };
data/tarantool-2.6.0/extra/lemon.c:3644:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(zLhs, "yymsp[%d].minor.yy%d",1-rp->nrhs,rp->lhs->dtnum);
data/tarantool-2.6.0/extra/lemon.c:3647:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(zLhs, "yylhsminor.yy%d",rp->lhs->dtnum);
data/tarantool-2.6.0/extra/lemon.c:4023:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[LINESIZE];
data/tarantool-2.6.0/extra/lemon.c:4525:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[LINESIZE];
data/tarantool-2.6.0/extra/lemon.c:4526:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pattern[LINESIZE];
data/tarantool-2.6.0/extra/mkkeywordhash.c:49:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char zOrigName[50];  /* Original keyword name before processing */
data/tarantool-2.6.0/extra/mkkeywordhash.c:321:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char zText[2000];
data/tarantool-2.6.0/extra/mkkeywordhash.c:328:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p->zOrigName, p->zName, p->len+1);
data/tarantool-2.6.0/extra/mkkeywordhash.c:446:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&zText[k], p->zName, p->len);
data/tarantool-2.6.0/extra/txt2c.c:42:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			if (!(in = fopen(argv[optind], "r"))) {
data/tarantool-2.6.0/extra/txt2c.c:51:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				if (!(out = fopen(argv[optind + 1], "w"))) {
data/tarantool-2.6.0/src/box/alter.cc:185:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char got[DIAG_ERRMSG_MAX];
data/tarantool-2.6.0/src/box/alter.cc:747:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[6];
data/tarantool-2.6.0/src/box/alter.cc:1137:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(alter->new_space->access, alter->old_space->access,
data/tarantool-2.6.0/src/box/alter.cc:3045:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(user->name, name, name_len);
data/tarantool-2.6.0/src/box/alter.cc:3305:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(def->name, name, name_len);
data/tarantool-2.6.0/src/box/alter.cc:3310:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(def->body, body, body_len);
data/tarantool-2.6.0/src/box/alter.cc:3317:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(def->comment, comment, comment_len);
data/tarantool-2.6.0/src/box/alter.cc:4333:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(def->name, name, name_len);
data/tarantool-2.6.0/src/box/alter.cc:4632:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(path, path_raw, path_len);
data/tarantool-2.6.0/src/box/alter.cc:4904:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(trigger_name, trigger_name_src, trigger_name_len);
data/tarantool-2.6.0/src/box/alter.cc:5081:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(fk_def->name, name, name_len);
data/tarantool-2.6.0/src/box/alter.cc:5084:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(fk_def->links, links, link_count * sizeof(struct field_link));
data/tarantool-2.6.0/src/box/applier.cc:382:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char greetingbuf[IPROTO_GREETING_SIZE];
data/tarantool-2.6.0/src/box/applier.cc:765:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(new_base, row->body->iov_base,
data/tarantool-2.6.0/src/box/applier.cc:1100:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name[FIBER_NAME_MAX];
data/tarantool-2.6.0/src/box/applier.cc:1301:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[FIBER_NAME_MAX];
data/tarantool-2.6.0/src/box/applier.h:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char source[APPLIER_SOURCE_MAXLEN];
data/tarantool-2.6.0/src/box/authentication.cc:38:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char zero_hash[SCRAMBLE_SIZE];
data/tarantool-2.6.0/src/box/authentication.cc:59:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char hash2[SCRAMBLE_SIZE];
data/tarantool-2.6.0/src/box/box.cc:83:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char status[64] = "unknown";
data/tarantool-2.6.0/src/box/call.c:103:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(port->plain, plain, len);
data/tarantool-2.6.0/src/box/ck_constraint.c:63:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ck_def->expr_str, expr_str, expr_str_len);
data/tarantool-2.6.0/src/box/ck_constraint.c:65:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ck_def->name, name, name_len);
data/tarantool-2.6.0/src/box/ck_constraint.h:85:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/tarantool-2.6.0/src/box/coll_id.c:54:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(coll_id->name, def->name, def->name_len);
data/tarantool-2.6.0/src/box/coll_id.h:61:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/tarantool-2.6.0/src/box/constraint_id.c:55:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ret->name, name, len + 1);
data/tarantool-2.6.0/src/box/constraint_id.h:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/tarantool-2.6.0/src/box/error.cc:157:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *rmean_error_strings[RMEAN_ERROR_LAST] = {
data/tarantool-2.6.0/src/box/error.h:195:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char *rmean_error_strings[RMEAN_ERROR_LAST];
data/tarantool-2.6.0/src/box/error.h:329:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char m_custom_type[64];
data/tarantool-2.6.0/src/box/execute.c:200:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(pos, s, len);
data/tarantool-2.6.0/src/box/field_map.c:120:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&((uint32_t *) extent_wptr)[1], extent->offset,
data/tarantool-2.6.0/src/box/fk_constraint.h:104:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/tarantool-2.6.0/src/box/func.c:132:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char resolved[PATH_MAX];
data/tarantool-2.6.0/src/box/func.c:250:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/tarantool-2.6.0/src/box/func.c:262:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(module->package, package, package_len);
data/tarantool-2.6.0/src/box/func.c:270:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dir_name[PATH_MAX];
data/tarantool-2.6.0/src/box/func.c:282:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char load_name[PATH_MAX];
data/tarantool-2.6.0/src/box/func.c:296:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	int source_fd = open(path, O_RDONLY);
data/tarantool-2.6.0/src/box/func.c:302:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	int dest_fd = open(load_name, O_WRONLY|O_CREAT|O_TRUNC,
data/tarantool-2.6.0/src/box/func.h:58:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char package[0];
data/tarantool-2.6.0/src/box/func_def.h:135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/tarantool-2.6.0/src/box/gc.c:492:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buf[128];
data/tarantool-2.6.0/src/box/gc.h:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[GC_NAME_MAX];
data/tarantool-2.6.0/src/box/gc.h:92:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[GC_NAME_MAX];
data/tarantool-2.6.0/src/box/index_def.c:188:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dup, src, size);
data/tarantool-2.6.0/src/box/iproto.cc:294:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *rmean_net_strings[IPROTO_LAST] = {
data/tarantool-2.6.0/src/box/iproto.cc:536:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char salt[IPROTO_SALT_SIZE];
data/tarantool-2.6.0/src/box/iproto.cc:777:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new_ibuf->rpos, old_ibuf->wpos, con->parse_size);
data/tarantool-2.6.0/src/box/iproto.cc:1040:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(iov, src + begin->pos, iovcnt * sizeof(struct iovec));
data/tarantool-2.6.0/src/box/iproto_constants.c:33:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const unsigned char iproto_key_type[IPROTO_KEY_MAX] =
data/tarantool-2.6.0/src/box/iproto_constants.c:132:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *iproto_key_strs[IPROTO_KEY_MAX] = {
data/tarantool-2.6.0/src/box/iproto_constants.c:203:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *vy_page_info_key_strs[VY_PAGE_INFO_KEY_MAX] = {
data/tarantool-2.6.0/src/box/iproto_constants.c:213:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *vy_run_info_key_strs[VY_RUN_INFO_KEY_MAX] = {
data/tarantool-2.6.0/src/box/iproto_constants.c:225:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *vy_row_index_key_strs[VY_ROW_INDEX_KEY_MAX] = {
data/tarantool-2.6.0/src/box/iproto_constants.h:184:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const unsigned char iproto_key_type[IPROTO_KEY_MAX];
data/tarantool-2.6.0/src/box/key_def.c:104:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, src, sz);
data/tarantool-2.6.0/src/box/key_def.c:170:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(part->path, path, path_len);
data/tarantool-2.6.0/src/box/key_def.c:334:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(path, part->path, part->path_len);
data/tarantool-2.6.0/src/box/lua/console.c:762:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(t, p, pn);
data/tarantool-2.6.0/src/box/lua/console.c:763:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(t + pn, s, n);
data/tarantool-2.6.0/src/box/lua/console.c:943:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ml.list[0], ml.list[1], ml.matchlen);
data/tarantool-2.6.0/src/box/lua/execute.c:324:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, bind->name, name_len + 1);
data/tarantool-2.6.0/src/box/lua/execute.c:353:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, field.sval.data, field.sval.len + 1);
data/tarantool-2.6.0/src/box/lua/info.c:89:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char status[16];
data/tarantool-2.6.0/src/box/lua/info.c:109:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name[APPLIER_SOURCE_MAXLEN];
data/tarantool-2.6.0/src/box/lua/key_def.c:215:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmp, path, path_len + 1);
data/tarantool-2.6.0/src/box/lua/merger.c:1124:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(output_buffer->wpos, tuple_data(tuple), bsize);
data/tarantool-2.6.0/src/box/lua/misc.cc:224:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(fields[i].name, name, len);
data/tarantool-2.6.0/src/box/lua/net_box.c:148:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char scramble[SCRAMBLE_SIZE];
data/tarantool-2.6.0/src/box/lua/net_box.c:425:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uuid_buf[UUID_STR_LEN + 1];
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:120:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char err_msg[256];
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char indent_buf[256];
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:127:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char suffix_buf[32];
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:178:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char mask_str[256];
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:198:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(mask_str, "UNKNOWN");
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:213:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char mp_type[64], *type_str = mp_type;
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:229:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			type_str = (char *)mp_type_names[field.type];
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:245:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[128];
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:356:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[32];
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:384:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&d->suffix_buf[d->suffix_len], str, len);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:770:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[FPCONV_G_FMT_BUFSIZE];
data/tarantool-2.6.0/src/box/lua/slab.c:143:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ratio_buf[32];
data/tarantool-2.6.0/src/box/lua/xlog.c:297:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[1024];
data/tarantool-2.6.0/src/box/memtx_engine.c:689:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char to[PATH_MAX];
data/tarantool-2.6.0/src/box/memtx_engine.c:1176:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(raw, data, tuple_len);
data/tarantool-2.6.0/src/box/memtx_engine.c:1206:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		container_of((const char (*)[0])data,
data/tarantool-2.6.0/src/box/memtx_engine.c:1225:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tuple_chunk->data, data, data_sz);
data/tarantool-2.6.0/src/box/mp_error.cc:325:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, str, len);
data/tarantool-2.6.0/src/box/mp_error.cc:564:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *const mp_error_field_to_json_key[MP_ERROR_MAX] = {
data/tarantool-2.6.0/src/box/opt_def.c:93:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(opt, str, str_len);
data/tarantool-2.6.0/src/box/opt_def.c:107:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ptr, str, str_len);
data/tarantool-2.6.0/src/box/port.c:151:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dst, mp, size);
data/tarantool-2.6.0/src/box/recovery.cc:384:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dir_path[PATH_MAX];
data/tarantool-2.6.0/src/box/recovery.cc:385:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file_path[PATH_MAX];
data/tarantool-2.6.0/src/box/relay.cc:284:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[FIBER_NAME_MAX];
data/tarantool-2.6.0/src/box/relay.cc:612:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[FIBER_NAME_MAX];
data/tarantool-2.6.0/src/box/request.c:116:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, data, size);
data/tarantool-2.6.0/src/box/request.c:211:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(tuple_end, data, key - data);
data/tarantool-2.6.0/src/box/request.c:220:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tuple_end, key_end, data_end - key_end);
data/tarantool-2.6.0/src/box/schema.cc:123:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[6];
data/tarantool-2.6.0/src/box/schema.cc:621:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[GRANT_NAME_MAX + 10];
data/tarantool-2.6.0/src/box/sequence.c:308:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tuple[0];
data/tarantool-2.6.0/src/box/sequence.h:76:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/tarantool-2.6.0/src/box/session_settings.c:44:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *session_setting_strs[SESSION_SETTING_COUNT] = {
data/tarantool-2.6.0/src/box/session_settings.c:209:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(decoded_key, name, len);
data/tarantool-2.6.0/src/box/session_settings.h:87:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char *session_setting_strs[SESSION_SETTING_COUNT];
data/tarantool-2.6.0/src/box/space_def.c:118:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ret, src, size);
data/tarantool-2.6.0/src/box/space_def.c:183:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(def->name, name, name_len);
data/tarantool-2.6.0/src/box/space_def.c:185:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(def->engine_name, engine_name, engine_len);
data/tarantool-2.6.0/src/box/space_def.c:200:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(def->fields[i].name, fields[i].name, len);
data/tarantool-2.6.0/src/box/space_def.c:207:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(def->fields[i].default_value,
data/tarantool-2.6.0/src/box/space_def.h:112:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char engine_name[ENGINE_NAME_MAX + 1];
data/tarantool-2.6.0/src/box/space_def.h:125:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/tarantool-2.6.0/src/box/sql.c:177:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pCur->key, nil_key, sizeof(nil_key));
data/tarantool-2.6.0/src/box/sql.c:187:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pCur->key, nil_key, sizeof(nil_key));
data/tarantool-2.6.0/src/box/sql.c:237:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pCur->key, tuple, tuple_size);
data/tarantool-2.6.0/src/box/sql.c:361:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(field->name, "_COLUMN_%d", i);
data/tarantool-2.6.0/src/box/sql.c:662:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(trigger_stmt, trigger_stmt_old, trigger_stmt_len);
data/tarantool-2.6.0/src/box/sql.c:1196:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[16];
data/tarantool-2.6.0/src/box/sql.c:1251:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(def->name, name, name_len);
data/tarantool-2.6.0/src/box/sql/analyze.c:210:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p->aKey, pData, n);
data/tarantool-2.6.0/src/box/sql/analyze.c:225:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pTo->anEq, pFrom->anEq, sizeof(tRowcnt) * (p->nCol+1));
data/tarantool-2.6.0/src/box/sql/analyze.c:226:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pTo->anLt, pFrom->anLt, sizeof(tRowcnt) * (p->nCol+1));
data/tarantool-2.6.0/src/box/sql/analyze.c:227:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pTo->anDLt, pFrom->anDLt, sizeof(tRowcnt) * (p->nCol+1));
data/tarantool-2.6.0/src/box/sql/analyze.c:1485:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(sample->sample_key,
data/tarantool-2.6.0/src/box/sql/analyze.c:1628:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, src->tuple_stat1, array_size + sizeof(uint32_t));
data/tarantool-2.6.0/src/box/sql/analyze.c:1631:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, src->tuple_log_est, array_size + sizeof(uint32_t));
data/tarantool-2.6.0/src/box/sql/analyze.c:1634:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, src->avg_eq, array_size);
data/tarantool-2.6.0/src/box/sql/analyze.c:1641:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pos, src->samples[i].eq, array_size);
data/tarantool-2.6.0/src/box/sql/analyze.c:1644:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pos, src->samples[i].lt, array_size);
data/tarantool-2.6.0/src/box/sql/analyze.c:1647:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pos, src->samples[i].dlt, array_size);
data/tarantool-2.6.0/src/box/sql/analyze.c:1650:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pos, src->samples[i].sample_key,
data/tarantool-2.6.0/src/box/sql/build.c:273:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(field, space_def->fields,
data/tarantool-2.6.0/src/box/sql/build.c:276:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&field[i], &field_def_default,
data/tarantool-2.6.0/src/box/sql/build.c:328:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(column_def, &field_def_default, sizeof(field_def_default));
data/tarantool-2.6.0/src/box/sql/build.c:635:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ck_def->name, name, name_len);
data/tarantool-2.6.0/src/box/sql/build.c:792:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(raw, index_opts, index_opts_sz);
data/tarantool-2.6.0/src/box/sql/build.c:795:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(raw, index_parts, index_parts_sz);
data/tarantool-2.6.0/src/box/sql/build.c:857:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(raw, table_opts_stmt, table_opts_stmt_sz);
data/tarantool-2.6.0/src/box/sql/build.c:860:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(raw, table_stmt, table_stmt_sz);
data/tarantool-2.6.0/src/box/sql/build.c:1096:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(raw, parent_links, parent_links_size);
data/tarantool-2.6.0/src/box/sql/build.c:1099:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(raw, child_links, child_links_size);
data/tarantool-2.6.0/src/box/sql/build.c:2035:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(fk_def->name, constraint_name, name_len);
data/tarantool-2.6.0/src/box/sql/cursor.c:108:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pBuf, pPayload + offset, amt);
data/tarantool-2.6.0/src/box/sql/date.c:981:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char zBuf[100];
data/tarantool-2.6.0/src/box/sql/date.c:1000:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char zBuf[100];
data/tarantool-2.6.0/src/box/sql/date.c:1018:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char zBuf[100];
data/tarantool-2.6.0/src/box/sql/date.c:1054:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zBuf[100];
data/tarantool-2.6.0/src/box/sql/date.c:1057:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	zFmt = (const char *)sql_value_text(argv[0]);
data/tarantool-2.6.0/src/box/sql/date.c:1271:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zBuf[20];
data/tarantool-2.6.0/src/box/sql/expr.c:148:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ret_types, types, sz);
data/tarantool-2.6.0/src/box/sql/expr.c:1013:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(e->u.zToken, token->z, token->n);
data/tarantool-2.6.0/src/box/sql/expr.c:1036:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(e->u.zToken, token->z, token->n);
data/tarantool-2.6.0/src/box/sql/expr.c:1478:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(zAlloc, p, nNewSize);
data/tarantool-2.6.0/src/box/sql/expr.c:1481:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(zAlloc, p, nSize);
data/tarantool-2.6.0/src/box/sql/expr.c:1498:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(zToken, p->u.zToken, nToken);
data/tarantool-2.6.0/src/box/sql/fk_constraint.c:862:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *) step->zTarget, space_name, name_len);
data/tarantool-2.6.0/src/box/sql/func.c:696:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    && (zFormat = (const char *)sql_value_text(argv[0])) != 0) {
data/tarantool-2.6.0/src/box/sql/func.c:916:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	z2 = (char *)sql_value_text(argv[0]);                              \
data/tarantool-2.6.0/src/box/sql/func.c:922:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	assert(z2 == (char *)sql_value_text(argv[0]));                     \
data/tarantool-2.6.0/src/box/sql/func.c:1252:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *zB = (const char *) sql_value_text(argv[0]);
data/tarantool-2.6.0/src/box/sql/func.c:1253:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *zA = (const char *) sql_value_text(argv[1]);
data/tarantool-2.6.0/src/box/sql/func.c:1272:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	assert(zB == (const char *) sql_value_text(argv[0]));
data/tarantool-2.6.0/src/box/sql/func.c:1361:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char zBuf[50];
data/tarantool-2.6.0/src/box/sql/func.c:1627:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&zOut[j], zRep, nRep);
data/tarantool-2.6.0/src/box/sql/func.c:1633:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&zOut[j], &zStr[i], nStr - i);
data/tarantool-2.6.0/src/box/sql/func.c:1868:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zResult[8];
data/tarantool-2.6.0/src/box/sql/func.c:2135:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				zSep = (char *)sql_value_text(argv[1]);
data/tarantool-2.6.0/src/box/sql/func.c:2144:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		zVal = (char *)sql_value_text(argv[0]);
data/tarantool-2.6.0/src/box/sql/global.c:102:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const unsigned char sqlCtypeMap[256] = {
data/tarantool-2.6.0/src/box/sql/main.c:150:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&y, &x, 8);
data/tarantool-2.6.0/src/box/sql/malloc.c:370:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(pNew, p, db->lookaside.sz);
data/tarantool-2.6.0/src/box/sql/malloc.c:415:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(zNew, z, n);
data/tarantool-2.6.0/src/box/sql/malloc.c:431:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(zNew, z, (size_t) n);
data/tarantool-2.6.0/src/box/sql/os_unix.c:158:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(z, f | O_CLOEXEC, m2);
data/tarantool-2.6.0/src/box/sql/os_unix.c:168:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if (open("/dev/null", f, m) < 0)
data/tarantool-2.6.0/src/box/sql/os_unix.c:415:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&pInode->fileId, &fileId, sizeof(fileId));
data/tarantool-2.6.0/src/box/sql/os_unix.c:776:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(pBuf, &((u8 *) (pFile->pMapRegion))[offset],
data/tarantool-2.6.0/src/box/sql/os_unix.c:781:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(pBuf, &((u8 *) (pFile->pMapRegion))[offset],
data/tarantool-2.6.0/src/box/sql/os_unix.c:799:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		memset(&((char *)pBuf)[got], 0, amt - got);
data/tarantool-2.6.0/src/box/sql/os_unix.c:868:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		pBuf = &((char *)pBuf)[wrote];
data/tarantool-2.6.0/src/box/sql/os_unix.c:911:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zDirname[MAX_PATHNAME + 1];
data/tarantool-2.6.0/src/box/sql/os_unix.c:1663:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zTmpname[MAX_PATHNAME + 2];
data/tarantool-2.6.0/src/box/sql/pragma.c:237:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key_buf[16];
data/tarantool-2.6.0/src/box/sql/printf.c:214:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[etBUFSIZE];	/* Conversion buffer */
data/tarantool-2.6.0/src/box/sql/printf.c:536:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(buf + (prefix != 0), "Inf", 4);
data/tarantool-2.6.0/src/box/sql/printf.c:865:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(zNew, p->zText, p->nChar);
data/tarantool-2.6.0/src/box/sql/printf.c:907:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&p->zText[p->nChar], z, N);
data/tarantool-2.6.0/src/box/sql/printf.c:929:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&p->zText[p->nChar - N], z, N);
data/tarantool-2.6.0/src/box/sql/printf.c:953:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p->zText, p->zBase, p->nChar + 1);
data/tarantool-2.6.0/src/box/sql/printf.c:1022:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zBase[SQL_PRINT_BUF_SIZE];
data/tarantool-2.6.0/src/box/sql/printf.c:1059:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zBase[SQL_PRINT_BUF_SIZE];
data/tarantool-2.6.0/src/box/sql/printf.c:1127:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zBuf[500];
data/tarantool-2.6.0/src/box/sql/random.c:47:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char s[256];	/* State variables */
data/tarantool-2.6.0/src/box/sql/random.c:83:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char k[256];
data/tarantool-2.6.0/src/box/sql/resolve.c:128:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pExpr, pDup, sizeof(*pExpr));
data/tarantool-2.6.0/src/box/sql/select.c:1876:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(v->var_pos, var_pos, var_count * sizeof(uint32_t));
data/tarantool-2.6.0/src/box/sql/select.c:1923:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&space_def->fields[i], &field_def_default,
data/tarantool-2.6.0/src/box/sql/select.c:1987:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(space_def->fields[i].name, zName, name_len);
data/tarantool-2.6.0/src/box/sql/sqlInt.h:1947:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zSelName[12];	/* Symbolic name of this SELECT use for debugging */
data/tarantool-2.6.0/src/box/sql/treeview.c:88:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zBuf[500];
data/tarantool-2.6.0/src/box/sql/treeview.c:141:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char zLine[1000];
data/tarantool-2.6.0/src/box/sql/treeview.c:218:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char zLine[100];
data/tarantool-2.6.0/src/box/sql/treeview.c:310:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zFlgs[30];
data/tarantool-2.6.0/src/box/sql/util.c:126:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dst, src, src_len);
data/tarantool-2.6.0/src/box/sql/util.c:529:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(pValue, &u, 4);
data/tarantool-2.6.0/src/box/sql/util.c:1267:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(z, zName, nName);
data/tarantool-2.6.0/src/box/sql/vdbe.c:664:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char zBuf[200];
data/tarantool-2.6.0/src/box/sql/vdbe.c:905:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(dest_mem->zMalloc, dest_mem->z, len);
data/tarantool-2.6.0/src/box/sql/vdbe.c:1630:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pOut->z, pIn2->z, pIn2->n);
data/tarantool-2.6.0/src/box/sql/vdbe.c:1632:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&pOut->z[pIn2->n], pIn1->z, pIn1->n);
data/tarantool-2.6.0/src/box/sql/vdbe.c:2976:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pOut->z, tuple, tuple_size);
data/tarantool-2.6.0/src/box/sql/vdbeapi.c:232:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pNew, pOrig, MEMCELLSIZE);
data/tarantool-2.6.0/src/box/sql/vdbeaux.c:343:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p4copy, zP4, 8);
data/tarantool-2.6.0/src/box/sql/vdbeaux.c:931:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zAlt[50];
data/tarantool-2.6.0/src/box/sql/vdbeaux.c:1174:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zPtr[256];
data/tarantool-2.6.0/src/box/sql/vdbeaux.c:1175:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zCom[256];
data/tarantool-2.6.0/src/box/sql/vdbeaux.c:2190:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		FILE *out = fopen("vdbe_profile.out", "a");
data/tarantool-2.6.0/src/box/sql/vdbeaux.c:2211:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char zHdr[100];
data/tarantool-2.6.0/src/box/sql/vdbeaux.c:2550:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buf, pMem->z, len);
data/tarantool-2.6.0/src/box/sql/vdbeaux.c:2610:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&pMem->u.r, &x, sizeof(x));
data/tarantool-2.6.0/src/box/sql/vdbeaux.c:2738:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	p->aMem = (Mem *) & ((char *)p)[ROUND8(sizeof(UnpackedRecord))];
data/tarantool-2.6.0/src/box/sql/vdbemem.c:142:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pMem->zMalloc, pMem->z, pMem->n);
data/tarantool-2.6.0/src/box/sql/vdbemem.c:311:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(value, value_str, nByte);
data/tarantool-2.6.0/src/box/sql/vdbemem.c:362:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(mem, &t, sizeof(t));
data/tarantool-2.6.0/src/box/sql/vdbemem.c:947:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pTo, pFrom, MEMCELLSIZE);
data/tarantool-2.6.0/src/box/sql/vdbemem.c:966:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pTo, pFrom, MEMCELLSIZE);
data/tarantool-2.6.0/src/box/sql/vdbemem.c:990:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pTo, pFrom, sizeof(Mem));
data/tarantool-2.6.0/src/box/sql/vdbemem.c:1062:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pMem->z, z, nAlloc);
data/tarantool-2.6.0/src/box/sql/vdbesort.c:544:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(p->aAlloc, &p->aBuffer[iBuf], nAvail);
data/tarantool-2.6.0/src/box/sql/vdbesort.c:563:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&p->aAlloc[nByte - nRem], aNext, nCopy);
data/tarantool-2.6.0/src/box/sql/vdbesort.c:1218:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&p->aBuffer[p->iBufEnd], &pData[nData - nRem], nCopy);
data/tarantool-2.6.0/src/box/sql/vdbesort.c:1545:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(SRVAL(pNew), pVal->z, pVal->n);
data/tarantool-2.6.0/src/box/sql/vdbesort.c:2171:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pOut->z, pKey, nKey);
data/tarantool-2.6.0/src/box/sql/vdbetrace.c:102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char zBase[100];	/* Initial working space */
data/tarantool-2.6.0/src/box/sql/where.c:140:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(aiCur, pWInfo->aiCurOnePass, sizeof(int) * 2);
data/tarantool-2.6.0/src/box/sql/where.c:165:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pDest->a, pSrc->a, pDest->n * sizeof(pDest->a[0]));
data/tarantool-2.6.0/src/box/sql/where.c:1604:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char zType[4];
data/tarantool-2.6.0/src/box/sql/where.c:1605:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char zLeft[50];
data/tarantool-2.6.0/src/box/sql/where.c:1606:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(zType, "...", 4);
data/tarantool-2.6.0/src/box/sql/where.c:1745:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(paNew, p->aLTerm, sizeof(p->aLTerm[0]) * p->nLSlot);
data/tarantool-2.6.0/src/box/sql/where.c:1767:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pTo, pFrom, WHERE_LOOP_XFER_SZ);
data/tarantool-2.6.0/src/box/sql/where.c:1768:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pTo->aLTerm, pFrom->aLTerm,
data/tarantool-2.6.0/src/box/sql/where.c:3492:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char zName[65];
data/tarantool-2.6.0/src/box/sql/where.c:3848:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(pTo->aLoop, pFrom->aLoop,
data/tarantool-2.6.0/src/box/sql/wherecode.c:190:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char zBuf[100];	/* Initial space for EQP output string */
data/tarantool-2.6.0/src/box/sql/wherecode.c:1006:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(end_types, &start_types[nEq], sz);
data/tarantool-2.6.0/src/box/sql/wherecode.c:1324:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(pOrTab->a, pTabItem, sizeof(*pTabItem));
data/tarantool-2.6.0/src/box/sql/whereexpr.c:106:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pWC->a, pOld, sizeof(pWC->a[0]) * pWC->nTerm);
data/tarantool-2.6.0/src/box/tuple.c:111:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(raw, data, data_len);
data/tarantool-2.6.0/src/box/tuple.c:618:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, data, bsize);
data/tarantool-2.6.0/src/box/tuple.h:461:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[0];
data/tarantool-2.6.0/src/box/tuple_compare.cc:1636:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[HINT_VALUE_BYTES];
data/tarantool-2.6.0/src/box/tuple_convert.c:61:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf_out, buf, len);
data/tarantool-2.6.0/src/box/tuple_convert.c:137:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[FPCONV_G_FMT_BUFSIZE];
data/tarantool-2.6.0/src/box/tuple_dictionary.c:160:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pos, fields[i].name, len);
data/tarantool-2.6.0/src/box/tuple_extract_key.cc:74:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(key_buf, field_start, field_end - field_start);
data/tarantool-2.6.0/src/box/tuple_extract_key.cc:229:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(key_buf, field, bsize);
data/tarantool-2.6.0/src/box/tuple_extract_key.cc:349:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(key_buf, src, src_end - src);
data/tarantool-2.6.0/src/box/tuple_format.c:292:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(*path_pool, path, path_len);
data/tarantool-2.6.0/src/box/tuple_format.c:1021:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(it->required_fields, format->required_fields,
data/tarantool-2.6.0/src/box/tuple_format.c:1184:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(it->multikey_required_fields,
data/tarantool-2.6.0/src/box/tuple_hash.cc:281:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[9]; /* enough to store MP_INT/MP_UINT */
data/tarantool-2.6.0/src/box/txn.c:1042:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(svp->name, name, name_len + 1);
data/tarantool-2.6.0/src/box/txn.h:187:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[1];
data/tarantool-2.6.0/src/box/user.cc:339:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char key[6];
data/tarantool-2.6.0/src/box/user.cc:565:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(def->name, "guest", name_len);
data/tarantool-2.6.0/src/box/user.cc:581:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(def->name, "admin", name_len);
data/tarantool-2.6.0/src/box/user_def.h:168:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hash2[SCRAMBLE_SIZE];
data/tarantool-2.6.0/src/box/user_def.h:170:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/tarantool-2.6.0/src/box/vclock.h:218:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, offsetof(struct vclock, lsn) +
data/tarantool-2.6.0/src/box/vinyl.c:356:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/tarantool-2.6.0/src/box/vinyl.c:2035:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ops_end, field_name, pos - field_name);
data/tarantool-2.6.0/src/box/vinyl.c:2058:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(ops_end, arg, pos - arg);
data/tarantool-2.6.0/src/box/vinyl.c:2063:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ops_end, arg, pos - arg);
data/tarantool-2.6.0/src/box/vinyl.c:3204:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char path[PATH_MAX];
data/tarantool-2.6.0/src/box/vy_cache.c:38:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define CT_ASSERT_G(e) typedef char CONCAT(__ct_assert_, __LINE__)[(e) ? 1 :-1]
data/tarantool-2.6.0/src/box/vy_log.c:478:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pos, record->begin, p - record->begin);
data/tarantool-2.6.0/src/box/vy_log.c:485:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pos, record->end, p - record->end);
data/tarantool-2.6.0/src/box/vy_log.c:723:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *)dst->begin, src->begin, size);
data/tarantool-2.6.0/src/box/vy_log.c:735:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((char *)dst->end, src->end, size);
data/tarantool-2.6.0/src/box/vy_log.c:1422:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new_parts, key_parts, sizeof(*key_parts) * key_part_count);
data/tarantool-2.6.0/src/box/vy_log.c:1431:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(path, key_parts[i].path, path_len);
data/tarantool-2.6.0/src/box/vy_log.c:1918:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(range->begin, begin, begin_size);
data/tarantool-2.6.0/src/box/vy_log.c:1923:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(range->end, end, end_size);
data/tarantool-2.6.0/src/box/vy_log.c:2030:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(slice->begin, begin, begin_size);
data/tarantool-2.6.0/src/box/vy_log.c:2035:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(slice->end, end, end_size);
data/tarantool-2.6.0/src/box/vy_lsm.c:294:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/tarantool-2.6.0/src/box/vy_read_iterator.c:77:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new_src, itr->src, itr->src_count * sizeof(*new_src));
data/tarantool-2.6.0/src/box/vy_run.c:152:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name[FIBER_NAME_MAX];
data/tarantool-2.6.0/src/box/vy_run.c:1662:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/tarantool-2.6.0/src/box/vy_run.c:1920:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, page_info->min_key, min_key_size);
data/tarantool-2.6.0/src/box/vy_run.c:2019:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, run_info->min_key, min_key_size);
data/tarantool-2.6.0/src/box/vy_run.c:2022:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, run_info->max_key, max_key_size);
data/tarantool-2.6.0/src/box/vy_run.c:2051:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/tarantool-2.6.0/src/box/vy_run.c:2151:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/tarantool-2.6.0/src/box/vy_run.c:2399:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/tarantool-2.6.0/src/box/vy_run.c:2553:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/tarantool-2.6.0/src/box/vy_scheduler.c:343:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name[FIBER_NAME_MAX];
data/tarantool-2.6.0/src/box/vy_scheduler.c:850:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(data_end, delete_data, delete_data_size);
data/tarantool-2.6.0/src/box/vy_stmt.c:222:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, stmt, tuple_size(stmt));
data/tarantool-2.6.0/src/box/vy_stmt.c:254:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(mem_stmt, stmt, size);
data/tarantool-2.6.0/src/box/vy_stmt.c:288:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(data, key, key_size);
data/tarantool-2.6.0/src/box/vy_stmt.c:304:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, key, end - key);
data/tarantool-2.6.0/src/box/vy_stmt.c:361:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(wpos, tuple_begin, mpsize);
data/tarantool-2.6.0/src/box/vy_stmt.c:365:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(wpos, op->iov_base, op->iov_len);
data/tarantool-2.6.0/src/box/vy_stmt.c:424:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, upsert->data_offset + bsize - sizeof(struct vy_stmt));
data/tarantool-2.6.0/src/box/vy_stmt.c:492:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(pos, entry.data, entry.data_end - entry.data);
data/tarantool-2.6.0/src/box/vy_stmt.c:507:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(stmt_data, data, bsize);
data/tarantool-2.6.0/src/box/vy_upsert.c:181:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ops_buf[16];
data/tarantool-2.6.0/src/box/wal.c:518:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char new_path[PATH_MAX];
data/tarantool-2.6.0/src/box/xlog.c:185:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[VCLOCK_STR_LEN_MAX + 1];
data/tarantool-2.6.0/src/box/xlog.c:186:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(str, val, val_end - val);
data/tarantool-2.6.0/src/box/xlog.c:233:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(meta->filetype, pos, eol - pos);
data/tarantool-2.6.0/src/box/xlog.c:241:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char version[10];
data/tarantool-2.6.0/src/box/xlog.c:247:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(version, pos, eol - pos);
data/tarantool-2.6.0/src/box/xlog.c:292:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char uuid[UUID_STR_LEN + 1];
data/tarantool-2.6.0/src/box/xlog.c:293:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(uuid, val, UUID_STR_LEN);
data/tarantool-2.6.0/src/box/xlog.c:443:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	int fd = open(filename, O_RDONLY);
data/tarantool-2.6.0/src/box/xlog.c:705:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char path[PATH_MAX];
data/tarantool-2.6.0/src/box/xlog.c:734:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char new_filename[PATH_MAX];
data/tarantool-2.6.0/src/box/xlog.c:742:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new_filename, filename, suffix - filename);
data/tarantool-2.6.0/src/box/xlog.c:799:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char meta_buf[XLOG_META_LEN_MAX];
data/tarantool-2.6.0/src/box/xlog.c:838:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	xlog->fd = open(xlog->filename, flags, 0644);
data/tarantool-2.6.0/src/box/xlog.c:874:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char magic[sizeof(log_magic_t)];
data/tarantool-2.6.0/src/box/xlog.c:875:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char meta_buf[XLOG_META_LEN_MAX];
data/tarantool-2.6.0/src/box/xlog.c:886:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	xlog->fd = open(xlog->filename, O_RDWR);
data/tarantool-2.6.0/src/box/xlog.c:1698:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(rows, data, fixheader.len);
data/tarantool-2.6.0/src/box/xlog.c:1762:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dst, rpos, fixheader.len);
data/tarantool-2.6.0/src/box/xlog.c:1989:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	int fd = open(name, O_RDONLY);
data/tarantool-2.6.0/src/box/xlog.c:2017:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, data, size);
data/tarantool-2.6.0/src/box/xlog.h:165:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dirname[PATH_MAX];
data/tarantool-2.6.0/src/box/xlog.h:293:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filetype[10];
data/tarantool-2.6.0/src/box/xlog.h:355:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char filename[PATH_MAX];
data/tarantool-2.6.0/src/box/xlog.h:660:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[PATH_MAX];
data/tarantool-2.6.0/src/box/xrow.c:233:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(copy, row->body[0].iov_base, size);
data/tarantool-2.6.0/src/box/xrow.c:344:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(out, header->body, sizeof(*out) * header->bodycnt);
data/tarantool-2.6.0/src/box/xrow.c:392:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(out, &header, sizeof(header));
data/tarantool-2.6.0/src/box/xrow.c:567:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char header[IPROTO_HEADER_LEN];
data/tarantool-2.6.0/src/box/xrow.c:610:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos + IPROTO_HEADER_LEN, &body, sizeof(body));
data/tarantool-2.6.0/src/box/xrow.c:691:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos + IPROTO_HEADER_LEN, &body, sizeof(body));
data/tarantool-2.6.0/src/box/xrow.c:862:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pos, request->key, key_len);
data/tarantool-2.6.0/src/box/xrow.c:868:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pos, request->ops, ops_len);
data/tarantool-2.6.0/src/box/xrow.c:874:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pos, request->tuple_meta, tuple_meta_len);
data/tarantool-2.6.0/src/box/xrow.c:880:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pos, request->tuple, tuple_len);
data/tarantool-2.6.0/src/box/xrow.c:1016:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *data = (char *) out[0].iov_base;
data/tarantool-2.6.0/src/box/xrow.c:1193:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char scramble[SCRAMBLE_SIZE];
data/tarantool-2.6.0/src/box/xrow.c:1214:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char error[DIAG_ERRMSG_MAX] = { 0 };
data/tarantool-2.6.0/src/box/xrow.c:1654:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char version[20];
data/tarantool-2.6.0/src/box/xrow.c:1658:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(version, pos, vend - pos);
data/tarantool-2.6.0/src/box/xrow.c:1674:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(greeting->protocol, pos + 1, vend - pos - 1);
data/tarantool-2.6.0/src/box/xrow.c:1692:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(greeting->protocol, "Binary");
data/tarantool-2.6.0/src/box/xrow.h:695:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char protocol[GREETING_PROTOCOL_LEN_MAX + 1];
data/tarantool-2.6.0/src/box/xrow.h:699:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char salt[GREETING_SALT_LEN_MAX];
data/tarantool-2.6.0/src/box/xrow_update.c:425:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *expr[2] = {expr1, expr2};
data/tarantool-2.6.0/src/box/xrow_update.c:426:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *expr_end[2] = {expr1_end, expr2_end};
data/tarantool-2.6.0/src/box/xrow_update.c:510:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(res_ops, copy, copy_size);
data/tarantool-2.6.0/src/box/xrow_update_array.c:282:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(out, item->field.data + item->field.size,
data/tarantool-2.6.0/src/box/xrow_update_array.c:300:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(out, item->field.data + item->field.size,
data/tarantool-2.6.0/src/box/xrow_update_bar.c:412:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, field->data, before_parent);
data/tarantool-2.6.0/src/box/xrow_update_bar.c:420:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(out, pos, size);
data/tarantool-2.6.0/src/box/xrow_update_bar.c:432:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, op->arg.set.value, op->arg.set.length);
data/tarantool-2.6.0/src/box/xrow_update_bar.c:436:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, pos, after_point);
data/tarantool-2.6.0/src/box/xrow_update_bar.c:443:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, field->data, before_parent);
data/tarantool-2.6.0/src/box/xrow_update_bar.c:453:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, pos, size);
data/tarantool-2.6.0/src/box/xrow_update_bar.c:458:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, pos, size);
data/tarantool-2.6.0/src/box/xrow_update_bar.c:473:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, field->data, before_point);
data/tarantool-2.6.0/src/box/xrow_update_bar.c:477:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, point_end, after_point);
data/tarantool-2.6.0/src/box/xrow_update_field.c:138:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, field->data, field->size);
data/tarantool-2.6.0/src/box/xrow_update_field.c:526:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(out, op->arg.set.value, op->arg.set.length);
data/tarantool-2.6.0/src/box/xrow_update_field.c:602:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(out, in, arg->offset);
data/tarantool-2.6.0/src/box/xrow_update_field.c:605:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(out, arg->paste, arg->paste_length);
data/tarantool-2.6.0/src/box/xrow_update_field.c:608:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(out, in + arg->tail_offset, arg->tail_length);
data/tarantool-2.6.0/src/box/xrow_update_map.c:473:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, i->field.data + i->field.size, i->tail_size);
data/tarantool-2.6.0/src/box/xrow_update_route.c:392:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(out, field->data, before_hop);
data/tarantool-2.6.0/src/box/xrow_update_route.c:397:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(out, field->data + after_hop, field->size - after_hop);
data/tarantool-2.6.0/src/find_path.c:48:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char path[PATH_MAX] = {'\0'};
data/tarantool-2.6.0/src/find_path.c:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[PATH_MAX];
data/tarantool-2.6.0/src/httpc.c:65:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(p, ptr, bytes);
data/tarantool-2.6.0/src/httpc.c:83:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(p, buffer, bytes);
data/tarantool-2.6.0/src/httpc.c:226:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(chunk, body, size);
data/tarantool-2.6.0/src/lib/coll/coll.c:161:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, s, len);
data/tarantool-2.6.0/src/lib/coll/coll.c:375:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) coll->fingerprint, fingerprint, fingerprint_len + 1);
data/tarantool-2.6.0/src/lib/coll/coll.h:88:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char fingerprint[0];
data/tarantool-2.6.0/src/lib/coll/coll_def.h:117:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char locale[COLL_LOCALE_LEN_MAX + 1];
data/tarantool-2.6.0/src/lib/core/backtrace.cc:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[BACKTRACE_NAME_MAX];
data/tarantool-2.6.0/src/lib/core/backtrace.cc:80:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static __thread char proc_name[BACKTRACE_NAME_MAX];
data/tarantool-2.6.0/src/lib/core/cbus.c:54:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *cbus_stat_strings[CBUS_STAT_LAST] = {
data/tarantool-2.6.0/src/lib/core/cbus.h:55:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char *cbus_stat_strings[CBUS_STAT_LAST];
data/tarantool-2.6.0/src/lib/core/cbus.h:255:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[FIBER_NAME_MAX];
data/tarantool-2.6.0/src/lib/core/coio.cc:125:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			htons((uint16_t)atoi(service));
data/tarantool-2.6.0/src/lib/core/coio.cc:134:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			htons((uint16_t)atoi(service));
data/tarantool-2.6.0/src/lib/core/coio.cc:162:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[URI_MAXHOST] = { '\0' };
data/tarantool-2.6.0/src/lib/core/coio.cc:167:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char service[URI_MAXSERVICE];
data/tarantool-2.6.0/src/lib/core/coio.cc:186:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(addr, &un, *addr_len);
data/tarantool-2.6.0/src/lib/core/coio.cc:225:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(addr, ai->ai_addr, *addr_len);
data/tarantool-2.6.0/src/lib/core/coio.cc:644:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char fiber_name[SERVICE_NAME_MAXLEN];
data/tarantool-2.6.0/src/lib/core/coio_file.c:581:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&buf[len], entry->d_name, namlen);
data/tarantool-2.6.0/src/lib/core/coio_file.c:625:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	int source_fd = open(eio->copyfile.source, O_RDONLY);
data/tarantool-2.6.0/src/lib/core/coio_file.c:630:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	int dest_fd = open(eio->copyfile.dest, O_WRONLY|O_CREAT|O_TRUNC,
data/tarantool-2.6.0/src/lib/core/decimal.c:140:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[DECIMAL_MAX_DIGITS + 3];
data/tarantool-2.6.0/src/lib/core/diag.h:93:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char file[DIAG_FILENAME_MAX];
data/tarantool-2.6.0/src/lib/core/diag.h:95:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char errmsg[DIAG_ERRMSG_MAX];
data/tarantool-2.6.0/src/lib/core/evio.c:387:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&service->addr, ai->ai_addr, ai->ai_addrlen);
data/tarantool-2.6.0/src/lib/core/evio.h:78:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[SERVICE_NAME_MAXLEN];
data/tarantool-2.6.0/src/lib/core/evio.h:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[URI_MAXHOST];
data/tarantool-2.6.0/src/lib/core/evio.h:81:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char serv[URI_MAXSERVICE];
data/tarantool-2.6.0/src/lib/core/exception.cc:171:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[DIAG_ERRMSG_MAX];
data/tarantool-2.6.0/src/lib/core/exception.cc:402:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[DIAG_ERRMSG_MAX];
data/tarantool-2.6.0/src/lib/core/fiber.c:934:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(fiber->name, name, size);
data/tarantool-2.6.0/src/lib/core/fiber.h:528:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char inline_name[FIBER_NAME_INLINE];
data/tarantool-2.6.0/src/lib/core/fiber.h:596:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[FIBER_NAME_INLINE];
data/tarantool-2.6.0/src/lib/core/popen.c:599:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[128], *str;
data/tarantool-2.6.0/src/lib/core/popen.c:663:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static const char *state_str[POPEN_STATE_MAX] = {
data/tarantool-2.6.0/src/lib/core/popen.c:918:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		fd_no = atoi(de->d_name);
data/tarantool-2.6.0/src/lib/core/popen.c:1184:16:  [2] (race) vfork:
  On some old systems, vfork() permits race conditions, and it's very
  difficult to use correctly (CWE-362). Use fork() instead.
	handle->pid = vfork();
data/tarantool-2.6.0/src/lib/core/popen.c:1233:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			int ttyfd = open("/dev/tty", O_RDWR, 0);
data/tarantool-2.6.0/src/lib/core/popen.c:1435:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	dev_null_fd_ro = open(dev_null_path, O_RDONLY | flags);
data/tarantool-2.6.0/src/lib/core/popen.c:1438:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	dev_null_fd_wr = open(dev_null_path, O_WRONLY | flags);
data/tarantool-2.6.0/src/lib/core/port.h:125:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pad[60];
data/tarantool-2.6.0/src/lib/core/random.c:46:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	rfd = open("/dev/urandom", O_RDONLY);
data/tarantool-2.6.0/src/lib/core/random.c:48:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		rfd = open("/dev/random", O_RDONLY | O_NONBLOCK);
data/tarantool-2.6.0/src/lib/core/say.c:270:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	int fd = open(log->path, O_WRONLY | O_APPEND | O_CREAT,
data/tarantool-2.6.0/src/lib/core/say.c:465:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(log->path, O_WRONLY | O_APPEND | O_CREAT,
data/tarantool-2.6.0/src/lib/core/say.c:509:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[10];
data/tarantool-2.6.0/src/lib/core/say.c:727:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			int fd = open("/dev/null", O_WRONLY);
data/tarantool-2.6.0/src/lib/core/say.c:991:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static __thread char buf[SAY_BUF_LEN_MAX];
data/tarantool-2.6.0/src/lib/core/say.c:1198:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	((char *)value)[-1] = '\0';
data/tarantool-2.6.0/src/lib/core/sio.c:115:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *proc = fopen("/proc/sys/net/core/somaxconn", "r");
data/tarantool-2.6.0/src/lib/core/sio.c:333:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char host[NI_MAXHOST], serv[NI_MAXSERV];
data/tarantool-2.6.0/src/lib/core/sio.c:358:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(un->sun_path, u.service, u.service_len);
data/tarantool-2.6.0/src/lib/core/sio.c:374:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int port = htons(atoi(u.service));
data/tarantool-2.6.0/src/lib/core/tt_static.h:66:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buf, str, len);
data/tarantool-2.6.0/src/lib/core/util.c:156:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[22];
data/tarantool-2.6.0/src/lib/core/util.c:248:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static __thread char buf[22];
data/tarantool-2.6.0/src/lib/core/util.c:320:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char c = (unsigned char ) data[i];
data/tarantool-2.6.0/src/lib/core/util.c:340:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[8];
data/tarantool-2.6.0/src/lib/crypto/crypto.c:223:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char key[CRYPTO_MAX_KEY_SIZE];
data/tarantool-2.6.0/src/lib/crypto/crypto.c:251:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(c->key, key, key_size);
data/tarantool-2.6.0/src/lib/mpstream/mpstream.c:217:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(data, src, n);
data/tarantool-2.6.0/src/lib/msgpuck/hints.c:653:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *mp_char2escape[128] = {
data/tarantool-2.6.0/src/lib/msgpuck/msgpuck.c:162:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(data, p, len);
data/tarantool-2.6.0/src/lib/msgpuck/msgpuck.c:171:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(data, p, len);
data/tarantool-2.6.0/src/lib/msgpuck/msgpuck.h:1657:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(data, str, len);
data/tarantool-2.6.0/src/lib/msgpuck/msgpuck.h:2006:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(data, str, len);
data/tarantool-2.6.0/src/lib/msgpuck/msgpuck.h:2029:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(data, str, len);
data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c:46:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char buf[BUF_MAXLEN + 1];
data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c:47:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char str[STRBIN_MAXLEN];
data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c:575:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bufa[9];
data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c:576:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bufb[9];
data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c:634:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[buf_size];
data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c:675:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data1[32];
data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c:683:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data2[32];
data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c:866:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char msgpack[128];
data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c:888:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(d, "str", 3);
data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c:903:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char result[256];
data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c:926:15:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	FILE *tmpf = tmpfile();
data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c:1037:15:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	FILE *tmpf = tmpfile();
data/tarantool-2.6.0/src/lib/salad/bloom.c:90:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(table, bloom->table, store_size);
data/tarantool-2.6.0/src/lib/salad/bloom.c:101:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(bloom->table, table, size);
data/tarantool-2.6.0/src/lib/salad/bloom.h:67:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char bits[BLOOM_CACHE_LINE];
data/tarantool-2.6.0/src/lib/salad/bps_tree.h:326:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define CT_ASSERT(e) do { typedef char __ct_assert[(e) ? 1 : -1]; } while(0)
data/tarantool-2.6.0/src/lib/salad/bps_tree.h:332:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define CT_ASSERT_G(e) typedef char CONCAT(__ct_assert_, __LINE__)[(e) ? 1 :-1]
data/tarantool-2.6.0/src/lib/salad/fifo.h:94:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(q->buf + q->top, (char*)&ptr, sizeof(ptr));
data/tarantool-2.6.0/src/lib/salad/mhash.h:336:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(*ret, &(h->p[x]), sizeof(mh_node_t));
data/tarantool-2.6.0/src/lib/salad/mhash.h:340:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&(h->p[x]), node, sizeof(mh_node_t));
data/tarantool-2.6.0/src/lib/salad/mhash.h:501:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(h, s, sizeof(*h));
data/tarantool-2.6.0/src/lib/salad/mhash.h:535:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(s, h, sizeof(*h));
data/tarantool-2.6.0/src/lib/salad/rtree.c:552:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char taken[RTREE_MAXIMUM_BRANCHES_IN_PAGE];
data/tarantool-2.6.0/src/lib/small/small/features.c:62:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64];
data/tarantool-2.6.0/src/lib/small/small/ibuf.c:96:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, ibuf->rpos, used);
data/tarantool-2.6.0/src/lib/small/small/matras.c:200:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		extent3 = (char *)extent2[n2];
data/tarantool-2.6.0/src/lib/small/small/matras.c:409:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new_extent, extent1, m->extent_size);
data/tarantool-2.6.0/src/lib/small/small/matras.c:420:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new_extent, extent2, m->extent_size);
data/tarantool-2.6.0/src/lib/small/small/matras.c:425:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *extent3 = (char *)extent2[n2];
data/tarantool-2.6.0/src/lib/small/small/matras.c:426:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *extent3p = (char *)extent2p[n2];
data/tarantool-2.6.0/src/lib/small/small/matras.c:431:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new_extent, extent3, m->extent_size);
data/tarantool-2.6.0/src/lib/small/small/obuf.c:130:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((char *) iov->iov_base + iov->iov_len,
data/tarantool-2.6.0/src/lib/small/small/obuf.c:161:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *) iov->iov_base + iov->iov_len, data, to_copy);
data/tarantool-2.6.0/src/lib/small/small/region.c:125:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr + offset - slab->used, rslab_data(slab), slab->used);
data/tarantool-2.6.0/src/lib/small/small/region.c:130:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ptr, rslab_data(slab) + slab->used - offset, offset);
data/tarantool-2.6.0/src/lib/small/small/region.h:330:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	(void) memcpy(region_alloc_xc(region, size), ptr, size);
data/tarantool-2.6.0/src/lib/small/small/slab_arena.c:57:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[64];
data/tarantool-2.6.0/src/lib/small/small/slab_arena.c:76:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[64];
data/tarantool-2.6.0/src/lib/small/small/static.c:33:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
__thread char static_storage_buffer[SMALL_STATIC_SIZE];
data/tarantool-2.6.0/src/lib/small/small/static.h:50:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern __thread char static_storage_buffer[SMALL_STATIC_SIZE];
data/tarantool-2.6.0/src/lib/small/test/lsregion.c:200:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *data[TEST_ARRAY_SIZE];
data/tarantool-2.6.0/src/lib/small/test/lsregion.c:253:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *data[TEST_ARRAY_SIZE + 1];
data/tarantool-2.6.0/src/lib/small/test/lsregion.c:274:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *next_block_data[count];
data/tarantool-2.6.0/src/lib/small/test/lsregion.c:328:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *data[TEST_ARRAY_SIZE];
data/tarantool-2.6.0/src/lib/small/test/slab_arena.c:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024], *tok = NULL;
data/tarantool-2.6.0/src/lib/small/test/slab_arena.c:53:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	f = fopen("/proc/self/smaps", "r");
data/tarantool-2.6.0/src/lib/swim/swim.c:734:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new_payload, payload, payload_size);
data/tarantool-2.6.0/src/lib/swim/swim.c:1043:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, passport, sizeof(*passport));
data/tarantool-2.6.0/src/lib/swim/swim.c:1047:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pos, payload_header, sizeof(*payload_header));
data/tarantool-2.6.0/src/lib/swim/swim.c:1049:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pos, m->payload, m->payload_size);
data/tarantool-2.6.0/src/lib/swim/swim.c:1090:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(header, &ae_header_bin, sizeof(ae_header_bin));
data/tarantool-2.6.0/src/lib/swim/swim.c:1106:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, &uuid_bin, sizeof(uuid_bin));
data/tarantool-2.6.0/src/lib/swim/swim.c:1125:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, &fd_header_bin, size);
data/tarantool-2.6.0/src/lib/swim/swim.c:1155:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(header, &diss_header_bin, sizeof(diss_header_bin));
data/tarantool-2.6.0/src/lib/swim/swim.c:2316:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pos, &bin, sizeof(bin));
data/tarantool-2.6.0/src/lib/swim/swim_io.c:132:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(meta, &header, sizeof(header));
data/tarantool-2.6.0/src/lib/swim/swim_io.c:138:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(meta, &route, sizeof(route));
data/tarantool-2.6.0/src/lib/swim/swim_io.c:642:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(body, pos, size);
data/tarantool-2.6.0/src/lib/swim/swim_io.c:662:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[UDP_PACKET_SIZE];
data/tarantool-2.6.0/src/lib/swim/swim_io.c:680:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[UDP_PACKET_SIZE];
data/tarantool-2.6.0/src/lib/swim/swim_io.h:100:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char meta[0];
data/tarantool-2.6.0/src/lib/swim/swim_io.h:102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[MAX_PACKET_SIZE];
data/tarantool-2.6.0/src/lib/swim/swim_io.h:107:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char end[0];
data/tarantool-2.6.0/src/lib/swim/swim_proto.c:154:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(uuid, bin, UUID_LEN);
data/tarantool-2.6.0/src/lib/swim/swim_proto.c:337:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(header->v_uuid, uuid, UUID_LEN);
data/tarantool-2.6.0/src/lib/swim/swim_proto.c:465:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(passport->v_uuid, uuid, UUID_LEN);
data/tarantool-2.6.0/src/lib/uuid/tt_uuid.c:101:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[UUID_STR_LEN + 1];
data/tarantool-2.6.0/src/lua/digest.c:46:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static __thread unsigned char result[20];
data/tarantool-2.6.0/src/lua/digest.c:53:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(md, result, 20);
data/tarantool-2.6.0/src/lua/digest.c:82:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char digest[PBKDF2_MAX_DIGEST_SIZE];
data/tarantool-2.6.0/src/lua/errno.c:45:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static const struct { char name[32]; int value; } elist[] = {
data/tarantool-2.6.0/src/lua/fiber.c:200:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/tarantool-2.6.0/src/lua/fiber.c:243:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/tarantool-2.6.0/src/lua/fiber.c:744:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[20];
data/tarantool-2.6.0/src/lua/pickle.c:54:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	(void) memcpy(to, ptr, size);
data/tarantool-2.6.0/src/lua/popen.c:737:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(entry, key, key_len);
data/tarantool-2.6.0/src/lua/popen.c:740:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(entry + pos, value, value_len);
data/tarantool-2.6.0/src/lua/socket.c:62:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const struct { char name[32]; int value; } domains[] = {
data/tarantool-2.6.0/src/lua/socket.c:99:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const struct { char name[32]; int value; } types[] = {
data/tarantool-2.6.0/src/lua/socket.c:118:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const struct { char name[32]; int value; } send_flags[] = {
data/tarantool-2.6.0/src/lua/socket.c:369:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const struct { char name[32]; int value; } ai_flags[] = {
data/tarantool-2.6.0/src/lua/socket.c:429:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		inaddr->sin_port = htons(atoi(port));
data/tarantool-2.6.0/src/lua/socket.c:444:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		inaddr6->sin6_port = htons(atoi(port));
data/tarantool-2.6.0/src/lua/socket.c:445:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(inaddr6->sin6_addr.s6_addr, &ipv6, sizeof(ipv6));
data/tarantool-2.6.0/src/lua/socket.c:692:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char shost[NI_MAXHOST];
data/tarantool-2.6.0/src/lua/socket.c:693:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char sservice[NI_MAXSERV];
data/tarantool-2.6.0/src/lua/socket.c:707:23:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			lua_pushinteger(L, atol(sservice));
data/tarantool-2.6.0/src/lua/utf8.c:244:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[U8_MAX_LENGTH];
data/tarantool-2.6.0/src/lua/utils.c:275:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, offsetof(struct luaL_serializer, end_of_options));
data/tarantool-2.6.0/src/lua/utils.h:260:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char end_of_options[0];
data/tarantool-2.6.0/src/main.cc:430:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open("/dev/null", O_RDONLY);
data/tarantool-2.6.0/src/main.cc:759:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				optv = (const char **) calloc(argc,
data/tarantool-2.6.0/src/main.cc:784:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		int fd = open(argv[1], O_RDONLY);
data/tarantool-2.6.0/src/path_lock.c:46:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        int fd = open(path, O_RDONLY);
data/tarantool-2.6.0/src/proc_title.c:99:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ps_buffer[PS_BUFFER_SIZE];
data/tarantool-2.6.0/src/proc_title.c:234:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(rel.copy_begin, rel.clobber_begin, clobber_size);
data/tarantool-2.6.0/src/proc_title.c:279:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(argv_copy, argv, size);
data/tarantool-2.6.0/src/proc_title.c:336:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *argvstr[2];
data/tarantool-2.6.0/src/proc_title.c:359:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char name[PS_BUFFER_SIZE + 32];
data/tarantool-2.6.0/src/scramble.c:50:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char hash1[SCRAMBLE_SIZE];
data/tarantool-2.6.0/src/scramble.c:51:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char hash2[SCRAMBLE_SIZE];
data/tarantool-2.6.0/src/scramble.c:74:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char hash1[SCRAMBLE_SIZE];
data/tarantool-2.6.0/src/scramble.c:75:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char sh[SCRAMBLE_SIZE];
data/tarantool-2.6.0/src/scramble.c:97:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char candidate_hash2[SCRAMBLE_SIZE];
data/tarantool-2.6.0/src/scramble.c:119:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char hash2[SCRAMBLE_SIZE];
data/tarantool-2.6.0/src/title.c:192:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		name = memcpy(p, str, len + 1); \
data/tarantool-2.6.0/src/tt_pthread.h:321:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char short_name[16];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack.h:87:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf + len, data, l);
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:47:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2] = {0xcc, TAKE8_8(d)}; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:59:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2] = {0xcc, TAKE8_16(d)}; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:63:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:77:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[2] = {0xcc, TAKE8_32(d)}; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:83:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:88:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[5]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:103:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[2] = {0xcc, TAKE8_64(d)}; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:109:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:114:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[5]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:119:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[9]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:130:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2] = {0xd0, TAKE8_8(d)}; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:143:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:148:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[2] = {0xd0, TAKE8_16(d)}; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:157:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[2] = {0xcc, TAKE8_16(d)}; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:161:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:173:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[5]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:178:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:183:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[2] = {0xd0, TAKE8_32(d)}; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:192:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[2] = {0xcc, TAKE8_32(d)}; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:196:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:201:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[5]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:214:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[9]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:219:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[5]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:226:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:231:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[2] = {0xd0, TAKE8_64(d)}; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:242:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[2] = {0xcc, TAKE8_64(d)}; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:246:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:253:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[5]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:258:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[9]; \
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:571:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[5];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:580:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[9];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:629:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[3];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:633:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[5];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:650:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[3];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:654:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[5];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:671:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2] = {0xd9, (uint8_t)l};
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:674:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[3];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:678:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[5];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:693:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2] = {0xc4, (unsigned char)l};
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:696:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[3] = {0xc5};
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:700:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[5] = {0xc6};
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:718:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:724:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:730:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:736:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:742:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:748:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[3];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:754:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[4];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/pack_template.h:760:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[6];
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/sysdep.h:178:45:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    do { uint16_t val = _msgpack_be16(num); memcpy(to, &val, 2); } while(0)
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/sysdep.h:180:45:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    do { uint32_t val = _msgpack_be32(num); memcpy(to, &val, 4); } while(0)
data/tarantool-2.6.0/test-run/lib/msgpack-python/msgpack/sysdep.h:182:45:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    do { uint64_t val = _msgpack_be64(num); memcpy(to, &val, 8); } while(0)
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack.h:87:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf + len, data, l);
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:47:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2] = {0xcc, TAKE8_8(d)}; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:59:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2] = {0xcc, TAKE8_16(d)}; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:63:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:77:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[2] = {0xcc, TAKE8_32(d)}; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:83:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:88:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[5]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:103:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[2] = {0xcc, TAKE8_64(d)}; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:109:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:114:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[5]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:119:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[9]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:130:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2] = {0xd0, TAKE8_8(d)}; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:143:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:148:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[2] = {0xd0, TAKE8_16(d)}; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:157:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[2] = {0xcc, TAKE8_16(d)}; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:161:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:173:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[5]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:178:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:183:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[2] = {0xd0, TAKE8_32(d)}; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:192:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[2] = {0xcc, TAKE8_32(d)}; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:196:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:201:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char buf[5]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:214:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[9]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:219:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[5]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:226:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:231:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[2] = {0xd0, TAKE8_64(d)}; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:242:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[2] = {0xcc, TAKE8_64(d)}; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:246:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[3]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:253:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[5]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:258:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char buf[9]; \
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:571:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[5];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:580:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[9];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:629:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[3];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:633:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[5];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:650:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[3];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:654:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[5];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:671:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2] = {0xd9, (uint8_t)l};
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:674:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[3];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:678:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[5];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:693:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2] = {0xc4, (unsigned char)l};
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:696:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[3] = {0xc5};
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:700:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[5] = {0xc6};
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:718:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:724:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:730:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:736:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:742:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:748:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[3];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:754:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[4];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/pack_template.h:760:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[6];
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/sysdep.h:178:45:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    do { uint16_t val = _msgpack_be16(num); memcpy(to, &val, 2); } while(0)
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/sysdep.h:180:45:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    do { uint32_t val = _msgpack_be32(num); memcpy(to, &val, 4); } while(0)
data/tarantool-2.6.0/test-run/lib/tarantool-python/test-run/lib/msgpack-python/msgpack/sysdep.h:182:45:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    do { uint64_t val = _msgpack_be64(num); memcpy(to, &val, 8); } while(0)
data/tarantool-2.6.0/test/app-tap/module_api.c:284:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tuple_buf[64];
data/tarantool-2.6.0/test/app-tap/module_api.c:304:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char lua_buf[sizeof(tuple_buf)];
data/tarantool-2.6.0/test/app-tap/module_api.c:328:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64], *buf_end;
data/tarantool-2.6.0/test/box/function1.c:18:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tuple_buf[512];
data/tarantool-2.6.0/test/box/function1.c:50:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tuple_buf[512];
data/tarantool-2.6.0/test/box/function1.c:80:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tuple_buf[512];
data/tarantool-2.6.0/test/box/function1.c:131:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char key_buf[16];
data/tarantool-2.6.0/test/box/function1.c:153:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tuple_buf[16];
data/tarantool-2.6.0/test/box/function1.c:215:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tuple_buf[16];
data/tarantool-2.6.0/test/box/function1.c:261:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/tarantool-2.6.0/test/box/reload1.c:23:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[16];
data/tarantool-2.6.0/test/box/reload1.c:63:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tuple_buf[16];
data/tarantool-2.6.0/test/box/reload2.c:16:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[16];
data/tarantool-2.6.0/test/box/reload2.c:31:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tuple_buf[64];
data/tarantool-2.6.0/test/box/reload2.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tuple_buf[64];
data/tarantool-2.6.0/test/box/tuple_bench.c:32:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tuple_buf[4][64];
data/tarantool-2.6.0/test/box/tuple_bench.c:33:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *tuple_end[4] = {tuple_buf[0], tuple_buf[1],
data/tarantool-2.6.0/test/box/tuple_bench.c:36:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char test_strings[4][4] = {"bce", "abb", "abb", "ccd"};
data/tarantool-2.6.0/test/unit/cbus_stress.c:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[32];
data/tarantool-2.6.0/test/unit/coio.cc:109:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *f = fopen(filename, "w+");
data/tarantool-2.6.0/test/unit/column_mask.c:234:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer1[1024];
data/tarantool-2.6.0/test/unit/column_mask.c:250:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer2[1024];
data/tarantool-2.6.0/test/unit/crc32.c:43:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(str, "1234567891234567");
data/tarantool-2.6.0/test/unit/crc32.c:47:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(str, "12345678912345678");
data/tarantool-2.6.0/test/unit/crc32.c:54:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(str, "1234");
data/tarantool-2.6.0/test/unit/crypto.c:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[CRYPTO_AES128_KEY_SIZE];
data/tarantool-2.6.0/test/unit/crypto.c:45:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char iv[CRYPTO_AES_IV_SIZE], iv2[CRYPTO_AES_IV_SIZE];
data/tarantool-2.6.0/test/unit/crypto.c:64:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer1[128], buffer2[128];
data/tarantool-2.6.0/test/unit/crypto.c:135:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[CRYPTO_AES128_KEY_SIZE], iv[CRYPTO_AES_IV_SIZE];
data/tarantool-2.6.0/test/unit/crypto.c:141:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char plain[515], cipher[1024], result[1024];
data/tarantool-2.6.0/test/unit/crypto.c:163:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[CRYPTO_MAX_KEY_SIZE], buffer1[128], buffer2[128], plain[128];
data/tarantool-2.6.0/test/unit/crypto.c:164:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char iv[CRYPTO_MAX_IV_SIZE];
data/tarantool-2.6.0/test/unit/crypto.c:212:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[CRYPTO_AES128_KEY_SIZE], iv[CRYPTO_AES_IV_SIZE];
data/tarantool-2.6.0/test/unit/crypto.c:213:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer1[128], buffer2[128];
data/tarantool-2.6.0/test/unit/csv.c:197:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(buf + bufn, s, strlen(s));
data/tarantool-2.6.0/test/unit/csv.c:347:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char fields[4][24] = { "abc", "with,comma", "\"in quotes\"", "1 \" quote"};
data/tarantool-2.6.0/test/unit/csv.c:348:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[54];
data/tarantool-2.6.0/test/unit/decimal.c:92:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buf[32];
data/tarantool-2.6.0/test/unit/decimal.c:304:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[1024];
data/tarantool-2.6.0/test/unit/decimal.c:305:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[1024];
data/tarantool-2.6.0/test/unit/decimal.c:317:12:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	FILE *f = tmpfile();
data/tarantool-2.6.0/test/unit/fiber.cc:57:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[2048];
data/tarantool-2.6.0/test/unit/fiber.cc:174:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char long_name[FIBER_NAME_MAX + 30];
data/tarantool-2.6.0/test/unit/find_path.c:14:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fail_unless(open(find_path(argv[0]), O_RDONLY) >= 0);
data/tarantool-2.6.0/test/unit/guard.cc:17:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char block[2048];
data/tarantool-2.6.0/test/unit/guard.cc:31:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char stack_buf[SIGSTKSZ];
data/tarantool-2.6.0/test/unit/json.c:533:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64];
data/tarantool-2.6.0/test/unit/mp_error.cc:265:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[2048];
data/tarantool-2.6.0/test/unit/mp_error.cc:334:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[2048];
data/tarantool-2.6.0/test/unit/mp_error.cc:366:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[2048];
data/tarantool-2.6.0/test/unit/mp_error.cc:397:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[2048];
data/tarantool-2.6.0/test/unit/mp_error.cc:428:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[2048];
data/tarantool-2.6.0/test/unit/mp_error.cc:526:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str[2048];
data/tarantool-2.6.0/test/unit/mp_error.cc:532:12:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
	FILE *f = tmpfile();
data/tarantool-2.6.0/test/unit/popen-child.c:60:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[1024];
data/tarantool-2.6.0/test/unit/popen-child.c:70:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ssize_t nr = (ssize_t)atoi(argv[3]);
data/tarantool-2.6.0/test/unit/popen.c:14:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char popen_child_path[PATH_MAX];
data/tarantool-2.6.0/test/unit/popen.c:116:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[32] = { };
data/tarantool-2.6.0/test/unit/queue.c:47:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[1024];
data/tarantool-2.6.0/test/unit/reflection_cxx.cc:59:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char m_str[128];
data/tarantool-2.6.0/test/unit/say.c:88:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_filename[30];
data/tarantool-2.6.0/test/unit/say.c:135:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp_filename[30];
data/tarantool-2.6.0/test/unit/say.c:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp_filename[30];
data/tarantool-2.6.0/test/unit/say.c:220:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE* fd = fopen(tmp_filename, "r+");
data/tarantool-2.6.0/test/unit/say.c:222:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[len];
data/tarantool-2.6.0/test/unit/scramble.c:17:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char hash2[SCRAMBLE_SIZE];
data/tarantool-2.6.0/test/unit/scramble.c:29:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char scramble[SCRAMBLE_SIZE];
data/tarantool-2.6.0/test/unit/scramble.c:39:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char new_scramble[SCRAMBLE_SIZE];
data/tarantool-2.6.0/test/unit/scramble.c:58:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[SCRAMBLE_BASE64_SIZE * 2];
data/tarantool-2.6.0/test/unit/sio.c:51:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char long_path[1000];
data/tarantool-2.6.0/test/unit/sio.c:52:26:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	char *pos = long_path + sprintf(long_path, "unix/:/");
data/tarantool-2.6.0/test/unit/swim.c:659:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int port = atoi(u.service);
data/tarantool-2.6.0/test/unit/swim_proto.c:42:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char buffer[1024 * 1024];
data/tarantool-2.6.0/test/unit/swim_proto.c:198:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[1024];
data/tarantool-2.6.0/test/unit/swim_proto.c:206:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer, &header, sizeof(header));
data/tarantool-2.6.0/test/unit/swim_proto.c:227:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(last_valid, &route, sizeof(route));
data/tarantool-2.6.0/test/unit/swim_proto.c:237:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(last_valid, &route, sizeof(route));
data/tarantool-2.6.0/test/unit/swim_proto.c:252:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	int fd = open("log.txt", O_TRUNC);
data/tarantool-2.6.0/test/unit/swim_test_transport.c:65:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[0];
data/tarantool-2.6.0/test/unit/swim_test_transport.c:80:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(p->data, data, size);
data/tarantool-2.6.0/test/unit/swim_test_transport.c:99:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(res, p, size);
data/tarantool-2.6.0/test/unit/swim_test_transport.c:320:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(buffer, p->data, result);
data/tarantool-2.6.0/test/unit/swim_test_utils.c:172:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer, "127.0.0.1:%d", id + 1);
data/tarantool-2.6.0/test/unit/swim_test_utils.c:203:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[128];
data/tarantool-2.6.0/test/unit/swim_test_utils.c:382:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uri[128];
data/tarantool-2.6.0/test/unit/swim_test_utils.c:870:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	int fd = open(log_file, O_TRUNC);
data/tarantool-2.6.0/test/unit/tuple_bigref.c:13:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tuple_buf[64];
data/tarantool-2.6.0/test/unit/uri.c:32:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char str1[1024];
data/tarantool-2.6.0/test/unit/uuid.c:12:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char a_str[UUID_STR_LEN + 1];
data/tarantool-2.6.0/test/unit/uuid.c:13:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char b_str[UUID_STR_LEN + 1];
data/tarantool-2.6.0/test/unit/uuid.c:38:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[18];
data/tarantool-2.6.0/test/unit/uuid.c:84:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[1024];
data/tarantool-2.6.0/test/unit/uuid.c:85:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char str[1024];
data/tarantool-2.6.0/test/unit/uuid.c:96:19:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
        FILE *f = tmpfile();
data/tarantool-2.6.0/test/unit/vy_iterators_helper.c:104:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tmp[32];
data/tarantool-2.6.0/test/unit/vy_mem.c:102:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char data[16];
data/tarantool-2.6.0/test/unit/vy_point_lookup.c:113:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char path[PATH_MAX];
data/tarantool-2.6.0/test/unit/vy_point_lookup.c:115:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(path, "/512");
data/tarantool-2.6.0/test/unit/vy_point_lookup.c:118:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(path, "/0");
data/tarantool-2.6.0/test/unit/vy_point_lookup.c:316:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(path, "rm -rf ");
data/tarantool-2.6.0/test/unit/xrow.cc:67:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char greetingbuf[IPROTO_GREETING_SIZE + 1];
data/tarantool-2.6.0/test/unit/xrow.cc:77:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(source.protocol, "Binary");
data/tarantool-2.6.0/test/unit/xrow.cc:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[2048];
data/tarantool-2.6.0/test/unit/xrow.cc:225:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	pos = (char *)vec[0].iov_base + fixheader_len;
data/tarantool-2.6.0/test/unit/xrow.cc:229:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *begin = (const char *)vec[0].iov_base;
data/tarantool-2.6.0/test/unit/xrow.cc:231:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *end = (const char *)vec[0].iov_base;
data/tarantool-2.6.0/test/unit/xrow.cc:258:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[2048];
data/tarantool-2.6.0/third_party/c-ares/acountry.c:148:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[100];
data/tarantool-2.6.0/third_party/c-ares/acountry.c:218:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[20];
data/tarantool-2.6.0/third_party/c-ares/acountry.c:250:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(addr, host->h_addr, sizeof(*addr));
data/tarantool-2.6.0/third_party/c-ares/acountry.c:255:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       char        short_name[3];  /* A2 short country code */
data/tarantool-2.6.0/third_party/c-ares/acountry.c:548:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  ccode_A2[3], *ccopy, *dot_4;
data/tarantool-2.6.0/third_party/c-ares/adig.c:532:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char addr[46];
data/tarantool-2.6.0/third_party/c-ares/ahost.c:184:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char addr_buf[46] = "??";
data/tarantool-2.6.0/third_party/c-ares/ares.h:517:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char _S6_u8[16];
data/tarantool-2.6.0/third_party/c-ares/ares__get_hostent.c:189:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(hostent->h_addr_list[0], &addr.addrV4, sizeof(addr.addrV4));
data/tarantool-2.6.0/third_party/c-ares/ares__get_hostent.c:191:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(hostent->h_addr_list[0], &addr.addrV6, sizeof(addr.addrV6));
data/tarantool-2.6.0/third_party/c-ares/ares__parse_into_addrinfo.c:144:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&sin->sin_addr.s_addr, aptr, sizeof(struct in_addr));
data/tarantool-2.6.0/third_party/c-ares/ares__parse_into_addrinfo.c:181:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&sin6->sin6_addr.s6_addr, aptr, sizeof(struct ares_in6_addr));
data/tarantool-2.6.0/third_party/c-ares/ares__readaddrinfo.c:43:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *aliases[MAX_ALIASES];
data/tarantool-2.6.0/third_party/c-ares/ares__readaddrinfo.c:189:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(node->ai_addr, &addr.sa4, sizeof(addr.sa4));
data/tarantool-2.6.0/third_party/c-ares/ares__readaddrinfo.c:210:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(node->ai_addr, &addr.sa6, sizeof(addr.sa6));
data/tarantool-2.6.0/third_party/c-ares/ares_getaddrinfo.c:234:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmpbuf[4096];
data/tarantool-2.6.0/third_party/c-ares/ares_getaddrinfo.c:366:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(node->ai_addr, &addr.sa4, sizeof(addr.sa4));
data/tarantool-2.6.0/third_party/c-ares/ares_getaddrinfo.c:368:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(node->ai_addr, &addr.sa6, sizeof(addr.sa6));
data/tarantool-2.6.0/third_party/c-ares/ares_getaddrinfo.c:448:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char PATH_HOSTS[MAX_PATH];
data/tarantool-2.6.0/third_party/c-ares/ares_getaddrinfo.c:457:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char tmp[MAX_PATH];
data/tarantool-2.6.0/third_party/c-ares/ares_getaddrinfo.c:487:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fp = fopen(path_hosts, "r");
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyaddr.c:105:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[128];
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyaddr.c:182:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char PATH_HOSTS[MAX_PATH];
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyaddr.c:190:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAX_PATH];
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyaddr.c:218:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fp = fopen(PATH_HOSTS, "r");
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyaddr.c:274:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
       sprintf(name, "%lu.%lu.%lu.%lu.in-addr.arpa", a4, a3, a2, a1);
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyaddr.c:281:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
       sprintf(name,
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyaddr.c:287:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
       sprintf(name+strlen(name),
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c:248:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *aliases[1] = { NULL };
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c:249:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *addrs[2];
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c:350:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char PATH_HOSTS[MAX_PATH];
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c:358:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[MAX_PATH];
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c:391:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fp = fopen(PATH_HOSTS, "r");
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c:443:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&a1, host->h_addr_list[i1], sizeof(struct in_addr));
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c:447:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&a2, host->h_addr_list[i2], sizeof(struct in_addr));
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c:451:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(host->h_addr_list[i2 + 1], &a2, sizeof(struct in_addr));
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c:453:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(host->h_addr_list[i2 + 1], &a1, sizeof(struct in_addr));
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c:499:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&a1, host->h_addr_list[i1], sizeof(struct ares_in6_addr));
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c:503:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&a2, host->h_addr_list[i2], sizeof(struct ares_in6_addr));
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c:507:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(host->h_addr_list[i2 + 1], &a2, sizeof(struct ares_in6_addr));
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyname.c:509:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(host->h_addr_list[i2 + 1], &a1, sizeof(struct ares_in6_addr));
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:117:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[33], *service;
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:131:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ipbuf[IPBUFSIZ];
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:132:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char srvbuf[33];
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:200:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char srvbuf[33];
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:223:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
           char buf[255];
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:243:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char ipbuf[IPBUFSIZ];
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:283:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmpbuf[4096];
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:336:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(tmpbuf, "%u", (unsigned int)ntohs(port));
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:342:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf, name, name_len + 1);
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:359:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmpbuf[IF_NAMESIZE + 2];
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:373:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(&tmpbuf[1], "%lu", (unsigned long)addr6->sin6_scope_id);
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:377:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(&tmpbuf[1], "%u", (unsigned int)addr6->sin6_scope_id);
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:386:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
              sprintf(&tmpbuf[1], "%lu", (unsigned long)addr6->sin6_scope_id);
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:390:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
              sprintf(&tmpbuf[1], "%u", (unsigned int)addr6->sin6_scope_id);
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:397:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(&tmpbuf[1], "%lu", (unsigned long)addr6->sin6_scope_id);
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:401:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(&tmpbuf[1], "%u", (unsigned int)addr6->sin6_scope_id);
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:303:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((*dest)->local_ip6, src->local_ip6, sizeof(src->local_ip6));
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:390:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&options->servers[j++],
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:692:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  enumKeyName[256];
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:997:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char text[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:1363:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  keyName[256];
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:1588:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char propname[PROP_NAME_MAX];
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:1589:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char propvalue[PROP_VALUE_MAX]="";
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:1615:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char str[INET6_ADDRSTRLEN];
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:1684:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(resolvconf_path, "r");
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:1726:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fp = fopen("/etc/nsswitch.conf", "r");
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:1756:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fp = fopen("/etc/host.conf", "r");
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:1787:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fp = fopen("/etc/svc.conf", "r");
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2025:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char lookups[3], *l;
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2064:52:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int ares_ipv6_subnet_matches(const unsigned char netbase[16],
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2065:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                    unsigned char netmask,
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2066:52:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                    const unsigned char ipaddr[16])
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2068:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char mask[16] = { 0 };
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2092:56:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int ares_ipv6_server_blacklisted(const unsigned char ipaddr[16])
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2096:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const unsigned char netbase[16];
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2183:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&newserv[*nservers].addr.addrV4, &host.addrV4,
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2186:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&newserv[*nservers].addr.addrV6, &host.addrV6,
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2208:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char ipbuf[16], ipbufpfx[32];
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2213:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ipbuf, str, q-str);
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2221:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(ipbufpfx, str, q-str);
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2260:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(ipbuf, str, q-str);
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2486:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *f = fopen(RANDOM_FILE, "rb");
data/tarantool-2.6.0/third_party/c-ares/ares_options.c:182:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&channel->servers[i].addr.addrV4, &srvr->addrV4,
data/tarantool-2.6.0/third_party/c-ares/ares_options.c:185:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&channel->servers[i].addr.addrV6, &srvr->addrV6,
data/tarantool-2.6.0/third_party/c-ares/ares_options.c:234:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&channel->servers[i].addr.addrV4, &srvr->addrV4,
data/tarantool-2.6.0/third_party/c-ares/ares_options.c:237:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&channel->servers[i].addr.addrV6, &srvr->addrV6,
data/tarantool-2.6.0/third_party/c-ares/ares_options.c:348:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&s->addr, &in6, sizeof(struct ares_in6_addr));
data/tarantool-2.6.0/third_party/c-ares/ares_options.c:358:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&s->addr, &in4, sizeof(struct in_addr));
data/tarantool-2.6.0/third_party/c-ares/ares_parse_a_reply.c:162:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(hostent->h_addr_list[i],
data/tarantool-2.6.0/third_party/c-ares/ares_parse_a_reply.c:172:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(&addrttls[i].ipaddr,
data/tarantool-2.6.0/third_party/c-ares/ares_parse_aaaa_reply.c:164:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(hostent->h_addr_list[i],
data/tarantool-2.6.0/third_party/c-ares/ares_parse_aaaa_reply.c:174:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&addrttls[i].ip6addr,
data/tarantool-2.6.0/third_party/c-ares/ares_parse_ptr_reply.c:198:23:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                      memcpy(hostent->h_addr_list[0], addr, addrlen);
data/tarantool-2.6.0/third_party/c-ares/ares_parse_txt_reply.c:165:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy ((char *) txt_curr->txt, strptr, substr_len);
data/tarantool-2.6.0/third_party/c-ares/ares_private.h:162:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char tcp_lenbuf[2];
data/tarantool-2.6.0/third_party/c-ares/ares_private.h:256:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char state[256];
data/tarantool-2.6.0/third_party/c-ares/ares_private.h:282:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char local_dev_name[32];
data/tarantool-2.6.0/third_party/c-ares/ares_private.h:284:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char local_ip6[16];
data/tarantool-2.6.0/third_party/c-ares/ares_process.c:466:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[MAXENDSSZ + 1];
data/tarantool-2.6.0/third_party/c-ares/ares_process.c:1032:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&local.sa6.sin6_addr, channel->local_ip6,
data/tarantool-2.6.0/third_party/c-ares/ares_process.c:1065:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&saddr.sa4.sin_addr, &server->addr.addrV4,
data/tarantool-2.6.0/third_party/c-ares/ares_process.c:1078:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&saddr.sa6.sin6_addr, &server->addr.addrV6,
data/tarantool-2.6.0/third_party/c-ares/ares_process.c:1178:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&saddr.sa4.sin_addr, &server->addr.addrV4,
data/tarantool-2.6.0/third_party/c-ares/ares_process.c:1191:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&saddr.sa6.sin6_addr, &server->addr.addrV6,
data/tarantool-2.6.0/third_party/c-ares/ares_process.c:1391:20:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                   memcpy(sendreq->data_storage, sendreq->data, sendreq->len);
data/tarantool-2.6.0/third_party/c-ares/ares_rules.h:90:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char
data/tarantool-2.6.0/third_party/c-ares/ares_rules.h:100:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char
data/tarantool-2.6.0/third_party/c-ares/ares_search.c:222:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(*s, name, nlen);
data/tarantool-2.6.0/third_party/c-ares/ares_search.c:224:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(*s + nlen + 1, domain, dlen);
data/tarantool-2.6.0/third_party/c-ares/ares_search.c:259:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
          fp = fopen(hostaliases, "r");
data/tarantool-2.6.0/third_party/c-ares/ares_search.c:279:27:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                          memcpy(*s, p, q - p);
data/tarantool-2.6.0/third_party/c-ares/ares_send.c:89:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(query->tcpbuf + 2, qbuf, qlen);
data/tarantool-2.6.0/third_party/c-ares/ares_strdup.c:41:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(s2, s1, sz * sizeof(char));
data/tarantool-2.6.0/third_party/c-ares/ares_writev.c:67:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (bp, iov[i].iov_base, iov[i].iov_len);
data/tarantool-2.6.0/third_party/c-ares/bitncmp.c:46:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  lb = ((const unsigned char *)l)[b];
data/tarantool-2.6.0/third_party/c-ares/bitncmp.c:47:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  rb = ((const unsigned char *)r)[b];
data/tarantool-2.6.0/third_party/c-ares/inet_net_pton.c:274:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
data/tarantool-2.6.0/third_party/c-ares/inet_net_pton.c:377:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, tmp, bytes);
data/tarantool-2.6.0/third_party/c-ares/inet_ntop.c:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[sizeof("255.255.255.255")];
data/tarantool-2.6.0/third_party/c-ares/inet_ntop.c:117:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
data/tarantool-2.6.0/third_party/c-ares/inet_ntop.c:180:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    tp += sprintf(tp, "%x", words[i]);
data/tarantool-2.6.0/third_party/c-ares/test/ares-fuzz.c:18:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char afl_buffer[kMaxAflInputSize];
data/tarantool-2.6.0/third_party/c-ares/test/ares-fuzz.c:38:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(copied_data, afl_buffer, count);
data/tarantool-2.6.0/third_party/c-ares/test/ares-fuzz.c:53:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      int fd = open(argv[ii], O_RDONLY);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-fuzz-name.c:15:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(name, data, size);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-fuzz.c:22:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char addrv4[4] = {0x10, 0x20, 0x30, 0x40};
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-internal.cc:260:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(temp.filename(), "r");
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-internal.cc:280:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(temp.filename(), "r");
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-internal.cc:308:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(hostsfile.filename(), "r");
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-internal.cc:346:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(hostsfile.filename(), "r");
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-internal.cc:447:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(hostsfile.filename(), "r");
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc:17:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char gdns_addr4[4] = {0x08, 0x08, 0x08, 0x08};
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc:18:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char gdns_addr6[16] = {0x20, 0x01, 0x48, 0x60, 0x48, 0x60, 0x00, 0x00,
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc:242:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char addr[4] = {8, 8, 8, 8};
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc:251:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char addr[4] = {8, 8, 8, 8};
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc:260:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char addr[4] = {8, 8, 8, 8};
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc:397:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(sockaddr.sin6_addr.s6_addr, gdns_addr6, 16);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc:413:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(sockaddr.sin6_addr.s6_addr, gdns_addr6, 16);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc:446:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(sockaddr.sin6_addr.s6_addr, gdns_addr6, 16);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc:463:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char addr6[16] = {0xfe, 0x80, 0x01, 0x02, 0x01, 0x02, 0x00, 0x00,
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc:465:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(sockaddr.sin6_addr.s6_addr, addr6, 16);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc:517:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char addr6[16] = {0x20, 0x01, 0x0d, 0xb8, 0x01, 0x02, 0x00, 0x00,
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc:519:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(sockaddr.sin6_addr.s6_addr, addr6, 16);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc:536:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(sockaddr.sin6_addr.s6_addr, gdns_addr6, 16);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-live.cc:551:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(sockaddr.sin6_addr.s6_addr, gdns_addr6, 16);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-main.cc:13:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      ares::test::mock_port = atoi(argv[ii]);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-misc.cc:180:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[256];
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-misc.cc:320:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[2];
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-mock.cc:940:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char gdns_addr4[4] = {0x08, 0x08, 0x08, 0x08};
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-ns.cc:68:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[PATH_MAX + 1];
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-ns.cc:125:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int fd = open(mapfile.c_str(), O_CREAT|O_WRONLY|O_TRUNC, 0644);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-ns.cc:166:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[PATH_MAX + 1];
data/tarantool-2.6.0/third_party/c-ares/test/ares-test.cc:422:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *domains[3] = {"first.com", "second.org", "third.gov"};
data/tarantool-2.6.0/third_party/c-ares/test/ares-test.cc:733:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *f = fopen(filename.c_str(), "w");
data/tarantool-2.6.0/third_party/c-ares/test/dns-dump.cc:17:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int fd = open(filename, O_RDONLY);
data/tarantool-2.6.0/third_party/c-ares/test/dns-dump.cc:24:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[1024];
data/tarantool-2.6.0/third_party/c-ares/test/dns-proto.cc:18:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[2 + 1];
data/tarantool-2.6.0/third_party/c-ares/test/dns-proto.cc:19:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buffer, "%02x", data[ii]);
data/tarantool-2.6.0/third_party/c-ares/test/dns-proto.cc:161:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4*4 + 3 + 1];
data/tarantool-2.6.0/third_party/c-ares/test/dns-proto.cc:162:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buffer, "%u.%u.%u.%u",
data/tarantool-2.6.0/third_party/c-ares/test/dns-proto.cc:171:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[4 + 1];
data/tarantool-2.6.0/third_party/c-ares/test/dns-proto.cc:172:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(buffer, "%02x%02x", (unsigned char)addr[ii], (unsigned char)addr[ii+1]);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:2310:7:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
      MultiByteToWideChar(CP_ACP, 0, ansi, length,
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:2313:3:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  MultiByteToWideChar(CP_ACP, 0, ansi, length,
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:3128:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error_text[kBufSize] = { '\0' };
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:3212:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str[5];  // Big enough for the largest valid code point.
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:7155:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[256];
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:7571:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char executable_path[_MAX_PATH + 1];  // NOLINT
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:7857:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  const int cwd_fd = open(".", O_RDONLY);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:8273:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cwd[GTEST_PATH_MAX_ + 1] = { '\0' };
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:8276:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cwd[GTEST_PATH_MAX_ + 1] = { '\0' };
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:8688:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  const int fd = open("/proc/self/as", O_RDONLY);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:9414:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, regex, len);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:9487:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp_dir_path[MAX_PATH + 1] = { '\0' };  // NOLINT
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:9488:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp_file_path[MAX_PATH + 1] = { '\0' };  // NOLINT
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:9525:29:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
    const int captured_fd = mkstemp(name_template);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:9871:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char text[5] = "";
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gtest/gtest.h:3643:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  return fopen(path, mode);
data/tarantool-2.6.0/third_party/coro/conftest.c:50:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char garbage[1024];
data/tarantool-2.6.0/third_party/coro/conftest.c:65:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char garbage[1024];
data/tarantool-2.6.0/third_party/coro/conftest.c:81:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result[1024];
data/tarantool-2.6.0/third_party/coro/conftest.c:139:14:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
             sprintf(result, "(skaddr)+(sksize)-%d,(sksize)-%d",
data/tarantool-2.6.0/third_party/coro/conftest.c:142:14:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
             strcpy(result, "(skaddr)+(sksize),(sksize)");
data/tarantool-2.6.0/third_party/coro/conftest.c:147:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(result, "(skaddr),(sksize)-%d", sizeof(union alltypes));
data/tarantool-2.6.0/third_party/coro/conftest.c:149:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(result, "(skaddr),(sksize)");
data/tarantool-2.6.0/third_party/curl/CMake/CurlTests.c:116:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[8192];
data/tarantool-2.6.0/third_party/curl/CMake/CurlTests.c:519:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[1024];
data/tarantool-2.6.0/third_party/curl/CMake/CurlTests.c:534:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[1024];
data/tarantool-2.6.0/third_party/curl/docs/examples/anyauthput.c:116:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  hd = open(file, O_RDONLY);
data/tarantool-2.6.0/third_party/curl/docs/examples/cookie_interface.c:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nline[256];
data/tarantool-2.6.0/third_party/curl/docs/examples/crawler.c:62:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(mem->buf[mem->size]), contents, realsize);
data/tarantool-2.6.0/third_party/curl/docs/examples/curlgtk.c:53:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *outfile = fopen(filename, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/curlx.c:157:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(tmp, ia5->data, ia5->length);
data/tarantool-2.6.0/third_party/curl/docs/examples/ephiperfifo.c:97:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error[CURL_ERROR_SIZE];
data/tarantool-2.6.0/third_party/curl/docs/examples/ephiperfifo.c:394:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[1024];
data/tarantool-2.6.0/third_party/curl/docs/examples/ephiperfifo.c:431:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  sockfd = open(fifo, O_RDWR | O_NONBLOCK, 0);
data/tarantool-2.6.0/third_party/curl/docs/examples/evhiperfifo.c:99:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error[CURL_ERROR_SIZE];
data/tarantool-2.6.0/third_party/curl/docs/examples/evhiperfifo.c:372:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[1024];
data/tarantool-2.6.0/third_party/curl/docs/examples/evhiperfifo.c:409:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  sockfd = open(fifo, O_RDWR | O_NONBLOCK, 0);
data/tarantool-2.6.0/third_party/curl/docs/examples/fileupload.c:39:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = fopen("debugit", "rb"); /* open file to upload */
data/tarantool-2.6.0/third_party/curl/docs/examples/fopen.c:121:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&url->buffer[url->buffer_pos], buffer, size);
data/tarantool-2.6.0/third_party/curl/docs/examples/fopen.c:244:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file->handle.file = fopen(url, operation);
data/tarantool-2.6.0/third_party/curl/docs/examples/fopen.c:357:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, file->buffer, want);
data/tarantool-2.6.0/third_party/curl/docs/examples/fopen.c:405:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, file->buffer, want);
data/tarantool-2.6.0/third_party/curl/docs/examples/fopen.c:461:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[256];
data/tarantool-2.6.0/third_party/curl/docs/examples/fopen.c:470:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  outf = fopen(FGETSFILE, "wb+");
data/tarantool-2.6.0/third_party/curl/docs/examples/fopen.c:494:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  outf = fopen(FREADFILE, "wb+");
data/tarantool-2.6.0/third_party/curl/docs/examples/fopen.c:518:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  outf = fopen(REWINDFILE, "wb+");
data/tarantool-2.6.0/third_party/curl/docs/examples/ftp-wildcard.c:120:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    data->output = fopen(finfo->filename, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/ftpget.c:41:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out->stream = fopen(out->filename, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/ftpgetresp.c:49:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  ftpfile = fopen(FTPBODY, "wb"); /* b is binary, needed on win32 */
data/tarantool-2.6.0/third_party/curl/docs/examples/ftpgetresp.c:52:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  respfile = fopen(FTPHEADERS, "wb"); /* b is binary, needed on win32 */
data/tarantool-2.6.0/third_party/curl/docs/examples/ftpsget.c:43:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out->stream = fopen(out->filename, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/ftpupload.c:88:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  hd_src = fopen(LOCAL_FILE, "rb");
data/tarantool-2.6.0/third_party/curl/docs/examples/ftpuploadfrommem.c:58:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, upload->readptr, copylen);
data/tarantool-2.6.0/third_party/curl/docs/examples/ftpuploadresume.c:76:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(localpath, "rb");
data/tarantool-2.6.0/third_party/curl/docs/examples/getinmemory.c:53:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(mem->memory[mem->size]), contents, realsize);
data/tarantool-2.6.0/third_party/curl/docs/examples/ghiper.c:82:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error[CURL_ERROR_SIZE];
data/tarantool-2.6.0/third_party/curl/docs/examples/ghiper.c:401:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  socket = open(fifo, O_RDWR | O_NONBLOCK, 0);
data/tarantool-2.6.0/third_party/curl/docs/examples/hiperfifo.c:97:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error[CURL_ERROR_SIZE];
data/tarantool-2.6.0/third_party/curl/docs/examples/hiperfifo.c:362:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[1024];
data/tarantool-2.6.0/third_party/curl/docs/examples/hiperfifo.c:407:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  sockfd = open(fifo, O_RDWR | O_NONBLOCK, 0);
data/tarantool-2.6.0/third_party/curl/docs/examples/href_extractor.c:42:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    html_parser_char_parse(hsp, ((char *)buffer)[p]);
data/tarantool-2.6.0/third_party/curl/docs/examples/href_extractor.c:55:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tag[1], attr[4], val[128];
data/tarantool-2.6.0/third_party/curl/docs/examples/htmltidy.c:79:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char curl_errbuf[CURL_ERROR_SIZE];
data/tarantool-2.6.0/third_party/curl/docs/examples/htmltitle.cpp:65:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char errorBuffer[CURL_ERROR_SIZE];
data/tarantool-2.6.0/third_party/curl/docs/examples/http2-download.c:146:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filename[128];
data/tarantool-2.6.0/third_party/curl/docs/examples/http2-download.c:153:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  t->out = fopen(filename, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/http2-download.c:196:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    num_transfers = atoi(argv[1]);
data/tarantool-2.6.0/third_party/curl/docs/examples/http2-pushinmemory.c:55:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(mem->memory[mem->size]), contents, realsize);
data/tarantool-2.6.0/third_party/curl/docs/examples/http2-serverpush.c:133:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *out = fopen(OUTPUTFILE, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/http2-serverpush.c:172:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filename[128];
data/tarantool-2.6.0/third_party/curl/docs/examples/http2-serverpush.c:181:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  out = fopen(filename, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/http2-upload.c:110:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char timebuf[60];
data/tarantool-2.6.0/third_party/curl/docs/examples/http2-upload.c:173:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char url[256];
data/tarantool-2.6.0/third_party/curl/docs/examples/http2-upload.c:174:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filename[128];
data/tarantool-2.6.0/third_party/curl/docs/examples/http2-upload.c:182:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  out = fopen(filename, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/http2-upload.c:200:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  i->in = fopen(upload, "rb");
data/tarantool-2.6.0/third_party/curl/docs/examples/http2-upload.c:255:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    num_transfers = atoi(argv[1]);
data/tarantool-2.6.0/third_party/curl/docs/examples/httpput.c:81:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  hd_src = fopen(file, "rb");
data/tarantool-2.6.0/third_party/curl/docs/examples/imap-append.c:75:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, data, len);
data/tarantool-2.6.0/third_party/curl/docs/examples/multi-event.c:66:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filename[50];
data/tarantool-2.6.0/third_party/curl/docs/examples/multi-event.c:72:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file = fopen(filename, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/multi-uv.c:76:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filename[50];
data/tarantool-2.6.0/third_party/curl/docs/examples/multi-uv.c:82:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file = fopen(filename, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/multithread.c:42:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * const urls[NUMT]= {
data/tarantool-2.6.0/third_party/curl/docs/examples/post-callback.c:54:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest, wt->readptr, copy_this_much);
data/tarantool-2.6.0/third_party/curl/docs/examples/postinmemory.c:50:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(mem->memory[mem->size]), contents, realsize);
data/tarantool-2.6.0/third_party/curl/docs/examples/rtsp.c:92:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *sdp_fp = fopen(sdp_filename, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/rtsp.c:153:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(sdp_filename, "video.sdp");
data/tarantool-2.6.0/third_party/curl/docs/examples/rtsp.c:169:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *sdp_fp = fopen(sdp_filename, "rb");
data/tarantool-2.6.0/third_party/curl/docs/examples/sendrecv.c:131:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[1024];
data/tarantool-2.6.0/third_party/curl/docs/examples/sepheaders.c:61:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  headerfile = fopen(headerfilename, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/sepheaders.c:68:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  bodyfile = fopen(bodyfilename, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/sftpget.c:52:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out->stream = fopen(out->filename, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/sftpuploadresume.c:89:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(localpath, "rb");
data/tarantool-2.6.0/third_party/curl/docs/examples/simplessl.c:74:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  headerfile = fopen(pHeaderFile, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/smooth-gtk-thread.c:87:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      FILE *outfile = fopen(urls[j], "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-authzid.c:83:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, data, len);
data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-mail.c:80:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, data, len);
data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-multi.c:77:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, data, len);
data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-ssl.c:77:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, data, len);
data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-tls.c:77:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, data, len);
data/tarantool-2.6.0/third_party/curl/docs/examples/sslbackend.c:60:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int id = atoi(name);
data/tarantool-2.6.0/third_party/curl/docs/examples/synctime.c:106:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char http_proxy[MAX_STRING1];
data/tarantool-2.6.0/third_party/curl/docs/examples/synctime.c:107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char proxy_user[MAX_STRING1];
data/tarantool-2.6.0/third_party/curl/docs/examples/synctime.c:108:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char timeserver[MAX_STRING1];
data/tarantool-2.6.0/third_party/curl/docs/examples/synctime.c:111:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char DefaultTimeServer[3][MAX_STRING1] =
data/tarantool-2.6.0/third_party/curl/docs/examples/synctime.c:140:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  TmpStr1[26], TmpStr2[26];
data/tarantool-2.6.0/third_party/curl/docs/examples/synctime.c:215:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    outfile = fopen(OutFileName, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/synctime.c:309:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timeBuf[61];
data/tarantool-2.6.0/third_party/curl/docs/examples/synctime.c:310:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tzoneBuf[16];
data/tarantool-2.6.0/third_party/curl/docs/examples/url2file.c:67:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  pagefile = fopen(pagefilename, "wb");
data/tarantool-2.6.0/third_party/curl/docs/examples/xmlstream.c:81:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(mem->memory[mem->size]), s, len);
data/tarantool-2.6.0/third_party/curl/lib/altsvc.c:145:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char srchost[MAX_ALTSVC_HOSTLEN + 1];
data/tarantool-2.6.0/third_party/curl/lib/altsvc.c:146:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dsthost[MAX_ALTSVC_HOSTLEN + 1];
data/tarantool-2.6.0/third_party/curl/lib/altsvc.c:147:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char srcalpn[MAX_ALTSVC_ALPNLEN + 1];
data/tarantool-2.6.0/third_party/curl/lib/altsvc.c:148:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dstalpn[MAX_ALTSVC_ALPNLEN + 1];
data/tarantool-2.6.0/third_party/curl/lib/altsvc.c:149:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char date[MAX_ALTSVC_DATELEN + 1];
data/tarantool-2.6.0/third_party/curl/lib/altsvc.c:200:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fp = fopen(file, FOPEN_READTEXT);
data/tarantool-2.6.0/third_party/curl/lib/altsvc.c:331:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char randsuffix[9];
data/tarantool-2.6.0/third_party/curl/lib/altsvc.c:352:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  out = fopen(tempstore, FOPEN_WRITETEXT);
data/tarantool-2.6.0/third_party/curl/lib/altsvc.c:392:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(alpnbuf, protop, len);
data/tarantool-2.6.0/third_party/curl/lib/altsvc.c:453:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char namebuf[MAX_ALTSVC_HOSTLEN] = "";
data/tarantool-2.6.0/third_party/curl/lib/altsvc.c:454:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char alpnbuf[MAX_ALTSVC_ALPNLEN] = "";
data/tarantool-2.6.0/third_party/curl/lib/altsvc.c:481:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char option[32];
data/tarantool-2.6.0/third_party/curl/lib/altsvc.c:499:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(namebuf, hostp, len);
data/tarantool-2.6.0/third_party/curl/lib/asyn-ares.c:795:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char a6[INET6_ADDRSTRLEN];
data/tarantool-2.6.0/third_party/curl/lib/asyn-thread.c:299:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char service[12];
data/tarantool-2.6.0/third_party/curl/lib/asyn-thread.c:302:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1];
data/tarantool-2.6.0/third_party/curl/lib/base64.c:181:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char ibuf[3];
data/tarantool-2.6.0/third_party/curl/lib/base64.c:182:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char obuf[4];
data/tarantool-2.6.0/third_party/curl/lib/config-win32.h:730:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sun_path[UNIX_PATH_MAX];
data/tarantool-2.6.0/third_party/curl/lib/conncache.c:189:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[HASHKEY_SIZE];
data/tarantool-2.6.0/third_party/curl/lib/conncache.c:241:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[HASHKEY_SIZE];
data/tarantool-2.6.0/third_party/curl/lib/conncache.c:537:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[READBUFFER_MIN + 1];
data/tarantool-2.6.0/third_party/curl/lib/connect.c:275:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char myhost[256] = "";
data/tarantool-2.6.0/third_party/curl/lib/connect.c:408:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            si6->sin6_scope_id = atoi(scope_ptr);
data/tarantool-2.6.0/third_party/curl/lib/connect.c:457:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/connect.c:483:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/connect.c:614:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(conn->data->info.conn_primary_ip, conn->primary_ip, MAX_IPADR_LEN);
data/tarantool-2.6.0/third_party/curl/lib/connect.c:615:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(conn->data->info.conn_local_ip, conn->local_ip, MAX_IPADR_LEN);
data/tarantool-2.6.0/third_party/curl/lib/connect.c:687:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/connect.c:718:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(conn->ip_addr_str, conn->primary_ip, MAX_IPADR_LEN);
data/tarantool-2.6.0/third_party/curl/lib/connect.c:952:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ipaddress[MAX_IPADR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/connect.c:953:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/connect.c:978:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/connect.c:1026:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/connect.c:1053:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/connect.c:1126:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ipaddress[MAX_IPADR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/connect.c:1132:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/connect.c:1519:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&addr->sa_addr, ai->ai_addr, addr->addrlen);
data/tarantool-2.6.0/third_party/curl/lib/content_encoding.c:494:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(z->next_in, buf, z->avail_in);
data/tarantool-2.6.0/third_party/curl/lib/content_encoding.c:517:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(z->next_in + z->avail_in - nbytes, buf, nbytes);
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:463:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[MAX_NAME];
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:464:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char what[MAX_NAME];
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:757:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(co->path, path, pathlen);
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:1133:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = file?fopen(file, FOPEN_READTEXT):NULL;
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:1527:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char randsuffix[9];
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:1536:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = fopen(tempstore, FOPEN_WRITETEXT);
data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.c:170:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ca->ai_addr, ai->ai_addr, ss_size);
data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.c:174:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ca->ai_canonname, ai->ai_canonname, namelen);
data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.c:298:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ai->ai_canonname, he->h_name, namelen);
data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.c:322:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&addr->sin_addr, curr, sizeof(struct in_addr));
data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.c:331:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&addr6->sin6_addr, curr, sizeof(struct in6_addr));
data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.c:358:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *h_addr_list[2];
data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.c:405:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(addrentry, inaddr, sizeof(struct in_addr));
data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.c:411:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(addrentry, inaddr, sizeof(struct in6_addr));
data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.c:502:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(sa_un->sun_path + 1, path, path_len - 1);
data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.c:504:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(sa_un->sun_path, path, path_len); /* copy NUL byte */
data/tarantool-2.6.0/third_party/curl/lib/curl_ctype.c:44:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char ascii[128] = {
data/tarantool-2.6.0/third_party/curl/lib/curl_fnmatch.c:76:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char keyword[KEYLEN] = { 0 };
data/tarantool-2.6.0/third_party/curl/lib/curl_fnmatch.c:260:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char charset[CURLFNM_CHSET_SIZE] = { 0 };
data/tarantool-2.6.0/third_party/curl/lib/curl_gssapi.c:125:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[GSS_LOG_BUFFER_LEN];
data/tarantool-2.6.0/third_party/curl/lib/curl_multibyte.c:42:21:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    int str_w_len = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS,
data/tarantool-2.6.0/third_party/curl/lib/curl_multibyte.c:47:12:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
        if(MultiByteToWideChar(CP_UTF8, 0, str_utf8, -1, str_w,
data/tarantool-2.6.0/third_party/curl/lib/curl_multibyte.c:99:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  return (fopen)(filename, mode);
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:169:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char key[8];
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:189:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char key[8];
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:212:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char key[8];                                /* expanded 64 bit key */
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:271:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char key[8];
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:290:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char key[8];
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:313:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char key[8];
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:342:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[8];
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:371:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(out, in, 8);
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:448:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char pw[14];
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:648:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char hmac_output[HMAC_MD5_LENGTH];
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:683:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr + 32, challenge_client, 8);
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:684:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr + 44, ntlm->target_info, ntlm->target_info_len);
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:687:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr + 8, &ntlm->nonce[0], 8);
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:696:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, hmac_output, HMAC_MD5_LENGTH);
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:724:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char data[16];
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:725:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char hmac_output[16];
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:728:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&data[0], challenge_server, 8);
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:729:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&data[8], challenge_client, 8);
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:737:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(lmresp, hmac_output, 16);
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:738:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(lmresp + 16, challenge_client, 8);
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_wb.c:126:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pwbuf[1024];
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_wb.c:128:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/curl_path.c:58:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(real_path, working_path + 3, working_path_len - 2);
data/tarantool-2.6.0/third_party/curl/lib/curl_path.c:60:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(real_path, working_path, 1 + working_path_len);
data/tarantool-2.6.0/third_party/curl/lib/curl_path.c:72:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(real_path, homedir, homelen);
data/tarantool-2.6.0/third_party/curl/lib/curl_path.c:76:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(real_path + homelen + 1, working_path + 3,
data/tarantool-2.6.0/third_party/curl/lib/curl_path.c:86:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(real_path, working_path, 1 + working_path_len);
data/tarantool-2.6.0/third_party/curl/lib/curl_path.c:188:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(*path)[pathLength], cp, (int)(end - cp));
data/tarantool-2.6.0/third_party/curl/lib/curl_setup.h:337:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#  define fopen(fname,mode)          curlx_win32_fopen(fname, mode)
data/tarantool-2.6.0/third_party/curl/lib/curl_setup.h:358:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#    define fopen(fname,mode)          curlx_win32_fopen(fname, mode)
data/tarantool-2.6.0/third_party/curl/lib/doh.c:151:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dnsp, hostp, labellen);
data/tarantool-2.6.0/third_party/curl/lib/doh.c:478:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&a->ip.v4, &doh[index], 4);
data/tarantool-2.6.0/third_party/curl/lib/doh.c:492:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&a->ip.v6, &doh[index], 16);
data/tarantool-2.6.0/third_party/curl/lib/doh.c:756:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[128];
data/tarantool-2.6.0/third_party/curl/lib/doh.c:836:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ai->ai_canonname, hostname, hostlen);
data/tarantool-2.6.0/third_party/curl/lib/doh.c:860:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&addr->sin_addr, &de->addr[i].ip.v4, sizeof(struct in_addr));
data/tarantool-2.6.0/third_party/curl/lib/doh.c:869:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&addr6->sin6_addr, &de->addr[i].ip.v6, sizeof(struct in6_addr));
data/tarantool-2.6.0/third_party/curl/lib/doh.h:76:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char v4[4]; /* network byte order */
data/tarantool-2.6.0/third_party/curl/lib/doh.h:77:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char v6[16];
data/tarantool-2.6.0/third_party/curl/lib/dotdot.c:177:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(outptr, &input[oindex], qlen + 1); /* include the end zero byte */
data/tarantool-2.6.0/third_party/curl/lib/dynbuf.c:106:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&s->bufr[indx], mem, len);
data/tarantool-2.6.0/third_party/curl/lib/escape.c:105:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char encoded[4];
data/tarantool-2.6.0/third_party/curl/lib/escape.c:167:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char hexstr[3];
data/tarantool-2.6.0/third_party/curl/lib/file.c:76:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#  define open_readonly(p,f) open((p),(f),(0))
data/tarantool-2.6.0/third_party/curl/lib/file.c:78:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#  define open_readonly(p,f) open((p),(f))
data/tarantool-2.6.0/third_party/curl/lib/file.c:286:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open(file->path, mode, conn->data->set.new_file_perms);
data/tarantool-2.6.0/third_party/curl/lib/file.c:419:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char header[80];
data/tarantool-2.6.0/third_party/curl/lib/formdata.c:725:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[8192];
data/tarantool-2.6.0/third_party/curl/lib/formdata.c:785:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(zname, name, len);
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:918:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char myhost[MAX_IPADR_LEN + 1] = "";
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:923:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hbuf[NI_MAXHOST];
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:939:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:1114:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(sa, ai->ai_addr, ai->ai_addrlen);
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:1247:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char target[sizeof(myhost) + 20];
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:1826:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char separator[4];
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:2048:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char timebuf[24];
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:2064:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char headerbuf[128];
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:2279:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char clbuf[128];
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:2314:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[24]= { "Accept-ranges: bytes\r\n" };
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:3469:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256];
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:3955:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[SBUF_SIZE];
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:3970:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&s, cmd, write_len);
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:3971:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(&s[write_len], "\r\n"); /* append a trailing CRLF */
data/tarantool-2.6.0/third_party/curl/lib/hash.c:92:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(he->key, key, key_len);
data/tarantool-2.6.0/third_party/curl/lib/hash.h:63:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   key[1]; /* allocated memory following the struct */
data/tarantool-2.6.0/third_party/curl/lib/hostip.c:264:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char entry_id[MAX_HOSTCACHE_LEN];
data/tarantool-2.6.0/third_party/curl/lib/hostip.c:419:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char entry_id[MAX_HOSTCACHE_LEN];
data/tarantool-2.6.0/third_party/curl/lib/hostip.c:875:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hostname[256];
data/tarantool-2.6.0/third_party/curl/lib/hostip.c:882:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char entry_id[MAX_HOSTCACHE_LEN];
data/tarantool-2.6.0/third_party/curl/lib/hostip.c:911:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char address[64];
data/tarantool-2.6.0/third_party/curl/lib/hostip.c:928:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(hostname, hostp->data, host_end - hostp->data);
data/tarantool-2.6.0/third_party/curl/lib/hostip.c:966:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(address, addr_begin, alen);
data/tarantool-2.6.0/third_party/curl/lib/hostip4.c:134:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sbuf[12];
data/tarantool-2.6.0/third_party/curl/lib/hostip6.c:111:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[INET6_ADDRSTRLEN];
data/tarantool-2.6.0/third_party/curl/lib/hostip6.c:139:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sbuf[12];
data/tarantool-2.6.0/third_party/curl/lib/hostip6.c:142:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char addrbuf[128];
data/tarantool-2.6.0/third_party/curl/lib/http.c:272:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(value, start, len);
data/tarantool-2.6.0/third_party/curl/lib/http.c:1123:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, http->postdata, (size_t)http->postsize);
data/tarantool-2.6.0/third_party/curl/lib/http.c:1143:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, http->postdata, fullsize);
data/tarantool-2.6.0/third_party/curl/lib/http.c:1224:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data->state.ulbuf, ptr, sendsize);
data/tarantool-2.6.0/third_party/curl/lib/http.c:1446:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char proxy_header[128];
data/tarantool-2.6.0/third_party/curl/lib/http.c:1449:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tcp_version[5];
data/tarantool-2.6.0/third_party/curl/lib/http.c:1453:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(tcp_version, "TCP6");
data/tarantool-2.6.0/third_party/curl/lib/http.c:1456:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(tcp_version, "TCP4");
data/tarantool-2.6.0/third_party/curl/lib/http.c:1835:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char datestr[80];
data/tarantool-2.6.0/third_party/curl/lib/http.c:1916:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ftp_typecode[sizeof("/;type=?")] = "";
data/tarantool-2.6.0/third_party/curl/lib/http.c:3562:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char scratch[SCRATCHSIZE + 1]; /* "HTTP/major.minor 123" */
data/tarantool-2.6.0/third_party/curl/lib/http.c:3588:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char twoorthree[2];
data/tarantool-2.6.0/third_party/curl/lib/http2.c:715:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&stream->mem[stream->memlen],
data/tarantool-2.6.0/third_party/curl/lib/http2.c:782:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&stream->mem[stream->memlen], data, nread);
data/tarantool-2.6.0/third_party/curl/lib/http2.c:1110:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, stream->upload_mem, nread);
data/tarantool-2.6.0/third_party/curl/lib/http2.c:1568:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(mem, Curl_dyn_ptr(&stream->header_recvbuf) +
data/tarantool-2.6.0/third_party/curl/lib/http2.c:1608:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(mem, stream->pausedata, nread);
data/tarantool-2.6.0/third_party/curl/lib/http2.c:1940:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  nva[0].namelen = strlen((char *)nva[0].name);
data/tarantool-2.6.0/third_party/curl/lib/http2.c:1962:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  nva[1].namelen = strlen((char *)nva[1].name);
data/tarantool-2.6.0/third_party/curl/lib/http2.c:1972:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  nva[2].namelen = strlen((char *)nva[2].name);
data/tarantool-2.6.0/third_party/curl/lib/http2.c:1977:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  nva[2].valuelen = strlen((char *)nva[2].value);
data/tarantool-2.6.0/third_party/curl/lib/http2.c:2010:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      nva[i].namelen = strlen((char *)nva[i].name);
data/tarantool-2.6.0/third_party/curl/lib/http2.c:2015:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      Curl_strntolower((char *)hdbuf, hdbuf, nva[i].namelen);
data/tarantool-2.6.0/third_party/curl/lib/http2.c:2023:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    switch(inspect_header((const char *)nva[i].name, nva[i].namelen, hdbuf,
data/tarantool-2.6.0/third_party/curl/lib/http2.c:2272:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(httpc->inbuf, mem, nread);
data/tarantool-2.6.0/third_party/curl/lib/http_chunks.h:86:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hexbuffer[ MAXNUM_SIZE + 1];
data/tarantool-2.6.0/third_party/curl/lib/idn_win32.c:77:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t punycode[IDN_MAX_LENGTH];
data/tarantool-2.6.0/third_party/curl/lib/idn_win32.c:97:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t unicode[IDN_MAX_LENGTH];
data/tarantool-2.6.0/third_party/curl/lib/if2ip.c:122:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char scope[12] = "";
data/tarantool-2.6.0/third_party/curl/lib/if2ip.c:123:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char ipstr[64];
data/tarantool-2.6.0/third_party/curl/lib/if2ip.c:210:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(req.ifr_name, interf, len + 1);
data/tarantool-2.6.0/third_party/curl/lib/if2ip.h:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ifrn_name[IFNAMSIZ]; /* if name, e.g. "en0" */
data/tarantool-2.6.0/third_party/curl/lib/imap.c:1062:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[20];
data/tarantool-2.6.0/third_party/curl/lib/imap.h:79:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char resptag[5];            /* Response tag to wait for */
data/tarantool-2.6.0/third_party/curl/lib/inet_ntop.c:52:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[sizeof("255.255.255.255")];
data/tarantool-2.6.0/third_party/curl/lib/inet_ntop.c:86:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
data/tarantool-2.6.0/third_party/curl/lib/inet_pton.c:97:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char tmp[INADDRSZ], *tp;
data/tarantool-2.6.0/third_party/curl/lib/inet_pton.c:132:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, tmp, INADDRSZ);
data/tarantool-2.6.0/third_party/curl/lib/inet_pton.c:155:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
data/tarantool-2.6.0/third_party/curl/lib/inet_pton.c:232:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, tmp, IN6ADDRSZ);
data/tarantool-2.6.0/third_party/curl/lib/krb5.c:91:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(buf, "599 ");
data/tarantool-2.6.0/third_party/curl/lib/krb5.c:95:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, dec.value, dec.length);
data/tarantool-2.6.0/third_party/curl/lib/krb5.c:139:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(*to, enc.value, enc.length);
data/tarantool-2.6.0/third_party/curl/lib/md4.c:96:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(result, gcry_md_read(*ctx, 0), MD4_DIGEST_LENGTH);
data/tarantool-2.6.0/third_party/curl/lib/md4.c:205:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ctx->data, data, size);
data/tarantool-2.6.0/third_party/curl/lib/md4.c:274:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[64];
data/tarantool-2.6.0/third_party/curl/lib/md4.c:446:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&ctx->buffer[used], data, size);
data/tarantool-2.6.0/third_party/curl/lib/md4.c:450:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&ctx->buffer[used], data, available);
data/tarantool-2.6.0/third_party/curl/lib/md4.c:461:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ctx->buffer, data, size);
data/tarantool-2.6.0/third_party/curl/lib/md5.c:90:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(digest, gcry_md_read(*ctx, 0), 16);
data/tarantool-2.6.0/third_party/curl/lib/md5.c:268:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[64];
data/tarantool-2.6.0/third_party/curl/lib/md5.c:462:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&ctx->buffer[used], data, size);
data/tarantool-2.6.0/third_party/curl/lib/md5.c:466:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&ctx->buffer[used], data, available);
data/tarantool-2.6.0/third_party/curl/lib/md5.c:477:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ctx->buffer, data, size);
data/tarantool-2.6.0/third_party/curl/lib/memdebug.c:112:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      curl_dbg_logfile = fopen(logname, FOPEN_WRITETEXT);
data/tarantool-2.6.0/third_party/curl/lib/memdebug.c:231:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(mem, str, len);
data/tarantool-2.6.0/third_party/curl/lib/memdebug.c:256:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(mem, str, bsiz);
data/tarantool-2.6.0/third_party/curl/lib/memdebug.c:450:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *res = fopen(file, mode);
data/tarantool-2.6.0/third_party/curl/lib/memdebug.h:147:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#undef fopen
data/tarantool-2.6.0/third_party/curl/lib/memdebug.h:148:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define fopen(file,mode) curl_dbg_fopen(file,mode,__LINE__,__FILE__)
data/tarantool-2.6.0/third_party/curl/lib/mime.c:131:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define fopen_read fopen
data/tarantool-2.6.0/third_party/curl/lib/mime.c:149:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[8192];
data/tarantool-2.6.0/third_party/curl/lib/mime.c:154:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file = fopen(name, FOPEN_READTEXT); /* VMS */
data/tarantool-2.6.0/third_party/curl/lib/mime.c:210:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return fopen(file, FOPEN_READTEXT); /* VMS */
data/tarantool-2.6.0/third_party/curl/lib/mime.c:213:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return fopen(file, FOPEN_READTEXT, "rfm=stmlf", "ctx=stm");
data/tarantool-2.6.0/third_party/curl/lib/mime.c:370:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, st->buf + st->bufbeg, size);
data/tarantool-2.6.0/third_party/curl/lib/mime.c:537:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[4];
data/tarantool-2.6.0/third_party/curl/lib/mime.c:604:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(buf, "\x3D\x0D\x0A");    /* "=\r\n" */
data/tarantool-2.6.0/third_party/curl/lib/mime.c:618:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, buf, len);
data/tarantool-2.6.0/third_party/curl/lib/mime.c:655:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, part->data + curlx_sotouz(part->state.offset), sz);
data/tarantool-2.6.0/third_party/curl/lib/mime.c:768:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, bytes, sz);
data/tarantool-2.6.0/third_party/curl/lib/mime.c:1421:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(part->data, data, datasize);
data/tarantool-2.6.0/third_party/curl/lib/mime.h:84:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char           buf[ENCODING_BUFFER_SIZE]; /* Input buffer. */
data/tarantool-2.6.0/third_party/curl/lib/mime.h:103:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char boundary[MIME_BOUNDARY_LEN]; /* The part boundary. */
data/tarantool-2.6.0/third_party/curl/lib/mprintf.c:574:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *endpos[MAX_PARAMETERS];
data/tarantool-2.6.0/third_party/curl/lib/mprintf.c:576:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char work[BUFFSIZE];
data/tarantool-2.6.0/third_party/curl/lib/mprintf.c:880:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char formatbuf[32]="%";
data/tarantool-2.6.0/third_party/curl/lib/mqtt.c:144:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char client_id[MQTT_CLIENTID_LEN + 1] = "curl";
data/tarantool-2.6.0/third_party/curl/lib/mqtt.c:146:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char packet[32] = {
data/tarantool-2.6.0/third_party/curl/lib/mqtt.c:161:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&packet[client_id_offset], client_id, MQTT_CLIENTID_LEN);
data/tarantool-2.6.0/third_party/curl/lib/mqtt.c:179:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char readbuf[MQTT_CONNACK_LEN];
data/tarantool-2.6.0/third_party/curl/lib/mqtt.c:248:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char encodedsize[4];
data/tarantool-2.6.0/third_party/curl/lib/mqtt.c:269:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&packet[1], encodedsize, n);
data/tarantool-2.6.0/third_party/curl/lib/mqtt.c:274:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&packet[5 + n], topic, topiclen);
data/tarantool-2.6.0/third_party/curl/lib/mqtt.c:292:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char readbuf[MQTT_SUBACK_LEN];
data/tarantool-2.6.0/third_party/curl/lib/mqtt.c:330:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char encodedbytes[4];
data/tarantool-2.6.0/third_party/curl/lib/mqtt.c:348:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&pkt[i], encodedbytes, encodelen);
data/tarantool-2.6.0/third_party/curl/lib/mqtt.c:352:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&pkt[i], topic, topiclen);
data/tarantool-2.6.0/third_party/curl/lib/mqtt.c:354:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&pkt[i], payload, payloadlen);
data/tarantool-2.6.0/third_party/curl/lib/multi.c:663:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/tarantool-2.6.0/third_party/curl/lib/multi.c:1218:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char buf[64];
data/tarantool-2.6.0/third_party/curl/lib/multi.c:1302:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1];
data/tarantool-2.6.0/third_party/curl/lib/multi.c:2688:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(data->sockets, socks, num*sizeof(curl_socket_t));
data/tarantool-2.6.0/third_party/curl/lib/multi.c:2689:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(data->actions, actions, num*sizeof(int));
data/tarantool-2.6.0/third_party/curl/lib/multi.c:2779:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tv, &node->time, sizeof(*tv));
data/tarantool-2.6.0/third_party/curl/lib/multi.c:3147:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&node->time, stamp, sizeof(*stamp));
data/tarantool-2.6.0/third_party/curl/lib/netrc.c:78:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file = fopen(netrcfile, FOPEN_READTEXT);
data/tarantool-2.6.0/third_party/curl/lib/netrc.c:83:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char netrcbuffer[4096];
data/tarantool-2.6.0/third_party/curl/lib/netrc.c:229:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char pwbuf[1024];
data/tarantool-2.6.0/third_party/curl/lib/non-ascii.c:67:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(convbuf, indata, insize);
data/tarantool-2.6.0/third_party/curl/lib/openldap.c:211:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hosturl[1024];
data/tarantool-2.6.0/third_party/curl/lib/openldap.c:216:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(hosturl, "ldap");
data/tarantool-2.6.0/third_party/curl/lib/parsedate.c:119:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[5];
data/tarantool-2.6.0/third_party/curl/lib/parsedate.c:356:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[32]="";
data/tarantool-2.6.0/third_party/curl/lib/parsedate.h:25:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char * const Curl_wkday[7];
data/tarantool-2.6.0/third_party/curl/lib/parsedate.h:26:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char * const Curl_month[12];
data/tarantool-2.6.0/third_party/curl/lib/pingpong.c:310:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ptr, pp->cache, pp->cache_size);
data/tarantool-2.6.0/third_party/curl/lib/pingpong.c:444:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(pp->cache, pp->linestart_resp, pp->cache_size);
data/tarantool-2.6.0/third_party/curl/lib/pop3.c:416:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char digest[MD5_DIGEST_LEN];
data/tarantool-2.6.0/third_party/curl/lib/pop3.c:417:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char secret[2 * MD5_DIGEST_LEN + 1];
data/tarantool-2.6.0/third_party/curl/lib/pop3.c:638:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(pop3c->apoptimestamp, line + i, timestamplen);
data/tarantool-2.6.0/third_party/curl/lib/progress.c:42:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(r, "--:--:--");
data/tarantool-2.6.0/third_party/curl/lib/progress.c:468:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char max5[6][10];
data/tarantool-2.6.0/third_party/curl/lib/progress.c:474:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char time_left[10];
data/tarantool-2.6.0/third_party/curl/lib/progress.c:475:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char time_total[10];
data/tarantool-2.6.0/third_party/curl/lib/progress.c:476:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char time_spent[10];
data/tarantool-2.6.0/third_party/curl/lib/rand.c:54:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy((char *)&seed, force_entropy, min);
data/tarantool-2.6.0/third_party/curl/lib/rand.c:77:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(RANDOM_FILE, O_RDONLY);
data/tarantool-2.6.0/third_party/curl/lib/rand.c:155:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[128];
data/tarantool-2.6.0/third_party/curl/lib/rtsp.c:612:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(rtspc->rtp_buf + rtspc->rtp_bufsize, k->str, *nread);
data/tarantool-2.6.0/third_party/curl/lib/rtsp.c:684:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(scratch, rtp, rtp_dataleft);
data/tarantool-2.6.0/third_party/curl/lib/rtsp.c:812:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(data->set.str[STRING_RTSP_SESSION_ID], start, end - start);
data/tarantool-2.6.0/third_party/curl/lib/security.c:120:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char print_buffer[50];
data/tarantool-2.6.0/third_party/curl/lib/security.c:222:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(data, (char *)buf->data + buf->index, len);
data/tarantool-2.6.0/third_party/curl/lib/sendf.c:201:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, psnd->buffer + psnd->recv_processed, copysize);
data/tarantool-2.6.0/third_party/curl/lib/sendf.c:239:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char print_buffer[2048 + 1];
data/tarantool-2.6.0/third_party/curl/lib/sendf.c:268:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char error[CURL_ERROR_SIZE + 2];
data/tarantool-2.6.0/third_party/curl/lib/sendf.c:415:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/sendf.c:481:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/sendf.c:736:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char s_infotype[CURLINFO_END][3] = {
data/tarantool-2.6.0/third_party/curl/lib/setopt.c:101:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(nblob->data, blob->data, blob->len);
data/tarantool-2.6.0/third_party/curl/lib/setopt.c:565:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(p, argptr, (size_t)data->set.postfieldsize);
data/tarantool-2.6.0/third_party/curl/lib/sha256.c:120:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(digest, gcry_md_read(*ctx, 0), SHA256_DIGEST_LENGTH);
data/tarantool-2.6.0/third_party/curl/lib/sha256.c:291:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[64];
data/tarantool-2.6.0/third_party/curl/lib/sha256.c:407:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(md->buf + md->curlen, in, n);
data/tarantool-2.6.0/third_party/curl/lib/smb.c:351:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((char *)h->magic, "\xffSMB", 4);
data/tarantool-2.6.0/third_party/curl/lib/smb.c:416:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(conn->data->state.ulbuf + sizeof(struct smb_header),
data/tarantool-2.6.0/third_party/curl/lib/smb.c:434:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lm_hash[21];
data/tarantool-2.6.0/third_party/curl/lib/smb.c:435:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lm[24];
data/tarantool-2.6.0/third_party/curl/lib/smb.c:436:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char nt_hash[21];
data/tarantool-2.6.0/third_party/curl/lib/smb.c:437:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char nt[24];
data/tarantool-2.6.0/third_party/curl/lib/smb.c:464:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(p, lm, sizeof(lm));
data/tarantool-2.6.0/third_party/curl/lib/smb.c:466:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(p, nt, sizeof(nt));
data/tarantool-2.6.0/third_party/curl/lib/smb.h:39:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char challenge[8];
data/tarantool-2.6.0/third_party/curl/lib/smb.h:100:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char magic[4];
data/tarantool-2.6.0/third_party/curl/lib/smb.h:106:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char signature[8];
data/tarantool-2.6.0/third_party/curl/lib/smb.h:130:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bytes[1];
data/tarantool-2.6.0/third_party/curl/lib/smb.h:150:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bytes[1024];
data/tarantool-2.6.0/third_party/curl/lib/smb.h:159:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bytes[1024];
data/tarantool-2.6.0/third_party/curl/lib/smb.h:178:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bytes[1024];
data/tarantool-2.6.0/third_party/curl/lib/smtp.c:215:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpline[6];
data/tarantool-2.6.0/third_party/curl/lib/smtp.c:219:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmpline, line, (len == 5 ? 5 : 3));
data/tarantool-2.6.0/third_party/curl/lib/smtp.c:1681:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char localhost[HOSTNAME_MAX + 1];
data/tarantool-2.6.0/third_party/curl/lib/smtp.c:1833:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&scratch[si], &SMTP_EOB[eob_sent], smtp->eob - eob_sent);
data/tarantool-2.6.0/third_party/curl/lib/smtp.c:1851:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&scratch[si], &SMTP_EOB_REPL[eob_sent],
data/tarantool-2.6.0/third_party/curl/lib/smtp.c:1863:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&scratch[si], &SMTP_EOB[eob_sent], smtp->eob - eob_sent);
data/tarantool-2.6.0/third_party/curl/lib/sockaddr.h:37:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cbuf[256];   /* this should be big enough to fit a lot */
data/tarantool-2.6.0/third_party/curl/lib/socketpair.c:66:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[2][12];
data/tarantool-2.6.0/third_party/curl/lib/socks.c:275:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/tarantool-2.6.0/third_party/curl/lib/socks.c:323:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(socksreq + 8, proxy_user, plen + 1);
data/tarantool-2.6.0/third_party/curl/lib/socks.c:506:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dest[256] = "unknown";  /* printable hostname:port */
data/tarantool-2.6.0/third_party/curl/lib/socks.c:688:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(socksreq + len, proxy_user, proxy_user_len);
data/tarantool-2.6.0/third_party/curl/lib/socks.c:698:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(socksreq + len, proxy_password, proxy_password_len);
data/tarantool-2.6.0/third_party/curl/lib/socks.c:853:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&socksreq[len], hostname, hostname_len); /* address w/o NULL */
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:77:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(buf + len, ".\n");
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:123:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char socksreq[4]; /* room for GSS-API exchange header only */
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:142:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(service.value, serviceptr, service.length);
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:202:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(socksreq + 2, &us_length, sizeof(short));
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:268:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&us_length, socksreq + 2, sizeof(short));
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:327:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(user, gss_send_token.value, gss_send_token.length);
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:383:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(socksreq + 2, &us_length, sizeof(short));
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:392:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(gss_send_token.value, &gss_enc, 1);
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:408:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(socksreq + 2, &us_length, sizeof(short));
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:420:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(socksreq, &gss_enc, 1);
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:462:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&us_length, socksreq + 2, sizeof(short));
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:503:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(socksreq, gss_w_token.value, gss_w_token.length);
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:515:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(socksreq, gss_recv_token.value, gss_recv_token.length);
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:87:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char socksreq[4]; /* room for GSS-API exchange header only */
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:205:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(socksreq + 2, &us_length, sizeof(short));
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:289:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&us_length, socksreq + 2, sizeof(short));
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:383:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(socksreq + 2, &us_length, sizeof(short));
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:412:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(sspi_w_token[1].pvBuffer, &gss_enc, 1);
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:446:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(sspi_send_token.pvBuffer, sspi_w_token[0].pvBuffer,
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:448:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((PUCHAR) sspi_send_token.pvBuffer +(int)sspi_w_token[0].cbBuffer,
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:450:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((PUCHAR) sspi_send_token.pvBuffer
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:466:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(socksreq + 2, &us_length, sizeof(short));
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:479:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(socksreq, &gss_enc, 1);
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:523:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&us_length, socksreq + 2, sizeof(short));
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:533:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  result = Curl_blockread_all(conn, sock, (char *)sspi_w_token[0].pvBuffer,
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:577:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(socksreq, sspi_w_token[1].pvBuffer, sspi_w_token[1].cbBuffer);
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:589:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(socksreq, sspi_w_token[0].pvBuffer, sspi_w_token[0].cbBuffer);
data/tarantool-2.6.0/third_party/curl/lib/strdup.c:51:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(newstr, str, (len + 1)*sizeof(char));
data/tarantool-2.6.0/third_party/curl/lib/strdup.c:74:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, src, length);
data/tarantool-2.6.0/third_party/curl/lib/strerror.c:663:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t wbuf[256];
data/tarantool-2.6.0/third_party/curl/lib/strerror.c:767:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/tarantool-2.6.0/third_party/curl/lib/strerror.c:780:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/tarantool-2.6.0/third_party/curl/lib/strerror.c:977:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char txtbuf[80];
data/tarantool-2.6.0/third_party/curl/lib/strerror.c:978:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msgbuf[256];
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:161:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char subopt_ttype[32];             /* Set with suboption TTYPE */
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:162:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char subopt_xdisploc[128];         /* Set with suboption XDISPLOC */
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:168:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char subbuffer[SUBBUFSIZE];
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:348:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char buf[3];
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:822:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char option_keyword[128] = "";
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:823:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char option_arg[256] = "";
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:890:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        binary_option = atoi(option_arg);
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:925:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char temp[2048];
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:929:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char varname[128] = "";
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:930:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char varval[128] = "";
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:507:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[64];
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:556:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:608:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:732:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:1057:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:1136:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&state->remote_addr, &fromaddr, fromlen);
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:1274:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/transfer.c:136:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer,
data/tarantool-2.6.0/third_party/curl/lib/transfer.c:318:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char hexbuffer[11] = "";
data/tarantool-2.6.0/third_party/curl/lib/transfer.c:327:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(data->req.upload_fromhere, hexbuffer, hexlen);
data/tarantool-2.6.0/third_party/curl/lib/transfer.c:340:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(data->req.upload_fromhere + nread,
data/tarantool-2.6.0/third_party/curl/lib/url.c:1540:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/url.c:2178:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char proxy_env[128];
data/tarantool-2.6.0/third_party/curl/lib/url.c:2188:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(envp, "_proxy");
data/tarantool-2.6.0/third_party/curl/lib/url.c:2670:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ubuf, login, ulen);
data/tarantool-2.6.0/third_party/curl/lib/url.c:2678:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pbuf, psep + 1, plen);
data/tarantool-2.6.0/third_party/curl/lib/url.c:2686:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(obuf, osep + 1, olen);
data/tarantool-2.6.0/third_party/curl/lib/url.c:2710:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char portbuf[16];
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:407:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(newest, url_clone, urllen);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:541:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char portbuf[7];
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:606:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest[16]; /* fits a binary IPv6 address */
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:623:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char zoneid[16];
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:674:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char schemebuf[MAX_SCHEME_LEN + 1];
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:818:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(hostname, hostp, len);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:827:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(path, p, len);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:1014:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char portbuf[7];
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:1140:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(allochost, u->host, hostlen - 1);
data/tarantool-2.6.0/third_party/curl/lib/urldata.h:373:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char nonce[8];
data/tarantool-2.6.0/third_party/curl/lib/urldata.h:574:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char dohbuffer[512];
data/tarantool-2.6.0/third_party/curl/lib/urldata.h:846:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char socksreq[SOCKS_REQUEST_BUFSIZE];
data/tarantool-2.6.0/third_party/curl/lib/urldata.h:898:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ip_addr_str[MAX_IPADR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/urldata.h:936:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char primary_ip[MAX_IPADR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/urldata.h:943:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char local_ip[MAX_IPADR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/urldata.h:1128:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char conn_primary_ip[MAX_IPADR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/urldata.h:1130:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char conn_local_ip[MAX_IPADR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/urldata.h:1722:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *str[STRING_LAST]; /* array of strings, pointing to allocated memory */
data/tarantool-2.6.0/third_party/curl/lib/vauth/cleartext.c:95:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(plainauth, authzid, zlen);
data/tarantool-2.6.0/third_party/curl/lib/vauth/cleartext.c:97:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(plainauth + zlen + 1, authcid, clen);
data/tarantool-2.6.0/third_party/curl/lib/vauth/cleartext.c:99:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(plainauth + zlen + clen + 2, passwd, plen);
data/tarantool-2.6.0/third_party/curl/lib/vauth/cram.c:100:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char digest[MD5_DIGEST_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:363:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char digest[MD5_DIGEST_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:364:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char HA1_hex[2 * MD5_DIGEST_LEN + 1];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:365:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char HA2_hex[2 * MD5_DIGEST_LEN + 1];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:366:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char resp_hash_hex[2 * MD5_DIGEST_LEN + 1];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:367:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char nonce[64];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:368:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char realm[128];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:369:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char algorithm[64];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:370:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char qop_options[64];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:372:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cnonce[33];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:539:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[DIGEST_MAX_VALUE_LENGTH];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:540:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char content[DIGEST_MAX_CONTENT_LENGTH];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:695:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char hashbuf[32]; /* 32 bytes/256 bits */
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:696:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char request_digest[65];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:697:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char ha1[65];    /* 64 digits and 1 zero byte */
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:698:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char ha2[65];    /* 64 digits and 1 zero byte */
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:699:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char userh[65];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:711:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cnoncebuf[33];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:790:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hashed[65];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest_sspi.c:280:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char value[DIGEST_MAX_VALUE_LENGTH];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest_sspi.c:281:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char content[DIGEST_MAX_CONTENT_LENGTH];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest_sspi.c:355:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char value[DIGEST_MAX_VALUE_LENGTH];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest_sspi.c:356:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char content[DIGEST_MAX_CONTENT_LENGTH];
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest_sspi.c:641:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(resp, output_token, output_token_len);
data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_gssapi.c:298:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&indata, output_token.value, 4);
data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_gssapi.c:336:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(message, &outdata, sizeof(outdata));
data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_gssapi.c:337:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(message + sizeof(outdata), username_token.value,
data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_sspi.c:237:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(krb5->context, &context, sizeof(context));
data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_sspi.c:372:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&indata, input_buf[1].pvBuffer, 4);
data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_sspi.c:422:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(message, &outdata, sizeof(outdata));
data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_sspi.c:476:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(appdata, wrap_buf[0].pvBuffer, wrap_buf[0].cbBuffer);
data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_sspi.c:478:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(appdata + offset, wrap_buf[1].pvBuffer, wrap_buf[1].cbBuffer);
data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_sspi.c:480:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(appdata + offset, wrap_buf[2].pvBuffer, wrap_buf[2].cbBuffer);
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:198:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ntlm->target_info, &buffer[target_info_offset], target_info_len);
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:313:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ntlm->nonce, &type2[24], 8);
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:393:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char ntlmbuf[NTLM_BUFSIZE];
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:521:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char ntlmbuf[NTLM_BUFSIZE];
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:523:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char lmresp[24]; /* fixed-size */
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:527:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char ntresp[24]; /* fixed-size */
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:532:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char host[HOSTNAME_MAX + 1] = "";
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:568:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ntbuffer[0x18];
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:569:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char entropy[8];
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:570:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ntlmv2hash[0x18];
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:608:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ntbuffer[0x18];
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:609:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[0x18];
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:610:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char md5sum[CURL_MD5_DIGEST_LENGTH];
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:611:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char entropy[8];
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:619:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(lmresp, entropy, 8);
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:625:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmp, &ntlm->nonce[0], 8);
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:626:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmp + 8, entropy, 8);
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:648:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ntbuffer[0x18];
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:650:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char lmbuffer[0x18];
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:776:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&ntlmbuf[size], lmresp, 0x18);
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:792:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&ntlmbuf[size], ptr_ntresp, ntresplen);
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:822:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&ntlmbuf[size], domain, domlen);
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:830:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&ntlmbuf[size], user, userlen);
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:838:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&ntlmbuf[size], host, hostlen);
data/tarantool-2.6.0/third_party/curl/lib/vauth/spnego_sspi.c:259:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vauth/spnego_sspi.c:273:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/version.c:93:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char out[300];
data/tarantool-2.6.0/third_party/curl/lib/version.c:96:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *src[VERSION_PARTS];
data/tarantool-2.6.0/third_party/curl/lib/version.c:98:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ssl_version[200];
data/tarantool-2.6.0/third_party/curl/lib/version.c:101:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char z_version[40];
data/tarantool-2.6.0/third_party/curl/lib/version.c:104:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char br_version[40] = "brotli/";
data/tarantool-2.6.0/third_party/curl/lib/version.c:107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cares_version[40];
data/tarantool-2.6.0/third_party/curl/lib/version.c:110:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char idn_version[40];
data/tarantool-2.6.0/third_party/curl/lib/version.c:113:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char psl_version[40];
data/tarantool-2.6.0/third_party/curl/lib/version.c:116:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char iconv_version[40]="iconv";
data/tarantool-2.6.0/third_party/curl/lib/version.c:119:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ssh_version[40];
data/tarantool-2.6.0/third_party/curl/lib/version.c:122:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char h2_version[40];
data/tarantool-2.6.0/third_party/curl/lib/version.c:125:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char h3_version[40];
data/tarantool-2.6.0/third_party/curl/lib/version.c:128:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char rtmp_version[40];
data/tarantool-2.6.0/third_party/curl/lib/version.c:196:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char suff[2];
data/tarantool-2.6.0/third_party/curl/lib/version.c:225:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(outp, src[j], n);
data/tarantool-2.6.0/third_party/curl/lib/version.c:425:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char ssh_buffer[80];
data/tarantool-2.6.0/third_party/curl/lib/version.c:429:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char ssl_buffer[200];
data/tarantool-2.6.0/third_party/curl/lib/version.c:431:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char ssl_buffer[80];
data/tarantool-2.6.0/third_party/curl/lib/version.c:435:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char brotli_buffer[80];
data/tarantool-2.6.0/third_party/curl/lib/version.c:498:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char quicbuffer[80];
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:234:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&crypto_data->buf[crypto_data->len], data, len);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:313:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char error_buffer[256];
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:780:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ipbuf[40];
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:790:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:992:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(stream->mem, buf, len);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1103:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[14]; /* status line is always 13 characters long */
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1238:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(stream->mem, Curl_dyn_ptr(&stream->overflow), ncopy);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1360:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&out->buf[out->windex], stream->upload_mem, nread);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1460:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  nva[0].namelen = strlen((char *)nva[0].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1478:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  nva[1].namelen = strlen((char *)nva[1].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1484:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  nva[2].namelen = strlen((char *)nva[2].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1489:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  nva[2].valuelen = strlen((char *)nva[2].value);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1519:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      nva[i].namelen = strlen((char *)nva[i].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1524:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      Curl_strntolower((char *)hdbuf, hdbuf, nva[i].namelen);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1534:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    switch(inspect_header((const char *)nva[i].name, nva[i].namelen, hdbuf,
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1872:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&remote_addr, ps.path.remote.addr, ps.path.remote.addrlen);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:240:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:245:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(conn->ip_addr_str, conn->primary_ip, MAX_IPADR_LEN);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:642:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  nva[0].name_len = strlen((char *)nva[0].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:659:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  nva[1].name_len = strlen((char *)nva[1].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:664:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  nva[2].name_len = strlen((char *)nva[2].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:669:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  nva[2].value_len = strlen((char *)nva[2].value);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:698:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      nva[i].name_len = strlen((char *)nva[i].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:703:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      Curl_strntolower((char *)hdbuf, hdbuf, nva[i].name_len);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:712:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    switch(inspect_header((const char *)nva[i].name, nva[i].namelen, hdbuf,
data/tarantool-2.6.0/third_party/curl/lib/vquic/vquic.c:65:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char hex[3];
data/tarantool-2.6.0/third_party/curl/lib/vquic/vquic.c:73:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      int qlogfd = open(Curl_dyn_ptr(&fname), QLOGMODE,
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c:349:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char md5buffer[33];
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c:1449:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(sshc->readdir_line, sshc->readdir_longentry,
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:613:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char md5buffer[33];
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:703:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            port = atoi(kh_name_end + 2);
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1227:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char tempHome[PATH_MAX];
data/tarantool-2.6.0/third_party/curl/lib/vssh/wolfssh.c:508:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(sshc->homedir, name->fName, name->fSz);
data/tarantool-2.6.0/third_party/curl/lib/vtls/bearssl.c:49:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[BR_SSL_BUFSIZE_BIDI];
data/tarantool-2.6.0/third_party/curl/lib/vtls/bearssl.c:52:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *protocols[2];
data/tarantool-2.6.0/third_party/curl/lib/vtls/bearssl.c:67:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char dn[1024];
data/tarantool-2.6.0/third_party/curl/lib/vtls/bearssl.c:81:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ca->dn + ca->dn_len, buf, len);
data/tarantool-2.6.0/third_party/curl/lib/vtls/bearssl.c:104:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[BUFSIZ], *p;
data/tarantool-2.6.0/third_party/curl/lib/vtls/bearssl.c:108:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fp = fopen(path, "rb");
data/tarantool-2.6.0/third_party/curl/lib/vtls/bearssl.c:194:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ta->dn.data, ca.dn, ca.dn_len);
data/tarantool-2.6.0/third_party/curl/lib/vtls/bearssl.c:199:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(ta->pkey.key.rsa.n, pkey->key.rsa.n, pkey->key.rsa.nlen);
data/tarantool-2.6.0/third_party/curl/lib/vtls/bearssl.c:201:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(ta->pkey.key.rsa.e, pkey->key.rsa.e, pkey->key.rsa.elen);
data/tarantool-2.6.0/third_party/curl/lib/vtls/bearssl.c:205:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(ta->pkey.key.ec.q, pkey->key.ec.q, pkey->key.ec.qlen);
data/tarantool-2.6.0/third_party/curl/lib/vtls/bearssl.c:607:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(app, buf, applen);
data/tarantool-2.6.0/third_party/curl/lib/vtls/bearssl.c:630:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, app, applen);
data/tarantool-2.6.0/third_party/curl/lib/vtls/gskit.c:527:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[CURL_MAX_WRITE_SIZE];
data/tarantool-2.6.0/third_party/curl/lib/vtls/gskit.c:1171:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[120];
data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.c:149:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str[96];
data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.c:176:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(file, "rb");
data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.c:815:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char certname[65] = ""; /* limited to 64 chars by ASN.1 */
data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.c:883:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      const char *beg = (const char *) chainp[i].data;
data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.c:1081:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char addrbuf[sizeof(struct use_addr)];
data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.c:1092:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      unsigned char certaddr[sizeof(struct use_addr)];
data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.c:1463:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[120];
data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.c:1615:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(md5sum, gcry_md_read(MD5pw, 0), md5len);
data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.c:1635:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(sha256sum, gcry_md_read(SHA256pw, 0), sha256len);
data/tarantool-2.6.0/third_party/curl/lib/vtls/keylog.c:53:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      keylog_file_fp = fopen(keylog_file_name, FOPEN_APPENDTEXT);
data/tarantool-2.6.0/third_party/curl/lib/vtls/keylog.c:90:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256];
data/tarantool-2.6.0/third_party/curl/lib/vtls/keylog.c:102:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, line, linelen);
data/tarantool-2.6.0/third_party/curl/lib/vtls/keylog.c:115:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
Curl_tls_keylog_write(const char *label,
data/tarantool-2.6.0/third_party/curl/lib/vtls/keylog.c:116:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      const unsigned char client_random[CLIENT_RANDOM_SIZE],
data/tarantool-2.6.0/third_party/curl/lib/vtls/keylog.c:121:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[KEYLOG_LABEL_MAXLEN + 1 + 2 * CLIENT_RANDOM_SIZE + 1 +
data/tarantool-2.6.0/third_party/curl/lib/vtls/keylog.c:134:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(line, label, pos);
data/tarantool-2.6.0/third_party/curl/lib/vtls/keylog.h:46:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
bool Curl_tls_keylog_write(const char *label,
data/tarantool-2.6.0/third_party/curl/lib/vtls/keylog.h:47:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                           const unsigned char client_random[32],
data/tarantool-2.6.0/third_party/curl/lib/vtls/mbedtls.c:75:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *protocols[3];
data/tarantool-2.6.0/third_party/curl/lib/vtls/mbedtls.c:258:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char errorbuf[128];
data/tarantool-2.6.0/third_party/curl/lib/vtls/mbedtls.c:569:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errorbuf[128];
data/tarantool-2.6.0/third_party/curl/lib/vtls/mbedtls.c:629:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pubkey[PUB_DER_MAX_BYTES];
data/tarantool-2.6.0/third_party/curl/lib/vtls/mbedtls.c:851:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char errorbuf[128];
data/tarantool-2.6.0/third_party/curl/lib/vtls/mesalink.c:311:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char error_buffer[MESALINK_MAX_ERROR_SZ];
data/tarantool-2.6.0/third_party/curl/lib/vtls/mesalink.c:387:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error_buffer[MESALINK_MAX_ERROR_SZ];
data/tarantool-2.6.0/third_party/curl/lib/vtls/mesalink.c:432:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error_buffer[MESALINK_MAX_ERROR_SZ];
data/tarantool-2.6.0/third_party/curl/lib/vtls/nss.c:818:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[50];
data/tarantool-2.6.0/third_party/curl/lib/vtls/nss.c:929:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char timeString[256];
data/tarantool-2.6.0/third_party/curl/lib/vtls/nss.c:2077:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char protocols[128];
data/tarantool-2.6.0/third_party/curl/lib/vtls/nss.c:2083:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
data/tarantool-2.6.0/third_party/curl/lib/vtls/nss.c:2089:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:252:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char client_random[SSL3_RANDOM_SIZE];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:253:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:270:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(master_key, session->master_key, session->master_key_length);
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:271:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(client_random, ssl->s3->client_random, SSL3_RANDOM_SIZE);
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:379:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buf, global_passwd, klen + 1);
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:399:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fname[256];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:450:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char randb[64];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:463:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&randb[i * sizeof(struct curltime)], &tv,
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:693:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error_buffer[256];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:1084:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, biomem->data, size);
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:1261:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:1357:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256]; /* We will use this for the OpenSSL error buffer, so it has
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:1710:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(peer_CN, ASN1_STRING_get0_data(tmp), j);
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:2011:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char unknown[32];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:2068:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ssl_buf[1024];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:2089:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      msg_type = (((char *)buf)[0] << 8) + ((char *)buf)[1];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:2089:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      msg_type = (((char *)buf)[0] << 8) + ((char *)buf)[1];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:2490:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error_buffer[256];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:2704:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char protocols[128];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:2714:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:2722:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&protocols[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:2850:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char cert_name[256];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:2860:11:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
          strcpy(cert_name, "Unknown");
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:3247:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char error_buffer[256]="";
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:3278:11:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
          strcpy(error_buffer, "SSL certificate verification failed");
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:3300:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char extramsg[80]="";
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:3395:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char namebuf[32];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:3431:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[128];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:3749:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error_buffer[256]="";
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:3750:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[2048];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:4112:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error_buffer[256];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:4163:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ver[120];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:4190:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error_buffer[256];
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:4303:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sub[3];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:206:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[LONGEST_ALG_ID] = { 0 };
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:416:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char alpn_buffer[128];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:616:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
          fInCert = fopen(data->set.ssl.cert, "rb");
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:682:25:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
            str_w_len = MultiByteToWideChar(CP_UTF8,
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:806:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:860:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&alpn_buffer[cur], NGHTTP2_PROTO_ALPN, NGHTTP2_PROTO_ALPN_LEN);
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:867:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&alpn_buffer[cur], ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH);
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:923:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:1104:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(inbuf[0].pvBuffer, BACKEND->encdata_buffer,
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:1171:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:1643:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(outbuf[1].pvBuffer, buf, len);
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:1899:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(BACKEND->decdata_buffer + BACKEND->decdata_offset,
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:1984:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:2035:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, BACKEND->decdata_buffer, size);
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:2147:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:2292:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c:99:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c:121:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c:131:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c:162:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c:225:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c:254:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c:554:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c:580:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c:608:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c:632:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[STRERROR_LEN];
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:906:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  *major = atoi(os_version_major);
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:907:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  *minor = atoi(os_version_minor);
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:2060:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[512], *data;
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:2062:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open(file, 0);
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:2093:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data + len, buf, n);
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:2357:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(realpubkey, spkiHeader, spkiHeaderLength);
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:2358:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(realpubkey + spkiHeaderLength, pubkey, pubkeylen);
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:2993:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[120];
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c:106:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(d->data, src->data, src->len);
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c:774:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&output[labellen + 1], value, valuelen);
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c:926:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pinkeycopy, pinnedpubkey, pinkeylen);
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c:959:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fp = fopen(pinnedpubkey, "rb");
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c:1304:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char backends[200];
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c:1320:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char vb[200];
data/tarantool-2.6.0/third_party/curl/lib/vtls/wolfssl.c:119:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char client_random[SSL3_RANDOM_SIZE];
data/tarantool-2.6.0/third_party/curl/lib/vtls/wolfssl.c:469:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char protocols[128];
data/tarantool-2.6.0/third_party/curl/lib/vtls/wolfssl.c:513:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error_buffer[WOLFSSL_MAX_ERROR_SZ];
data/tarantool-2.6.0/third_party/curl/lib/vtls/wolfssl.c:597:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char error_buffer[WOLFSSL_MAX_ERROR_SZ];
data/tarantool-2.6.0/third_party/curl/lib/vtls/wolfssl.c:808:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error_buffer[WOLFSSL_MAX_ERROR_SZ];
data/tarantool-2.6.0/third_party/curl/lib/vtls/wolfssl.c:856:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error_buffer[WOLFSSL_MAX_ERROR_SZ];
data/tarantool-2.6.0/third_party/curl/lib/x509asn1.c:302:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buf, from, outlength);
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:59:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
makeOS400IconvCode(char buf[ICONV_ID_SIZE], unsigned int ccsid)
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:85:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fromcode[ICONV_ID_SIZE];
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:86:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tocode[ICONV_ID_SIZE];
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:134:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(d, s, i);
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:479:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((char *) id, (char *) p, sizeof(*p));
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:485:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cp, (char *) p->protocols, i);
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:745:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          free((char *) forms[nargs].value);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:783:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf->value, t, i);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:803:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((char *) &in, (char *) in_name, sizeof(in));
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:1246:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((char *) dstaddr, (char *) srcaddr, srclen);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:1283:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((char *) dstaddr, (char *) srcaddr, srclen);
data/tarantool-2.6.0/third_party/curl/packages/vms/curl_crtl_init.c:201:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char unix_shell_name[255];
data/tarantool-2.6.0/third_party/curl/src/tool_cb_dbg.c:53:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char timebuf[20];
data/tarantool-2.6.0/third_party/curl/src/tool_cb_dbg.c:83:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      config->trace_stream = fopen(config->trace_dump, FOPEN_WRITETEXT);
data/tarantool-2.6.0/third_party/curl/src/tool_cb_hdr.c:246:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(copy, ptr, len);
data/tarantool-2.6.0/third_party/curl/src/tool_cb_hdr.c:316:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[512]; /* suitably large */
data/tarantool-2.6.0/third_party/curl/src/tool_cb_prg.c:79:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256];
data/tarantool-2.6.0/third_party/curl/src/tool_cb_prg.c:84:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&buf[bar->bar], "-=O=-", 5);
data/tarantool-2.6.0/third_party/curl/src/tool_cb_prg.c:179:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAX_BARLENGTH + 1];
data/tarantool-2.6.0/third_party/curl/src/tool_cb_prg.c:180:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[40];
data/tarantool-2.6.0/third_party/curl/src/tool_cb_wrt.c:51:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(outs->filename, "rb");
data/tarantool-2.6.0/third_party/curl/src/tool_cb_wrt.c:61:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file = fopen(outs->filename, "wb");
data/tarantool-2.6.0/third_party/curl/src/tool_cb_wrt.c:176:14:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    wc_len = MultiByteToWideChar(CP_UTF8, 0, buffer, in_len,  NULL, 0);
data/tarantool-2.6.0/third_party/curl/src/tool_cb_wrt.c:182:14:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    wc_len = MultiByteToWideChar(CP_UTF8, 0, buffer, in_len, wc_buf, wc_len);
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:312:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dos_name[PATH_MAX];
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:408:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(d, "plus", 4);
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:464:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fname[PATH_MAX];
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:629:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PATH_MAX];
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:675:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[sizeof(mod.szExePath) * 2];
data/tarantool-2.6.0/third_party/curl/src/tool_easysrc.c:181:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = fopen(o, FOPEN_WRITETEXT);
data/tarantool-2.6.0/third_party/curl/src/tool_formparse.c:200:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buffer, sip->data + curlx_sotouz(sip->curpos), nitems);
data/tarantool-2.6.0/third_party/curl/src/tool_formparse.c:280:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(cp, m->data, size + 1);
data/tarantool-2.6.0/third_party/curl/src/tool_formparse.c:422:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hdrbuf[999]; /* Max. header length + 1. */
data/tarantool-2.6.0/third_party/curl/src/tool_formparse.c:488:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char type_major[128] = "";
data/tarantool-2.6.0/third_party/curl/src/tool_formparse.c:489:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char type_minor[128] = "";
data/tarantool-2.6.0/third_party/curl/src/tool_formparse.c:573:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fp = fopen(hdrfile, FOPEN_READTEXT);
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:797:27:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
          FILE *newfile = fopen(nextarg, FOPEN_WRITETEXT);
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:961:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char lrange[7];  /* 16bit base 10 is 5 digits, but we allow 6 so that
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:1363:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            file = fopen(p, "rb");
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:1429:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
          file = fopen(nextarg, "rb");
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:1485:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(config->postfields, oldpost, (size_t)oldlen);
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:1488:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&config->postfields[oldlen + 1], postdata, size);
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:1784:38:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE *file = use_stdin?stdin:fopen(&nextarg[1], FOPEN_READTEXT);
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:1996:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[32];
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:2133:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
          file = fopen(nextarg, FOPEN_READTEXT);
data/tarantool-2.6.0/third_party/curl/src/tool_getpass.c:232:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int fd = open("/dev/tty", O_RDONLY);
data/tarantool-2.6.0/third_party/curl/src/tool_help.c:607:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *featp[ sizeof(feats) / sizeof(feats[0]) + 1];
data/tarantool-2.6.0/third_party/curl/src/tool_help.c:613:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        featp[numfeat++] = (char *)feats[i].name;
data/tarantool-2.6.0/third_party/curl/src/tool_main.c:110:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[CURL_MT_LOGFNAME_BUFSIZE];
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:134:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:152:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void SHA1_Final(unsigned char digest[20], SHA_CTX *ctx)
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:170:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void SHA256_Final(unsigned char digest[32], SHA256_CTX *ctx)
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:190:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:192:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(digest, gcry_md_read(*ctx, 0), 16);
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:209:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void SHA1_Final(unsigned char digest[20], SHA_CTX *ctx)
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:211:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(digest, gcry_md_read(*ctx, 0), 20);
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:228:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void SHA256_Final(unsigned char digest[32], SHA256_CTX *ctx)
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:230:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(digest, gcry_md_read(*ctx, 0), 32);
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:282:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void MD5_Final(unsigned char digest[16], MD5_CTX *pctx)
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:299:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void SHA1_Final(unsigned char digest[20], SHA_CTX *pctx)
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:316:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void SHA256_Final(unsigned char digest[32], SHA256_CTX *pctx)
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:353:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void MD5_Final(unsigned char digest[16], MD5_CTX *ctx)
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:374:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void SHA1_Final(unsigned char digest[20], SHA_CTX *ctx)
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:395:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void SHA256_Final(unsigned char digest[32], SHA256_CTX *ctx)
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:506:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[3];
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:543:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open(filename, flags);
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:565:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[4096];
data/tarantool-2.6.0/third_party/curl/src/tool_operate.c:162:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[8192];
data/tarantool-2.6.0/third_party/curl/src/tool_operate.c:168:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  file = fopen(name, "r"); /* VMS */
data/tarantool-2.6.0/third_party/curl/src/tool_operate.c:297:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        per->infd = open(per->uploadfile, O_RDONLY | O_BINARY);
data/tarantool-2.6.0/third_party/curl/src/tool_operate.c:300:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        per->infd = open(per->uploadfile, O_RDONLY | O_BINARY,
data/tarantool-2.6.0/third_party/curl/src/tool_operate.c:306:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      per->infd = open(per->uploadfile, O_RDONLY | O_BINARY);
data/tarantool-2.6.0/third_party/curl/src/tool_operate.c:878:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            newfile = fopen(config->headerfile, per->prev == NULL?"wb":"ab");
data/tarantool-2.6.0/third_party/curl/src/tool_operate.c:915:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
          FILE *file = fopen(config->etag_compare_file, FOPEN_READTEXT);
data/tarantool-2.6.0/third_party/curl/src/tool_operate.c:957:29:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            FILE *newfile = fopen(config->etag_save_file, "wb");
data/tarantool-2.6.0/third_party/curl/src/tool_operate.c:1086:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            FILE *file = fopen(outfile, "ab",
data/tarantool-2.6.0/third_party/curl/src/tool_operate.c:1090:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            FILE *file = fopen(per->outfile, "ab");
data/tarantool-2.6.0/third_party/curl/src/tool_operate.c:1563:29:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            FILE *fInCert = fopen(config->cert + 8, "rb");
data/tarantool-2.6.0/third_party/curl/src/tool_operate.c:1606:29:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            FILE *fInCert = fopen(config->key + 8, "rb");
data/tarantool-2.6.0/third_party/curl/src/tool_operate.h:54:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char errorbuffer[CURL_ERROR_SIZE];
data/tarantool-2.6.0/third_party/curl/src/tool_operhlp.c:185:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[512]; /* suitably large */
data/tarantool-2.6.0/third_party/curl/src/tool_paramhlp.c:66:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/tarantool-2.6.0/third_party/curl/src/tool_paramhlp.c:482:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char passwd[256] = "";
data/tarantool-2.6.0/third_party/curl/src/tool_paramhlp.c:483:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prompt[256];
data/tarantool-2.6.0/third_party/curl/src/tool_paramhlp.c:517:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&passptr[userlen + 1], passwd, passwdlen + 1);
data/tarantool-2.6.0/third_party/curl/src/tool_parsecfg.c:47:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filebuffer[512];
data/tarantool-2.6.0/third_party/curl/src/tool_parsecfg.c:63:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        return fopen(filebuffer, FOPEN_READTEXT);
data/tarantool-2.6.0/third_party/curl/src/tool_parsecfg.c:110:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        file = fopen(pathalloc, FOPEN_READTEXT);
data/tarantool-2.6.0/third_party/curl/src/tool_parsecfg.c:131:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      file = fopen(filename, FOPEN_READTEXT);
data/tarantool-2.6.0/third_party/curl/src/tool_parsecfg.c:343:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[4096];
data/tarantool-2.6.0/third_party/curl/src/tool_progress.c:118:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(r, "--:--:--");
data/tarantool-2.6.0/third_party/curl/src/tool_progress.c:184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char time_left[10];
data/tarantool-2.6.0/third_party/curl/src/tool_progress.c:185:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char time_total[10];
data/tarantool-2.6.0/third_party/curl/src/tool_progress.c:186:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char time_spent[10];
data/tarantool-2.6.0/third_party/curl/src/tool_progress.c:187:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[3][6];
data/tarantool-2.6.0/third_party/curl/src/tool_progress.c:189:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dlpercen[4]="--";
data/tarantool-2.6.0/third_party/curl/src/tool_progress.c:190:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ulpercen[4]="--";
data/tarantool-2.6.0/third_party/curl/src/tool_setopt.c:243:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(e, "\\n");
data/tarantool-2.6.0/third_party/curl/src/tool_setopt.c:247:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(e, "\\r");
data/tarantool-2.6.0/third_party/curl/src/tool_setopt.c:251:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(e, "\\t");
data/tarantool-2.6.0/third_party/curl/src/tool_setopt.c:255:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(e, "\\\\");
data/tarantool-2.6.0/third_party/curl/src/tool_setopt.c:259:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(e, "\\\"");
data/tarantool-2.6.0/third_party/curl/src/tool_setopt.c:321:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char preamble[80];          /* should accommodate any symbol name */
data/tarantool-2.6.0/third_party/curl/src/tool_setopt.c:364:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char preamble[80];
data/tarantool-2.6.0/third_party/curl/src/tool_setopt.c:468:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(cp, part->data, size + 1);
data/tarantool-2.6.0/third_party/curl/src/tool_setopt.c:630:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256];
data/tarantool-2.6.0/third_party/curl/src/tool_strdup.c:42:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(newstr, str, (len + 1)*sizeof(char));
data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c:54:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(pat->content.Set.elements[0], fixed, len);
data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c:331:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hostname[MAX_IP6LEN];
data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c:347:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(hostname, str, hlen);
data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c:380:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(buf, pattern, skip);
data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c:469:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char text[512];
data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c:614:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char numbuf[18];
data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c:701:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&target[stringlen], appendthis, appendlen);
data/tarantool-2.6.0/third_party/curl/tests/libtest/chkdecimalpoint.c:32:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char zero[TOTAL_STR_LEN] = {'\0'};
data/tarantool-2.6.0/third_party/curl/tests/libtest/chkhostname.c:30:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[HOSTNAME_MAX];
data/tarantool-2.6.0/third_party/curl/tests/libtest/first.c:94:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[CURL_MT_LOGFNAME_BUFSIZE];
data/tarantool-2.6.0/third_party/curl/tests/libtest/first.c:121:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char dump[200 * 3 + 1];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1156.c:89:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char urlbuf[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1502.c:48:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char redirect[160];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1506.c:39:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char target_url[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1506.c:40:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dnsentry[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1510.c:37:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char target_url[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1510.c:38:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dnsentry[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1512.c:41:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dnsentry[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1512.c:44:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char target_url[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1515.c:122:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dns_entry[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1515.c:135:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char target_url[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1517.c:48:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, pooh->readptr, tocopy);/* copy requested data */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1520.c:63:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, data, len);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1522.c:30:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char g_Data[40 * 1024]; /* POST 40KB */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1523.c:60:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[CURL_ERROR_SIZE];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1525.c:42:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, data, strlen(data));
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1526.c:41:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, data, strlen(data));
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1527.c:41:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, data, strlen(data));
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1529.c:31:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bURL[512];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1555.c:39:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1560.c:48:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1560.c:654:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[80];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1560.c:655:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char part[80];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1560.c:656:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char value[80];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1560.c:660:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buf, p, n);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1591.c:49:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, data, amount);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1900.c:33:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *urlstring[MAX_URLS];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1900.c:35:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *site_blocklist[MAX_BLOCKLIST];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1900.c:36:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *server_blocklist[MAX_BLOCKLIST];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1900.c:55:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[200];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1900.c:61:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen(filename, "rb");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1900.c:114:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char urlbuf[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1906.c:34:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error_buffer[CURL_ERROR_SIZE] = "";
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1907.c:33:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error_buffer[CURL_ERROR_SIZE] = "";
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib500.c:97:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      FILE *moo = fopen(libtest_arg2, "wb");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib505.c:55:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  hd_src = fopen(libtest_arg2, "rb");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib510.c:55:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, data, len);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib518.c:53:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char msgbuff[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib518.c:85:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fpa[i] = fopen(DEV_NULL, FOPEN_READTEXT);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib518.c:106:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char strbuff[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib518.c:107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char strbuff1[81];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib518.c:108:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char strbuff2[81];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib518.c:132:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(strbuff, "INFINITY");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib518.c:140:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(strbuff, "INFINITY");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib518.c:198:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(strbuff, "INFINITY");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib518.c:206:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(strbuff, "INFINITY");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib518.c:324:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd[0] = open(DEV_NULL, O_RDONLY);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib525.c:55:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  hd_src = fopen(libtest_arg2, "rb");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib530.c:39:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char target_url[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib537.c:54:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char msgbuff[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib537.c:86:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fpa[i] = fopen(DEV_NULL, FOPEN_READTEXT);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib537.c:108:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char strbuff[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib537.c:109:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char strbuff1[81];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib537.c:133:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(strbuff, "INFINITY");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib537.c:141:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(strbuff, "INFINITY");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib537.c:193:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(strbuff, "INFINITY");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib537.c:201:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(strbuff, "INFINITY");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib537.c:318:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd[0] = open(DEV_NULL, O_RDONLY);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib540.c:189:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[246]; /* naively fixed-size */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib541.c:47:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  hd_src = fopen(libtest_arg2, "rb");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib544.c:73:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(teststring, "FAIL");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib552.c:127:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char databuf[70000]; /* MUST be more than 64k OR
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib552.c:137:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, databuf + current_offset, given);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib553.c:36:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buf[1024];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib553.c:48:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ptr, buf, size);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib553.c:56:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char buf[SIZE_HEADERS + 100];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib556.c:81:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[1024];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:67:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[BUFSZ];   /* result string   */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:74:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[BUFSZ];   /* result string   */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:81:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[BUFSZ];   /* result string   */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:88:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[BUFSZ];   /* result string   */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:95:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[BUFSZ];   /* result string   */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:102:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[BUFSZ];   /* result string   */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:109:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[BUFSZ];   /* result string   */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:1415:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:1448:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:1553:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[512]; /* larger than max float size */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib566.c:54:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    moo = fopen(libtest_arg2, "wb");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib568.c:79:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  sdp = open("log/file568.txt", O_RDONLY);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib568.c:83:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  sdpf = fopen("log/file568.txt", "rb");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib569.c:43:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *idfile = fopen(libtest_arg2, "wb");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib571.c:108:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *protofile = fopen(libtest_arg2, "wb");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib572.c:98:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  params = open("log/file572.txt", O_RDONLY);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib572.c:102:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  paramsf = fopen("log/file572.txt", "rb");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib578.c:34:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *moo = fopen(libtest_arg2, "wb");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib579.c:55:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *moo = fopen(libtest_arg2, "ab");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib579.c:79:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, data, len);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib582.c:244:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  hd_src = fopen(libtest_arg2, "rb");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib591.c:48:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  upload = fopen(libtest_arg3, "rb");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib599.c:83:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    moo = fopen(libtest_arg2, "wb");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib650.c:64:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char flbuf[32];
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib651.c:26:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char buffer[17000]; /* more than 16K */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib652.c:26:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char buffer[17000]; /* more than 16K */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib666.c:26:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char buffer[17000]; /* more than 16K */
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib668.c:49:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, pooh->readptr, len);
data/tarantool-2.6.0/third_party/curl/tests/libtest/stub_gssapi.c:63:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char creds[MAX_CREDS_LENGTH];
data/tarantool-2.6.0/third_party/curl/tests/libtest/testtrace.c:93:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char timebuf[20];
data/tarantool-2.6.0/third_party/curl/tests/server/fake_ntlm.c:112:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024];
data/tarantool-2.6.0/third_party/curl/tests/server/fake_ntlm.c:113:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char logfilename[256];
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:93:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(convbuf, indata, insize);
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:212:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(*dst_buf + *dst_len, src_buf, src_len);
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:247:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(*buf, buf64, src_len);
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:282:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char couter[MAX_TAG_LEN + 1]; /* current outermost section */
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:283:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cmain[MAX_TAG_LEN + 1];  /* current main section */
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:284:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char csub[MAX_TAG_LEN + 1];   /* current sub section */
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:285:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ptag[MAX_TAG_LEN + 1];   /* potential tag */
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:286:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char patt[MAX_TAG_LEN + 1];   /* potential attributes */
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:346:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ptag, ptr, len.uns);
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:408:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ptag, ptr, len.uns);
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:428:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(patt, ptr, len.uns);
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:145:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(configfile, FOPEN_READTEXT);
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:148:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[512];
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:151:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char key[32];
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:152:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char value[32];
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:171:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          config.testnum = atoi(value);
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:185:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[12000];
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:212:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[12000] = "";
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:398:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char rembuffer[4];
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:410:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&packet[1], rembuffer, encodedlen);
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:417:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&packet[3 + encodedlen], topic, topiclen);
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:420:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&packet[payloadindex], payload, payloadlen);
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:440:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char topic[MAX_TOPIC_LENGTH + 1];
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:448:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[10];
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:479:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[10*1024];
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:487:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char client_id[MAX_CLIENT_ID_LENGTH];
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:490:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char protocol[7] = {
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:495:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *dump = fopen(REQUEST_DUMP, "ab");
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:539:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(client_id, &buffer[14], payload_len);
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:576:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(topic, &buffer[4], topic_len);
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:98:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char reqbuf[REQBUFSIZ]; /* buffer area for the incoming request */
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:103:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  bool open;      /* keep connection open info, as found in the request */
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:208:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char request[REQUEST_KEYWORD_SIZE];
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:209:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char doc[MAXDOCNAMELEN];
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:210:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char prot_str[5];
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:228:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char logbuf[256];
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:369:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(rtp_scratch + 4 + i, RTP_DATA, RTP_DATA_SIZE);
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:380:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(req->rtp_buffer + req->rtp_buffersize, rtp_scratch,
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:553:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
     req->open &&
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:609:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    dump = fopen(REQUEST_DUMP, "ab");
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:774:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char weare[256];
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:804:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msgbuf[64];
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:849:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char partbuf[80]="data";
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:914:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  dump = fopen(RESPONSE_DUMP, "ab");
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:998:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char command[32];
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:1332:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      if(!req.open) {
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:1337:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      if(req.open)
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:1340:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    } while(req.open || (req.testno == DOCNUMBER_CONNECT));
data/tarantool-2.6.0/third_party/curl/tests/server/sockfilt.c:347:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[120];
data/tarantool-2.6.0/third_party/curl/tests/server/sockfilt.c:916:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[17010];
data/tarantool-2.6.0/third_party/curl/tests/server/sockfilt.c:917:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[16];
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:121:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char addr[32]; /* backend IPv4 numerical */
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:122:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char user[256];
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:123:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char password[256];
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:159:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(config.user, "user");
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:160:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(config.password, "password");
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:177:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(configfile, FOPEN_READTEXT);
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:180:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[512];
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:183:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char key[32];
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:184:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char value[32];
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:235:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[1200];
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:304:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char response[256 + 16];
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:335:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&response[2], &buffer[SOCKS4_DSTPORT], 6);
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:356:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[256 + 16];
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:357:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char response[256 + 16];
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:558:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&response[SOCKS5_BNDADDR], address, len);
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:561:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&response[SOCKS5_BNDADDR + len],
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:594:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[512];
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:925:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        backendport = (unsigned short)atoi(argv[arg++]);
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:98:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char reqbuf[REQBUFSIZ]; /* buffer area for the incoming request */
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:105:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  bool open;      /* keep connection open info, as found in the request */
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:242:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256];
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:243:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *f = fopen(cmdfile, FOPEN_READTEXT);
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:361:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char request[REQUEST_KEYWORD_SIZE];
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:362:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char doc[MAXDOCNAMELEN];
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:363:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char logbuf[456];
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:749:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if(req->open &&
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:802:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    dump = fopen(dumpfile, "ab");
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:961:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char weare[256];
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:989:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msgbuf[64];
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:1019:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char partbuf[80];
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:1093:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  dump = fopen(responsedump, "ab");
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:1168:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char command[32];
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:1330:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char readclient[2][256];
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:1331:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char readserver[2][256];
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:1830:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if(!req->open) {
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:1855:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if(req->open) {
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:1883:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char port_str[11];
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:2294:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if(!req.open)
data/tarantool-2.6.0/third_party/curl/tests/server/tftp.h:45:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char th_data[1];         /* data or error string */
data/tarantool-2.6.0/third_party/curl/tests/server/tftpd.c:131:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char storage[PKTSIZE];
data/tarantool-2.6.0/third_party/curl/tests/server/tftpd.c:378:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dp->th_data, test->rptr, copy_n);
data/tarantool-2.6.0/third_party/curl/tests/server/tftpd.c:451:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outfile[256];
data/tarantool-2.6.0/third_party/curl/tests/server/tftpd.c:454:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    test->ofile = open(outfile, O_CREAT|O_RDWR|O_BINARY, 0777);
data/tarantool-2.6.0/third_party/curl/tests/server/tftpd.c:456:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    test->ofile = open(outfile, O_CREAT|O_RDWR, 0777);
data/tarantool-2.6.0/third_party/curl/tests/server/tftpd.c:518:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char rbuf[PKTSIZE];
data/tarantool-2.6.0/third_party/curl/tests/server/tftpd.c:898:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *server = fopen(REQUEST_DUMP, "ab");
data/tarantool-2.6.0/third_party/curl/tests/server/tftpd.c:1072:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char weare[128];
data/tarantool-2.6.0/third_party/curl/tests/server/tftpd.c:1088:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char partbuf[80]="data";
data/tarantool-2.6.0/third_party/curl/tests/server/tftpd.c:1356:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(tp->th_msg, pe->e_msg, length + 1);
data/tarantool-2.6.0/third_party/curl/tests/server/util.c:78:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buf[256*3];
data/tarantool-2.6.0/third_party/curl/tests/server/util.c:102:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[2048 + 1];
data/tarantool-2.6.0/third_party/curl/tests/server/util.c:107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char timebuf[20];
data/tarantool-2.6.0/third_party/curl/tests/server/util.c:132:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  logfp = fopen(serverlogfile, "ab");
data/tarantool-2.6.0/third_party/curl/tests/server/util.c:150:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[512];
data/tarantool-2.6.0/third_party/curl/tests/server/util.c:200:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filename[256];
data/tarantool-2.6.0/third_party/curl/tests/server/util.c:203:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  stream = fopen(filename, "rb");
data/tarantool-2.6.0/third_party/curl/tests/server/util.c:209:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  stream = fopen(filename, "rb");
data/tarantool-2.6.0/third_party/curl/tests/server/util.c:277:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  pidfile = fopen(filename, "wb");
data/tarantool-2.6.0/third_party/curl/tests/server/util.c:300:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *portfile = fopen(filename, "wb");
data/tarantool-2.6.0/third_party/curl/tests/server/util.c:318:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    lockfile = fopen(filename, "wb");
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1304.c:28:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char filename[64];
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1304.c:54:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(filename, filename1, strlen(filename1));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1305.c:90:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ai->ai_canonname, dummy, namelen);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1398.c:32:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buf[3] = {'b', 'u', 'g'};
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1398.c:35:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char output[24];
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1399.c:65:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char msg[64];
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1600.c:50:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char output[21];
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1601.c:41:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char output[MD5_DIGEST_LEN];
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1607.c:53:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *address[10];
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1607.c:143:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char ipaddress[MAX_IPADR_LEN] = {0};
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1609.c:53:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *address[10];
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1609.c:151:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char ipaddress[MAX_IPADR_LEN] = {0};
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1610.c:41:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char output[SHA256_DIGEST_LENGTH];
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1611.c:41:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char output[MD4_DIGEST_LENGTH];
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1612.c:43:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char output[HMAC_MD5_LENGTH];
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1621.c:74:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    url = (char *)tests[i].input;
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1650.c:157:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[256];
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1650.c:177:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
             hexdump((unsigned char *)req[i].packet, size));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1650.c:189:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    rc = doh_decode((const unsigned char *)resp[i].packet, resp[i].size,
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1650.c:232:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    if(resp[i].out && strcmp((char *)buffer, resp[i].out)) {
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1652.c:35:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char input[4096];
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1652.c:36:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char result[4096];
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1652.c:55:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(result, buf, size);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1654.c:49:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char outname[256];
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1655.c:87:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char dohbuffer[255 + 16]; /* deliberately short buffer */
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1655.c:141:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[128];
data/tarantool-2.6.0/third_party/decNumber/decBasic.c:3302:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, buf+DECPMAX, PHALF);
data/tarantool-2.6.0/third_party/decNumber/decBasic.c:3306:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf+DECPMAX, buf, PHALF);
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1157:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hexbuf[DECBYTES*2+DECBYTES/4+1]; // NB blank after every fourth
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1158:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[DECSTRING];                 // for value in decimal
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1163:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(&hexbuf[j], "%02x", df->bytes[DECBYTES-1-i]);
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1165:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(&hexbuf[j], "%02x", df->bytes[i]);
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1252:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(c,   "Inf");
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1253:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(c+3, "inity");
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1257:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(c, "NaN");              // complete word
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1392:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(cstart+pre-4, "0000", 4);
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1393:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(cstart, "0.00", 4);
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1397:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(cstart, "0.", 2);
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1405:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(c, "E+", 2);                 // starts with E, assume +
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1535:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(c, "Infinity");
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1539:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(c, "NaN");              // complete word
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1633:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(c, "E+", 2);               // starts with E, assume +
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1689:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cstart+pre-4, "0000", 4);
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1690:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cstart, "0.00", 4);
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1694:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cstart, "0.", 2);
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1795:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
     char qbuf[10];                     // for right-aligned q
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1799:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
     strcpy(qbuf, "q=");
data/tarantool-2.6.0/third_party/decNumber/decNumber.c:3742:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(c,   "Inf");
data/tarantool-2.6.0/third_party/decNumber/decNumber.c:3743:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(c+3, "inity");
data/tarantool-2.6.0/third_party/decNumber/decNumber.c:3750:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(c, "NaN");
data/tarantool-2.6.0/third_party/decNumber/decNumberLocal.h:153:23:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  #define UBTOUS(b)  (memcpy((void *)&uswork, b, 2), uswork)
data/tarantool-2.6.0/third_party/decNumber/decNumberLocal.h:154:23:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  #define UBTOUI(b)  (memcpy((void *)&uiwork, b, 4), uiwork)
data/tarantool-2.6.0/third_party/decNumber/decNumberLocal.h:159:40:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  #define UBFROMUS(b, i)  (uswork=(i), memcpy(b, (void *)&uswork, 2), uswork)
data/tarantool-2.6.0/third_party/decNumber/decNumberLocal.h:160:40:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  #define UBFROMUI(b, i)  (uiwork=(i), memcpy(b, (void *)&uiwork, 4), uiwork)
data/tarantool-2.6.0/third_party/decNumber/decNumberLocal.h:491:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    #define dpd2bcd8(u, dpd)  memcpy(u, &DPD2BCD8[((dpd)&0x3ff)*4], 4)
data/tarantool-2.6.0/third_party/decNumber/decNumberLocal.h:492:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    #define dpd2bcd83(u, dpd) memcpy(u, &DPD2BCD8[((dpd)&0x3ff)*4], 3)
data/tarantool-2.6.0/third_party/decNumber/decimal128.c:317:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(c,   "Inf");
data/tarantool-2.6.0/third_party/decNumber/decimal128.c:318:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(c+3, "inity");
data/tarantool-2.6.0/third_party/decNumber/decimal128.c:322:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(c, "NaN");              // complete word
data/tarantool-2.6.0/third_party/decNumber/decimal128.c:344:36:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                   if (c!=cstart) {memcpy(c, u+1, 4); c+=3;}      \
data/tarantool-2.6.0/third_party/decNumber/decimal128.c:345:36:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    else if (*u)  {memcpy(c, u+4-*u, 4); c+=*u;}
data/tarantool-2.6.0/third_party/decNumber/decimal128.c:407:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(c, u+4-*u, 4);      // copy fixed 4 characters [is safe]
data/tarantool-2.6.0/third_party/decNumber/decimal128.c:415:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(c, u+1, 4);         // copy fixed 3+1 characters [is safe]
data/tarantool-2.6.0/third_party/decNumber/decimal128.c:532:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[DECIMAL128_Bytes*2+1];
data/tarantool-2.6.0/third_party/decNumber/decimal128.c:537:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(&buf[j], "%02x", d128->bytes[15-i]);
data/tarantool-2.6.0/third_party/decNumber/decimal128.c:546:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(&buf[j], "%02x", d128->bytes[i]);
data/tarantool-2.6.0/third_party/decNumber/decimal32.c:272:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(c,   "Inf");
data/tarantool-2.6.0/third_party/decNumber/decimal32.c:273:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(c+3, "inity");
data/tarantool-2.6.0/third_party/decNumber/decimal32.c:277:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(c, "NaN");              // complete word
data/tarantool-2.6.0/third_party/decNumber/decimal32.c:298:36:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                   if (c!=cstart) {memcpy(c, u+1, 4); c+=3;}      \
data/tarantool-2.6.0/third_party/decNumber/decimal32.c:299:36:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    else if (*u)  {memcpy(c, u+4-*u, 4); c+=*u;}
data/tarantool-2.6.0/third_party/decNumber/decimal32.c:343:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(c, u+4-*u, 4);        // copy fixed 4 characters [is safe]
data/tarantool-2.6.0/third_party/decNumber/decimal32.c:457:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[DECIMAL32_Bytes*2+1];
data/tarantool-2.6.0/third_party/decNumber/decimal32.c:462:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(&buf[j], "%02x", d32->bytes[3-i]);
data/tarantool-2.6.0/third_party/decNumber/decimal32.c:470:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(&buf[j], "%02x", d32->bytes[i]);
data/tarantool-2.6.0/third_party/decNumber/decimal64.c:327:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(c,   "Inf");
data/tarantool-2.6.0/third_party/decNumber/decimal64.c:328:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(c+3, "inity");
data/tarantool-2.6.0/third_party/decNumber/decimal64.c:332:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(c, "NaN");              // complete word
data/tarantool-2.6.0/third_party/decNumber/decimal64.c:353:36:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                   if (c!=cstart) {memcpy(c, u+1, 4); c+=3;}      \
data/tarantool-2.6.0/third_party/decNumber/decimal64.c:354:36:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    else if (*u)  {memcpy(c, u+4-*u, 4); c+=*u;}
data/tarantool-2.6.0/third_party/decNumber/decimal64.c:404:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(c, u+4-*u, 4);        // copy fixed 4 characters [is safe]
data/tarantool-2.6.0/third_party/decNumber/decimal64.c:519:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[DECIMAL64_Bytes*2+1];
data/tarantool-2.6.0/third_party/decNumber/decimal64.c:524:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(&buf[j], "%02x", d64->bytes[7-i]);
data/tarantool-2.6.0/third_party/decNumber/decimal64.c:532:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(&buf[j], "%02x", d64->bytes[i]);
data/tarantool-2.6.0/third_party/decNumber/example1.c:18:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[DECNUMDIGITS+14];    // conversion buffer
data/tarantool-2.6.0/third_party/decNumber/example2.c:27:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[DECNUMDIGITS+14];                   // conversion buffer
data/tarantool-2.6.0/third_party/decNumber/example3.c:27:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[DECNUMDIGITS+14];                   // conversion buffer
data/tarantool-2.6.0/third_party/decNumber/example4.c:30:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[DECNUMDIGITS+14];    // conversion buffer
data/tarantool-2.6.0/third_party/decNumber/example5.c:17:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[DECIMAL64_String];   // number->string buffer
data/tarantool-2.6.0/third_party/decNumber/example5.c:18:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hexes[25];                  // decimal64->hex buffer
data/tarantool-2.6.0/third_party/decNumber/example5.c:30:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(&hexes[i*3], "%02x ", a.bytes[i]);
data/tarantool-2.6.0/third_party/decNumber/example6.c:29:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  hexes[49];                                // for packed->hex
data/tarantool-2.6.0/third_party/decNumber/example6.c:55:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(&hexes[i*3], "%02x ", respack[i]);
data/tarantool-2.6.0/third_party/decNumber/example7.c:18:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[DECQUAD_String];     // number->string buffer
data/tarantool-2.6.0/third_party/decNumber/example8.c:21:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string[DECQUAD_String];     // number->string buffer
data/tarantool-2.6.0/third_party/libeio/ecb.h:743:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&r, &x, 4);
data/tarantool-2.6.0/third_party/libeio/ecb.h:783:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&r, &x, 4);
data/tarantool-2.6.0/third_party/libeio/ecb.h:813:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&r, &x, 8);
data/tarantool-2.6.0/third_party/libeio/ecb.h:853:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&r, &x, 8);
data/tarantool-2.6.0/third_party/libeio/eio.c:359:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str[1]; /* actually, a 0-terminated canonical path */
data/tarantool-2.6.0/third_party/libeio/eio.c:565:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
eio__utimes (const char *filename, const struct timeval times[2])
data/tarantool-2.6.0/third_party/libeio/eio.c:1017:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open (rel, O_RDONLY | O_NONBLOCK | O_NOCTTY | O_NOATIME);
data/tarantool-2.6.0/third_party/libeio/eio.c:1021:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf (tmp1, "/proc/self/fd/%d", fd);
data/tarantool-2.6.0/third_party/libeio/eio.c:1051:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (res, wd->str, len = wd->len);
data/tarantool-2.6.0/third_party/libeio/eio.c:1096:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (res + 1, beg, len);
data/tarantool-2.6.0/third_party/libeio/eio.c:1131:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy (tmp2, tmp1, linklen);
data/tarantool-2.6.0/third_party/libeio/eio.c:1162:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char bits [9 + sizeof (eio_ino_t) * 8];
data/tarantool-2.6.0/third_party/libeio/eio.c:1207:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char *bit_stk  [9 + sizeof (eio_ino_t) * 8];
data/tarantool-2.6.0/third_party/libeio/eio.c:1235:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              if (!(((unsigned char *)a)[O] & M))
data/tarantool-2.6.0/third_party/libeio/eio.c:1490:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy (names + namesoffs, name, len);
data/tarantool-2.6.0/third_party/libeio/eio.c:1625:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (res, wd->str, l1);
data/tarantool-2.6.0/third_party/libeio/eio.c:1627:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (res + l1 + 1, path, l2 + 1);
data/tarantool-2.6.0/third_party/libeio/eio.c:1659:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (res->str, tmpbuf->ptr, len);
data/tarantool-2.6.0/third_party/libeio/eio.c:1918:41:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      case EIO_OPEN:      req->result = open      (path     , req->int1, (mode_t)req->int2); break;
data/tarantool-2.6.0/third_party/libeio/eio.c:1961:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                              memcpy (req->ptr2, self->tmpbuf.ptr, req->result);
data/tarantool-2.6.0/third_party/libeio/etp.c:304:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[16 + 1];
data/tarantool-2.6.0/third_party/libeio/etp.c:311:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy (name + (len <= namelen - 4 ? len : namelen - 4), "/eio");
data/tarantool-2.6.0/third_party/libev/ev.c:468:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pad[128 - sizeof (uint32_t)];
data/tarantool-2.6.0/third_party/libev/ev.c:1354:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&r, &x, 4);
data/tarantool-2.6.0/third_party/libev/ev.c:1394:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&r, &x, 4);
data/tarantool-2.6.0/third_party/libev/ev.c:1424:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&r, &x, 8);
data/tarantool-2.6.0/third_party/libev/ev.c:1464:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&r, &x, 8);
data/tarantool-2.6.0/third_party/libev/ev.c:2532:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char dummy[4];
data/tarantool-2.6.0/third_party/libev/ev.c:2907:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        flags = atoi (getenv ("LIBEV_FLAGS"));
data/tarantool-2.6.0/third_party/libev/ev.c:4355:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char path [4096];
data/tarantool-2.6.0/third_party/libev/ev.c:4437:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf [EV_INOTIFY_BUFSIZE];
data/tarantool-2.6.0/third_party/libev/ev.c:5136:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            cb (EV_A_ EV_STAT, ((char *)ANHE_w (timers [i])) - offsetof (struct ev_stat, timer));
data/tarantool-2.6.0/third_party/libev/ev_select.c:155:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (vec_ro, vec_ri, fd_setsize);
data/tarantool-2.6.0/third_party/libev/ev_select.c:156:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (vec_wo, vec_wi, fd_setsize);
data/tarantool-2.6.0/third_party/libev/ev_select.c:164:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (vec_eo, vec_wi, fd_setsize);
data/tarantool-2.6.0/third_party/libutil_freebsd/flopen.c:67:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fd = open(path, flags, mode)) == -1)
data/tarantool-2.6.0/third_party/libutil_freebsd/pidfile.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	pf_path[MAXPATHLEN + 1];
data/tarantool-2.6.0/third_party/libutil_freebsd/pidfile.c:82:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[16], *endptr;
data/tarantool-2.6.0/third_party/libutil_freebsd/pidfile.c:85:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(path, O_RDONLY | O_CLOEXEC);
data/tarantool-2.6.0/third_party/libutil_freebsd/pidfile.c:181:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pidstr[16];
data/tarantool-2.6.0/third_party/libyaml/src/api.c:108:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*a_pointer, *b_start, *b_pointer - *b_start);
data/tarantool-2.6.0/third_party/libyaml/src/api.c:259:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, parser->input.string.current, size);
data/tarantool-2.6.0/third_party/libyaml/src/api.c:421:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(emitter->output.string.buffer
data/tarantool-2.6.0/third_party/libyaml/src/api.c:430:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(emitter->output.string.buffer
data/tarantool-2.6.0/third_party/libyaml/src/api.c:849:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(value_copy, value, length);
data/tarantool-2.6.0/third_party/libyaml/src/api.c:1220:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(value_copy, value, length);
data/tarantool-2.6.0/third_party/libyaml/src/emitter.c:2220:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char indent_hint[2];
data/tarantool-2.6.0/third_party/libyaml/src/parser.c:613:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(tag, tag_directive->prefix, prefix_len);
data/tarantool-2.6.0/third_party/libyaml/src/parser.c:614:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(tag+prefix_len, tag_suffix, suffix_len);
data/tarantool-2.6.0/third_party/libyaml/src/scanner.c:2592:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(string.start, head+1, length-1);
data/tarantool-2.6.0/third_party/libyaml/tests/example-deconstructor-alt.c:208:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char number[64];
data/tarantool-2.6.0/third_party/libyaml/tests/example-deconstructor-alt.c:226:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(number, "%d", version->major);
data/tarantool-2.6.0/third_party/libyaml/tests/example-deconstructor-alt.c:238:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(number, "%d", version->minor);
data/tarantool-2.6.0/third_party/libyaml/tests/example-deconstructor.c:244:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char number[64];
data/tarantool-2.6.0/third_party/libyaml/tests/example-deconstructor.c:275:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(number, "%d", version->major);
data/tarantool-2.6.0/third_party/libyaml/tests/example-deconstructor.c:294:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(number, "%d", version->minor);
data/tarantool-2.6.0/third_party/libyaml/tests/run-dumper.c:166:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data[BUFFER_SIZE];
data/tarantool-2.6.0/third_party/libyaml/tests/run-dumper.c:172:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(name, "rb");
data/tarantool-2.6.0/third_party/libyaml/tests/run-dumper.c:230:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buffer[BUFFER_SIZE+1];
data/tarantool-2.6.0/third_party/libyaml/tests/run-dumper.c:244:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        file = fopen(argv[number], "rb");
data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter-test-suite.c:21:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter-test-suite.c:26:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        input = fopen(argv[1], "rb");
data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter-test-suite.c:43:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char anchor[256];
data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter-test-suite.c:44:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tag[256];
data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter-test-suite.c:78:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char value[1024];
data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter-test-suite.c:162:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(anchor, start, end - start);
data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter-test-suite.c:175:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tag, start + 1, end - start - 1);
data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter.c:191:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data[BUFFER_SIZE];
data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter.c:197:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(name, "rb");
data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter.c:254:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buffer[BUFFER_SIZE+1];
data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter.c:268:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        file = fopen(argv[number], "rb");
data/tarantool-2.6.0/third_party/libyaml/tests/run-loader.c:33:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        file = fopen(argv[number], "rb");
data/tarantool-2.6.0/third_party/libyaml/tests/run-parser-test-suite.c:17:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        input = fopen(argv[1], "rb");
data/tarantool-2.6.0/third_party/libyaml/tests/run-parser.c:33:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        file = fopen(argv[number], "rb");
data/tarantool-2.6.0/third_party/libyaml/tests/run-scanner.c:33:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        file = fopen(argv[number], "rb");
data/tarantool-2.6.0/third_party/libyaml/tests/test-version.c:17:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/tarantool-2.6.0/third_party/libyaml/tests/test-version.c:20:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d.%d.%d", major, minor, patch);
data/tarantool-2.6.0/third_party/lua-cjson/lua_cjson.c:101:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char escape2char[256];  /* Decoding */
data/tarantool-2.6.0/third_party/lua-cjson/lua_cjson.c:129:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *char2escape[256] = {
data/tarantool-2.6.0/third_party/lua-cjson/lua_cjson.c:551:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char utf8[4];       /* Surrogate pairs require 4 UTF-8 bytes */
data/tarantool-2.6.0/third_party/lua-cjson/strbuf.h:130:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(s->buf + s->length, c, len);
data/tarantool-2.6.0/third_party/lua-cjson/strbuf.h:136:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(s->buf + s->length, c, len);
data/tarantool-2.6.0/third_party/lua-yaml/b64.c:64:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char s[4];
data/tarantool-2.6.0/third_party/lua-yaml/lyaml.cc:151:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buf[256];
data/tarantool-2.6.0/third_party/lua-yaml/lyaml.cc:323:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[256];
data/tarantool-2.6.0/third_party/lua-yaml/lyaml.cc:513:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[32];
data/tarantool-2.6.0/third_party/lua-yaml/lyaml.cc:619:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buf[FPCONV_G_FMT_BUFSIZE];
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm.c:103:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[256];
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm.c:325:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[80];
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm.c:472:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  } else if (!(ctx->fp = fopen(ctx->outname, binmode ? "wb" : "w"))) {
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_fold.c:170:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256];  /* We don't care about analyzing lines longer than that. */
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_fold.c:182:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(fname, "r");
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:15:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char modname[80];
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:17:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char funcname[80];
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:46:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(optr, p, n);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:53:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[80];
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:63:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      n += sprintf(line+n, "%d,", *p);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:201:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(optr, libbc_code + ofs, len);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:254:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, n);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:299:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      *optr++ = (uint8_t)atoi(p+4);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:363:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];  /* We don't care about analyzing lines longer than that. */
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:368:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fp = fopen(fname, "r");
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_peobj.c:33:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[8];
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_peobj.c:58:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[8];
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_peobj.c:140:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(sym.n.name, name, len);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_peobj.c:145:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(strtab + strtabofs, name, len);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_peobj.c:163:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(sym.n.name, pesect[sect].name, 8);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_peobj.c:189:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(pesect[PEOBJ_SECT_TEXT].name, ".text", sizeof(".text")-1);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_peobj.c:198:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(pesect[PEOBJ_SECT_PDATA].name, ".pdata", sizeof(".pdata")-1);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_peobj.c:206:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(pesect[PEOBJ_SECT_XDATA].name, ".xdata", sizeof(".xdata")-1);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_peobj.c:214:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(pesect[PEOBJ_SECT_SXDATA].name, ".sxdata", sizeof(".sxdata")-1);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_peobj.c:222:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(pesect[PEOBJ_SECT_RDATA_Z].name, ".rdata$Z", sizeof(".rdata$Z")-1);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:145:28:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
#define lua_number2str(s,n)sprintf((s),"%.14g",(n))
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:203:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char short_src[60];
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:680:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buff[2];
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:697:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buff[4*sizeof(void*)+8];
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:698:1:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff,"%p",va_arg(argp,void*));
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:707:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buff[3];
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:745:1:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
strcat(out,"...");
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:753:1:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
strcpy(out,"[string \"");
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:756:1:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
strcat(out,"...");
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:760:1:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
strcat(out,"\"]");
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:1295:1:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
memcpy(ts+1,str,l*sizeof(char));
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:2571:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buff[60];
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:2711:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buff[80];
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:4702:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char s[32];
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:4905:1:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
memcpy(buffer+tl,svalue(top-i),l);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:5866:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buffer[BUFSIZ];
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:6102:1:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
memcpy(B->p,s,vl);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:6121:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buff[BUFSIZ];
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:6154:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
lf.f=fopen(filename,"r");
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:6699:5:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
*pf=fopen(filename,mode);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:6715:5:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
*pf=fopen(filename,mode);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:6753:5:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
*pf=fopen(filename,"r");
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:7594:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char form[(sizeof("-+ #0")+sizeof("l")+10)];
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:7595:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buff[512];
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:7726:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buf[8];
data/tarantool-2.6.0/third_party/luajit/src/lauxlib.h:139:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[LUAL_BUFFERSIZE];
data/tarantool-2.6.0/third_party/luajit/src/lib_aux.c:243:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(B->p, s, vl);  /* put it there */
data/tarantool-2.6.0/third_party/luajit/src/lib_debug.c:346:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[5];
data/tarantool-2.6.0/third_party/luajit/src/lib_debug.c:365:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[250];
data/tarantool-2.6.0/third_party/luajit/src/lib_ffi.c:709:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dp, sp, len);
data/tarantool-2.6.0/third_party/luajit/src/lib_io.c:87:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  iof->fp = fopen(fname, mode);
data/tarantool-2.6.0/third_party/luajit/src/lib_io.c:261:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(L->top, &fn->c.upvalue[1], n*sizeof(TValue));
data/tarantool-2.6.0/third_party/luajit/src/lib_io.c:403:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  iof->fp = fopen(fname, mode);
data/tarantool-2.6.0/third_party/luajit/src/lib_io.c:433:13:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
  iof->fp = tmpfile();
data/tarantool-2.6.0/third_party/luajit/src/lib_os.c:84:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[15+1];
data/tarantool-2.6.0/third_party/luajit/src/lib_os.c:86:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(buf, "/tmp/lua_XXXXXX");
data/tarantool-2.6.0/third_party/luajit/src/lib_os.c:87:8:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
  fp = mkstemp(buf);
data/tarantool-2.6.0/third_party/luajit/src/lib_os.c:93:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[L_tmpnam];
data/tarantool-2.6.0/third_party/luajit/src/lib_package.c:83:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[MAX_PATH + 1];
data/tarantool-2.6.0/third_party/luajit/src/lib_package.c:100:3:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  wchar_t wbuffer[128];
data/tarantool-2.6.0/third_party/luajit/src/lib_package.c:101:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[128*2];
data/tarantool-2.6.0/third_party/luajit/src/lib_package.c:106:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[128];
data/tarantool-2.6.0/third_party/luajit/src/lib_package.c:272:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *f = fopen(filename, "r");  /* try to open file */
data/tarantool-2.6.0/third_party/luajit/src/lib_string.c:196:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char match_class_map[32] = {
data/tarantool-2.6.0/third_party/luajit/src/lj_alloc.c:239:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int fd = open("/dev/urandom", O_RDONLY);
data/tarantool-2.6.0/third_party/luajit/src/lj_alloc.c:1469:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newmem, ptr, oc < nsize ? oc : nsize);
data/tarantool-2.6.0/third_party/luajit/src/lj_asm.c:208:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ra_dbg_buf[65536];
data/tarantool-2.6.0/third_party/luajit/src/lj_asm.c:233:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  p += sprintf(p, "%08x  \e[36m%04d ", (uintptr_t)as->mcp, as->curins-REF_BIAS);
data/tarantool-2.6.0/third_party/luajit/src/lj_asm.c:237:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, fmt, (size_t)(e-fmt));
data/tarantool-2.6.0/third_party/luajit/src/lj_asm.c:256:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	p += sprintf(p, "%04d", ref - REF_BIAS);
data/tarantool-2.6.0/third_party/luajit/src/lj_asm.c:258:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	p += sprintf(p, "K%03d", REF_BIAS - ref);
data/tarantool-2.6.0/third_party/luajit/src/lj_asm.c:261:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      p += sprintf(p, "[sp+0x%x]", sps_scale(slot));
data/tarantool-2.6.0/third_party/luajit/src/lj_asm.c:263:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      p += sprintf(p, "%08x", va_arg(argp, int32_t));
data/tarantool-2.6.0/third_party/luajit/src/lj_asm.c:2372:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(J->curfinal->ir + as->orignins, T->ir + as->orignins,
data/tarantool-2.6.0/third_party/luajit/src/lj_bcread.c:64:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(p, ls->p, n);
data/tarantool-2.6.0/third_party/luajit/src/lj_bcread.c:79:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(sbufP(&ls->sb), buf, sz);
data/tarantool-2.6.0/third_party/luajit/src/lj_bcread.c:116:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(q, bcread_mem(ls, len), len);
data/tarantool-2.6.0/third_party/luajit/src/lj_buf.c:214:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, strdata(s1), len1);
data/tarantool-2.6.0/third_party/luajit/src/lj_buf.c:215:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf+len1, strdata(s2), len2);
data/tarantool-2.6.0/third_party/luajit/src/lj_buf.h:75:18:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  return (char *)memcpy(p, q, len) + len;
data/tarantool-2.6.0/third_party/luajit/src/lj_carith.c:236:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *repr[2];
data/tarantool-2.6.0/third_party/luajit/src/lj_ccall.c:50:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dp, sp, ctr->size);
data/tarantool-2.6.0/third_party/luajit/src/lj_ccall.c:224:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dp, sp, ctr->size);
data/tarantool-2.6.0/third_party/luajit/src/lj_ccall.c:230:33:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  if (!(ct->info & CTF_VARARG)) memcpy(dp, &cc->fpr[0], ctr->size);
data/tarantool-2.6.0/third_party/luajit/src/lj_ccall.c:307:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dp, sp, ctr->size); \
data/tarantool-2.6.0/third_party/luajit/src/lj_ccall.c:381:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dp, sp, ctr->size);  /* Copy complex from GPRs. */
data/tarantool-2.6.0/third_party/luajit/src/lj_ccall.c:571:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dp, sp, ctr->size);  /* Copy struct return value from GPRs. */
data/tarantool-2.6.0/third_party/luajit/src/lj_ccall.c:689:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&cc->stack[nsp], dp, n*CTSIZE_PTR);
data/tarantool-2.6.0/third_party/luajit/src/lj_ccall.c:707:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dp, sp, sz);
data/tarantool-2.6.0/third_party/luajit/src/lj_ccall.c:850:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((uint8_t *)dp + ofs,
data/tarantool-2.6.0/third_party/luajit/src/lj_ccall.c:870:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dp, sp, ctr->size);
data/tarantool-2.6.0/third_party/luajit/src/lj_cconv.c:169:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(dp, sp, ssize);
data/tarantool-2.6.0/third_party/luajit/src/lj_cconv.c:174:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(dp + (dsize-ssize), sp, ssize);
data/tarantool-2.6.0/third_party/luajit/src/lj_cconv.c:178:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(dp, sp, dsize);
data/tarantool-2.6.0/third_party/luajit/src/lj_cconv.c:180:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(dp, sp + (ssize-dsize), dsize);
data/tarantool-2.6.0/third_party/luajit/src/lj_cconv.c:315:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(dp, sp, esize);
data/tarantool-2.6.0/third_party/luajit/src/lj_cconv.c:361:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dp, sp, dsize);
data/tarantool-2.6.0/third_party/luajit/src/lj_cconv.c:413:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cdataptr(cd), sp, sz);
data/tarantool-2.6.0/third_party/luajit/src/lj_cconv.c:481:40:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      for (; ofs < size; ofs += esize) memcpy(dp + ofs, dp, esize);
data/tarantool-2.6.0/third_party/luajit/src/lj_cconv.c:584:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(dp, strdata(str), sz);
data/tarantool-2.6.0/third_party/luajit/src/lj_cconv.c:680:36:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    for (; ofs < sz; ofs += esize) memcpy(dp + ofs, dp, esize);
data/tarantool-2.6.0/third_party/luajit/src/lj_clib.c:97:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(name, "r");
data/tarantool-2.6.0/third_party/luajit/src/lj_clib.c:100:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/tarantool-2.6.0/third_party/luajit/src/lj_clib.c:176:3:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  wchar_t wbuf[128];
data/tarantool-2.6.0/third_party/luajit/src/lj_clib.c:177:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[128*2];
data/tarantool-2.6.0/third_party/luajit/src/lj_clib.c:182:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[128];
data/tarantool-2.6.0/third_party/luajit/src/lj_ctype.c:161:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ct, cts->tab, id*sizeof(CType));
data/tarantool-2.6.0/third_party/luajit/src/lj_ctype.c:366:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[CTREPR_MAX];
data/tarantool-2.6.0/third_party/luajit/src/lj_ctype.c:410:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[10];
data/tarantool-2.6.0/third_party/luajit/src/lj_ctype.c:557:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1+20+3];
data/tarantool-2.6.0/third_party/luajit/src/lj_ctype.h:390:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy((cts)->hash, savects_.hash, sizeof(savects_.hash)))
data/tarantool-2.6.0/third_party/luajit/src/lj_debug.c:336:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      if (((const unsigned char *)src)[len] < ' ') break;
data/tarantool-2.6.0/third_party/luajit/src/lj_debug.c:341:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(out, "..."); out += 3;
data/tarantool-2.6.0/third_party/luajit/src/lj_debug.c:359:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[LUA_IDSIZE];
data/tarantool-2.6.0/third_party/luajit/src/lj_debug.h:22:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char short_src[LUA_IDSIZE];
data/tarantool-2.6.0/third_party/luajit/src/lj_dispatch.c:78:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(GG->got, dispatch_got, LJ_GOT__MAX*sizeof(ASMFunction *));
data/tarantool-2.6.0/third_party/luajit/src/lj_dispatch.c:148:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&disp[0], &disp[GG_LEN_DDISP], GG_LEN_SDISP*sizeof(ASMFunction));
data/tarantool-2.6.0/third_party/luajit/src/lj_err.c:648:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[LUA_IDSIZE];
data/tarantool-2.6.0/third_party/luajit/src/lj_gdbjit.c:714:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&obj->hdr, &elfhdr_template, sizeof(ELFheader));
data/tarantool-2.6.0/third_party/luajit/src/lj_gdbjit.c:754:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&eo->obj, &ctx->obj, ctx->objsize);  /* Copy ELF object. */
data/tarantool-2.6.0/third_party/luajit/src/lj_ir.c:106:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newbase + ofs, baseir, (J->cur.nins - J->irbotlim)*sizeof(IRIns));
data/tarantool-2.6.0/third_party/luajit/src/lj_ircall.h:219:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  _(FFI,	memcpy,			3,   S, PTR, 0) \
data/tarantool-2.6.0/third_party/luajit/src/lj_jit.h:199:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&pcbase, sn, sizeof(uint64_t));
data/tarantool-2.6.0/third_party/luajit/src/lj_lib.c:95:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(fn->c.upvalue, L->top, sizeof(TValue)*nuv);
data/tarantool-2.6.0/third_party/luajit/src/lj_lib.c:126:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&L->top->n, p, sizeof(double));
data/tarantool-2.6.0/third_party/luajit/src/lj_load.c:72:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[LUAL_BUFFERSIZE];
data/tarantool-2.6.0/third_party/luajit/src/lj_load.c:91:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ctx.fp = fopen(filename, "rb");
data/tarantool-2.6.0/third_party/luajit/src/lj_obj.h:978:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
LJ_DATA const char *const lj_obj_typename[1+LUA_TCDATA+1];
data/tarantool-2.6.0/third_party/luajit/src/lj_obj.h:979:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
LJ_DATA const char *const lj_obj_itypename[~LJ_TNUMX+1];
data/tarantool-2.6.0/third_party/luajit/src/lj_opt_split.c:336:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(oir, IR(nk), irlen*sizeof(IRIns));
data/tarantool-2.6.0/third_party/luajit/src/lj_parse.c:1394:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(uv, fs->uvtmp, fs->nuv*sizeof(VarIndex));
data/tarantool-2.6.0/third_party/luajit/src/lj_parse.c:1485:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(p, sbufB(&ls->sb), sbuflen(&ls->sb));  /* Copy from temp. buffer. */
data/tarantool-2.6.0/third_party/luajit/src/lj_record.c:1926:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&J->L->base[topslot-1], savetv, sizeof(savetv));  /* Restore slots. */
data/tarantool-2.6.0/third_party/luajit/src/lj_record.c:1951:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&pcbase, flink, sizeof(uint64_t));
data/tarantool-2.6.0/third_party/luajit/src/lj_record.c:1953:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(flink, &pcbase, sizeof(uint64_t));
data/tarantool-2.6.0/third_party/luajit/src/lj_snap.c:114:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(map, &pcbase, sizeof(uint64_t));
data/tarantool-2.6.0/third_party/luajit/src/lj_str.c:304:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(strdatawr(s), str, len);
data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt.c:258:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[STRFMT_MAXBUF_XINT], *q = buf + sizeof(buf), *p;
data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt.c:354:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[STRFMT_MAXBUF_INT];
data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt.c:369:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1];
data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt.c:389:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[8+2+2+16], *p = buf;
data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt_num.c:249:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char nd9[9], ref9[9];
data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt_num.c:447:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char tail[9];
data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt_num.c:517:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char tail[9];
data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt_num.c:588:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[STRFMT_MAXBUF_NUM];
data/tarantool-2.6.0/third_party/luajit/src/lj_tab.c:199:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(array, karray, asize*sizeof(TValue));
data/tarantool-2.6.0/third_party/luajit/src/lj_target.h:156:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  return (char *)group[exitno / EXITSTUBS_PER_GROUP] +
data/tarantool-2.6.0/third_party/luajit/src/lj_trace.c:82:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(p, J->cur.field, J->cur.szfield*sizeof(tp)); \
data/tarantool-2.6.0/third_party/luajit/src/lj_trace.c:110:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[40];
data/tarantool-2.6.0/third_party/luajit/src/lj_trace.c:111:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(fname, "/tmp/perf-%d.map", getpid());
data/tarantool-2.6.0/third_party/luajit/src/lj_trace.c:112:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(fp = fopen(fname, "w"))) return;
data/tarantool-2.6.0/third_party/luajit/src/lj_trace.c:138:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(p, T->ir + T->nk, szins);
data/tarantool-2.6.0/third_party/luajit/src/lj_trace.c:148:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(T, &J->cur, sizeof(GCtrace));
data/tarantool-2.6.0/third_party/luajit/src/lua.h:378:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char short_src[LUA_IDSIZE]; /* (S) */
data/tarantool-2.6.0/third_party/luajit/src/luajit.c:212:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[LUA_MAXINPUT];
data/tarantool-2.6.0/third_party/luarocks/win32/lua5.1/include/lauxlib.h:133:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[LUAL_BUFFERSIZE];
data/tarantool-2.6.0/third_party/luarocks/win32/lua5.1/include/lua.h:356:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char short_src[LUA_IDSIZE]; /* (S) */
data/tarantool-2.6.0/third_party/luarocks/win32/lua5.1/include/luaconf.h:653:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(b, "/tmp/lua_XXXXXX"); \
data/tarantool-2.6.0/third_party/luarocks/win32/lua5.1/include/luaconf.h:654:6:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
	e = mkstemp(b); \
data/tarantool-2.6.0/third_party/sha1.c:49:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void SHA1Transform(uint32_t state[5], const unsigned char buffer[64])
data/tarantool-2.6.0/third_party/sha1.c:53:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char c[64];
data/tarantool-2.6.0/third_party/sha1.c:58:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(block, buffer, 64);
data/tarantool-2.6.0/third_party/sha1.c:134:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&context->buffer[j], data, (i = 64-j));
data/tarantool-2.6.0/third_party/sha1.c:142:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&context->buffer[j], &data[i], len - i);
data/tarantool-2.6.0/third_party/sha1.c:148:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void SHA1Final(unsigned char digest[20], SHA1_CTX* context)
data/tarantool-2.6.0/third_party/sha1.c:151:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char finalcount[8];
data/tarantool-2.6.0/third_party/sha1.c:200:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[20], buf[BUFSIZE];
data/tarantool-2.6.0/third_party/sha1.h:16:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[64];
data/tarantool-2.6.0/third_party/sha1.h:19:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]);
data/tarantool-2.6.0/third_party/sha1.h:22:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void SHA1Final(unsigned char digest[20], SHA1_CTX* context);
data/tarantool-2.6.0/third_party/sptree.h:362:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(t->members, v, t->elemsize);                                               \
data/tarantool-2.6.0/third_party/sptree.h:377:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(*p_old, ITHELEM(t, parent), t->elemsize);                      \
data/tarantool-2.6.0/third_party/sptree.h:378:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(ITHELEM(t, parent), v, t->elemsize);                               \
data/tarantool-2.6.0/third_party/sptree.h:390:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(ITHELEM(t, node), v, t->elemsize);                             \
data/tarantool-2.6.0/third_party/sptree.h:403:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(ITHELEM(t, node), v, t->elemsize);                             \
data/tarantool-2.6.0/third_party/sptree.h:496:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(ITHELEM(t, node), ITHELEM(t, todel), t->elemsize);                 \
data/tarantool-2.6.0/third_party/sptree.h:544:14:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
             memcpy((char *) array + (count-offset) * t->elemsize,                        \
data/tarantool-2.6.0/third_party/zstd/contrib/adaptive-compression/adapt.c:785:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ctx->input.buffer.start, job->src.start + oldDictSize, srcSize);
data/tarantool-2.6.0/third_party/zstd/contrib/adaptive-compression/adapt.c:917:47:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const srcFile = stdinUsed ? stdin : fopen(srcFilename, "rb");
data/tarantool-2.6.0/third_party/zstd/contrib/adaptive-compression/adapt.c:920:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileAndSuffix[MAX_PATH];
data/tarantool-2.6.0/third_party/zstd/contrib/adaptive-compression/adapt.c:935:53:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE* const dstFile = stdoutUsed ? stdout : fopen(outFilename, "wb");
data/tarantool-2.6.0/third_party/zstd/contrib/gen_html/gen_html.cpp:98:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    istream.open(argv[2], ifstream::in);
data/tarantool-2.6.0/third_party/zstd/contrib/gen_html/gen_html.cpp:104:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ostream.open(argv[3], ifstream::out);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/fs/btrfs/zstd.c:411:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(kaddr + pg_offset, out_buf.dst + buf_offset, bytes);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/xxhash.c:81:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, sizeof(*dst));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/xxhash.c:87:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, sizeof(*dst));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/xxhash.c:252:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(statePtr, &state, sizeof(state));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/xxhash.c:266:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(statePtr, &state, sizeof(state));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/xxhash.c:282:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((uint8_t *)(state->mem32) + state->memsize, input, len);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/xxhash.c:290:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy((uint8_t *)(state->mem32) + state->memsize, input,
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/xxhash.c:331:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(state->mem32, p, (size_t)(b_end-p));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/xxhash.c:388:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(((uint8_t *)state->mem64) + state->memsize, input, len);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/xxhash.c:396:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(((uint8_t *)p64) + state->memsize, input,
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/xxhash.c:436:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(state->mem64, p, (size_t)(b_end-p));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:351:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&dstCCtx->customMem, &srcCCtx->customMem, sizeof(ZSTD_customMem));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:364:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dstCCtx->workSpace, srcCCtx->workSpace, tableSpace);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:387:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dstCCtx->hufTable, srcCCtx->hufTable, 256 * 4);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:436:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((BYTE *)dst + ZSTD_blockHeaderSize, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:456:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ostart + flSize, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:1097:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:1213:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:1376:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:1536:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:2042:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:2245:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:2410:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(op + ZSTD_blockHeaderSize, ip, blockSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:2870:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(internalBuffer, dictBuffer, dictSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:2991:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&zcs->customMem, &customMem, sizeof(ZSTD_customMem));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/compress.c:3123:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, length);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:50:54:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void ZSTD_copy4(void *dst, const void *src) { memcpy(dst, src, 4); }
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:116:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dctx->entropy.rep, repStartValue, sizeof(repStartValue)); /* initial repcodes */
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:134:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&dctx->customMem, &customMem, sizeof(customMem));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:156:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dstDCtx, srcDCtx, sizeof(ZSTD_DCtx) - workSpaceSize); /* no need to copy workspace */
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:414:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:523:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(dctx->litBuffer, istart + lhSize, litSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:1154:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(op, litPtr, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:1436:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(op, litPtr, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:1754:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dctx->headerBuffer, src, ZSTD_frameHeaderSize_prefix);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:1762:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dctx->headerBuffer, src, ZSTD_frameHeaderSize_prefix);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:1771:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dctx->headerBuffer + ZSTD_frameHeaderSize_prefix, src, dctx->expected);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:1844:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dctx->headerBuffer + ZSTD_frameHeaderSize_prefix, src, dctx->expected);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:2057:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(internalBuffer, dict, dictSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:2200:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&zds->customMem, &customMem, sizeof(ZSTD_customMem));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:2291:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, length);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:2318:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(zds->headerBuffer + zds->lhSize, ip, iend - ip);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/decompress.c:2324:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(zds->headerBuffer + zds->lhSize, ip, toLoad);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/fse_decompress.c:132:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dt, &DTableH, sizeof(DTableH));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/huf_compress.c:740:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(oldHufTable, CTable, CTableSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/huf_decompress.c:126:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(DTable, &dtd, sizeof(dtd));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/huf_decompress.c:591:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(DTable, &dtd, sizeof(dtd));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/huf_decompress.c:598:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(op, dt + val, 2);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/huf_decompress.c:606:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(op, dt + val, 1);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/huf_decompress.c:909:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dst, cSrc, dstSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/huf_decompress.c:947:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dst, cSrc, dstSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/zstd_internal.h:128:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dst, src, 8);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/zstd_opt.h:692:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/lib/zstd/zstd_opt.h:1007:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/include/asm/unaligned.h:60:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/include/asm/unaligned.h:66:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/include/asm/unaligned.h:72:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/include/asm/unaligned.h:95:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/contrib/linux-kernel/test/include/asm/unaligned.h:101:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/ldm.c:700:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cctx->op, cctx->anchor, literalLength);
data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/ldm_common.c:79:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dctx.op, dctx.ip, length);
data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/main.c:37:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fdin = open(fname, O_RDONLY)) < 0) {
data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/main.c:43:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fdout = open(oname, O_RDWR | O_CREAT | O_TRUNC, (mode_t)0600)) < 0) {
data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/main.c:122:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fdin = open(fname, O_RDONLY)) < 0) {
data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/main.c:128:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fdout = open(oname, O_RDWR | O_CREAT | O_TRUNC, (mode_t)0600)) < 0) {
data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/main.c:174:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b0[1024];
data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/main.c:175:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b1[1024];
data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/main.c:192:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((inpFp = fopen(inpFilename, "rb")) == NULL) {
data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/main.c:197:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((decFp = fopen(decFilename, "rb")) == NULL) {
data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/main.c:221:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char inpFilename[256] = { 0 };
data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/main.c:222:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ldmFilename[256] = { 0 };
data/tarantool-2.6.0/third_party/zstd/contrib/long_distance_matching/main.c:223:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char decFilename[256] = { 0 };
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/Pzstd.cpp:130:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto inputFd = std::fopen(inputFile.c_str(), "rb");
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/Pzstd.cpp:146:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto outputFd = std::fopen(outputFile.c_str(), "rb");
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/Pzstd.cpp:164:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto outputFd = std::fopen(outputFile.c_str(), "wb");
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/PzstdTest.cpp:39:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      auto fd = std::fopen(inputFile.c_str(), "wb");
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/PzstdTest.cpp:74:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      auto fd = std::fopen(inputFile.c_str(), "wb");
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/PzstdTest.cpp:110:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fd = std::fopen(inputFile.c_str(), "wb");
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/PzstdTest.cpp:138:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fd = std::fopen(inputFile.c_str(), "wb");
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/RoundTrip.h:26:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto sFd = std::fopen(source.c_str(), "rb");
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/RoundTrip.h:27:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto dFd = std::fopen(decompressed.c_str(), "rb");
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/test/RoundTripTest.cpp:31:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fd = std::fopen(file.c_str(), "wb");
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/parallel_compression.c:42:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const inFile = fopen(filename, instruction);
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/parallel_compression.c:171:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    {   unsigned char seekTableBuff[1024];
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/parallel_compression.c:193:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(outSpace, ".zst");
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/parallel_compression.c:207:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        unsigned const frameSize = (unsigned)atoi(argv[2]);
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/parallel_compression.c:208:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int const nbThreads = atoi(argv[3]);
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/parallel_processing.c:56:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const inFile = fopen(filename, instruction);
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/parallel_processing.c:189:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int const nbThreads = atoi(argv[2]);
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/seekable_compression.c:29:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const inFile = fopen(filename, instruction);
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/seekable_compression.c:111:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(outSpace, ".zst");
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/seekable_compression.c:125:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        unsigned const frameSize = (unsigned)atoi(argv[2]);
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/seekable_decompression.c:43:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const inFile = fopen(filename, instruction);
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/seekable_decompression.c:132:49:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        unsigned const startOffset = (unsigned) atoi(argv[2]);
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/seekable_decompression.c:133:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        unsigned const endOffset = (unsigned) atoi(argv[3]);
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/zstdseek_compress.c:287:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((BYTE*)output->dst + output->pos,
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/zstdseek_decompress.c:108:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, (const BYTE*)buff->ptr + buff->pos, n);
data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/harness.c:29:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f = fopen(path, "rb");
data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/harness.c:61:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f = fopen(path, "wb");
data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/zstd_decompress.c:648:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(write_ptr, read_ptr, block_len);
data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/zstd_decompress.c:805:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*literals, read_ptr, size);
data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/zstd_decompress.c:1311:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(write_ptr, read_ptr, literal_length);
data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/zstd_decompress.c:1384:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(write_ptr, ctx->dict_content + dict_offset, dict_copy);
data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/zstd_decompress.c:1513:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dict->content, content, dict->content_size);
data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/zstd_decompress.c:1965:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst->symbols, src->symbols, size);
data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/zstd_decompress.c:1966:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst->num_bits, src->num_bits, size);
data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/zstd_decompress.c:2299:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst->symbols, src->symbols, size);
data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/zstd_decompress.c:2300:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst->num_bits, src->num_bits, size);
data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/zstd_decompress.c:2301:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst->new_state_base, src->new_state_base, size * sizeof(u16));
data/tarantool-2.6.0/third_party/zstd/examples/dictionary_compression.c:31:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const inFile = fopen(filename, instruction);
data/tarantool-2.6.0/third_party/zstd/examples/dictionary_compression.c:126:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(outSpace, ".zst");
data/tarantool-2.6.0/third_party/zstd/examples/dictionary_decompression.c:33:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const inFile = fopen(filename, instruction);
data/tarantool-2.6.0/third_party/zstd/examples/multiple_streaming_compression.c:36:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const inFile = fopen(filename, instruction);
data/tarantool-2.6.0/third_party/zstd/examples/multiple_streaming_compression.c:156:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(ofnBuffer, ".zst");
data/tarantool-2.6.0/third_party/zstd/examples/simple_compression.c:32:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const inFile = fopen(filename, instruction);
data/tarantool-2.6.0/third_party/zstd/examples/simple_compression.c:114:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(outSpace, ".zst");
data/tarantool-2.6.0/third_party/zstd/examples/simple_decompression.c:31:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const inFile = fopen(filename, instruction);
data/tarantool-2.6.0/third_party/zstd/examples/streaming_compression.c:29:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const inFile = fopen(filename, instruction);
data/tarantool-2.6.0/third_party/zstd/examples/streaming_compression.c:110:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(outSpace, ".zst");
data/tarantool-2.6.0/third_party/zstd/examples/streaming_decompression.c:30:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const inFile = fopen(filename, instruction);
data/tarantool-2.6.0/third_party/zstd/examples/streaming_memory_usage.c:61:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char const dataToCompress[INPUT_SIZE] = "abcde";
data/tarantool-2.6.0/third_party/zstd/examples/streaming_memory_usage.c:62:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char compressedData[COMPRESSED_SIZE];
data/tarantool-2.6.0/third_party/zstd/examples/streaming_memory_usage.c:63:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char decompressedData[INPUT_SIZE];
data/tarantool-2.6.0/third_party/zstd/lib/common/fse_decompress.c:121:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dt, &DTableH, sizeof(DTableH));
data/tarantool-2.6.0/third_party/zstd/lib/common/mem.h:170:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/lib/common/mem.h:175:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/lib/common/mem.h:180:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/lib/common/xxhash.c:105:76:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void* XXH_memcpy(void* dest, const void* src, size_t size) { return memcpy(dest,src,size); }
data/tarantool-2.6.0/third_party/zstd/lib/common/xxhash.c:323:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstState, srcState, sizeof(*dstState));
data/tarantool-2.6.0/third_party/zstd/lib/common/xxhash.c:328:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstState, srcState, sizeof(*dstState));
data/tarantool-2.6.0/third_party/zstd/lib/common/xxhash.c:575:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(statePtr, &state, sizeof(state));
data/tarantool-2.6.0/third_party/zstd/lib/common/xxhash.c:588:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(statePtr, &state, sizeof(state));
data/tarantool-2.6.0/third_party/zstd/lib/common/xxhash.c:857:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &hash, sizeof(*dst));
data/tarantool-2.6.0/third_party/zstd/lib/common/xxhash.c:864:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &hash, sizeof(*dst));
data/tarantool-2.6.0/third_party/zstd/lib/common/xxhash.h:246:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef struct { unsigned char digest[4]; } XXH32_canonical_t;
data/tarantool-2.6.0/third_party/zstd/lib/common/xxhash.h:247:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef struct { unsigned char digest[8]; } XXH64_canonical_t;
data/tarantool-2.6.0/third_party/zstd/lib/common/zstd_internal.h:185:54:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void ZSTD_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/tarantool-2.6.0/third_party/zstd/lib/compress/huf_compress.c:631:28:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        if (oldHufTable) { memcpy(oldHufTable, CTable, CTableSize); } /* Save the new table */
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_compress.c:1026:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dstCCtx->customMem, &srcCCtx->customMem, sizeof(ZSTD_customMem));
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_compress.c:1043:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dstCCtx->hashTable, srcCCtx->hashTable, tableSpace);   /* presumes all tables follow each other */
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_compress.c:1058:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstCCtx->entropy, srcCCtx->entropy, sizeof(ZSTD_entropyCTables_t));
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_compress.c:1141:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((BYTE*)dst + ZSTD_blockHeaderSize, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_compress.c:1169:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ostart + flSize, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_compress.c:1624:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_compress.c:1747:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(op + ZSTD_blockHeaderSize, ip, blockSize);
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_compress.c:2323:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(internalBuffer, dictBuffer, dictSize);
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_compress.c:2426:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(cdict+1, dict, dictSize);
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_compress.c:2684:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (length) memcpy(dst, src, length);
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_opt.c:613:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(opt[pos].rep, &repHistory, sizeof(repHistory));
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstd_opt.c:696:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(opt[pos].rep, &repHistory, sizeof(repHistory));
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstdmt_compress.c:1008:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((char*)output->dst + output->pos, (const char*)job.dstBuff.start + job.dstFlushed, toWrite);
data/tarantool-2.6.0/third_party/zstd/lib/compress/zstdmt_compress.c:1079:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((char*)mtctx->inBuff.buffer.start + mtctx->inBuff.filled, (const char*)input->src + input->pos, toLoad);
data/tarantool-2.6.0/third_party/zstd/lib/decompress/huf_decompress.c:113:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(DTable, &dtd, sizeof(dtd));
data/tarantool-2.6.0/third_party/zstd/lib/decompress/huf_decompress.c:580:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(DTable, &dtd, sizeof(dtd));
data/tarantool-2.6.0/third_party/zstd/lib/decompress/huf_decompress.c:594:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, dt+val, 2);
data/tarantool-2.6.0/third_party/zstd/lib/decompress/huf_decompress.c:602:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, dt+val, 1);
data/tarantool-2.6.0/third_party/zstd/lib/decompress/huf_decompress.c:927:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; }   /* not compressed */
data/tarantool-2.6.0/third_party/zstd/lib/decompress/huf_decompress.c:940:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; }   /* not compressed */
data/tarantool-2.6.0/third_party/zstd/lib/decompress/huf_decompress.c:979:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; }   /* not compressed */
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:69:54:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void ZSTD_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:232:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstDCtx, srcDCtx, toCopy);  /* no need to copy workspace */
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:505:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:607:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(dctx->litBuffer, istart+lhSize, litSize);
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:1132:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(op, litPtr, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:1397:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(op, litPtr, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:1773:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dctx->headerBuffer, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:1780:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dctx->headerBuffer, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:1787:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dctx->headerBuffer + (dctx->headerSize - srcSize), src, srcSize);
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:1880:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dctx->headerBuffer + (ZSTD_skippableHeaderSize - srcSize), src, srcSize);   /* complete skippable header */
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:1999:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dctx->entropy.rep, repStartValue, sizeof(repStartValue));  /* initial repcodes */
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:2092:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(internalBuffer, dict, dictSize);
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:2153:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ddict+1, dict, dictSize);  /* local copy */
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:2392:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, length);
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:2462:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy(zds->headerBuffer + zds->lhSize, ip, remainingInput);
data/tarantool-2.6.0/third_party/zstd/lib/decompress/zstd_decompress.c:2469:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(zds->headerBuffer + zds->lhSize, ip, toLoad); zds->lhSize = hSize; ip += toLoad;
data/tarantool-2.6.0/third_party/zstd/lib/dictBuilder/cover.c:644:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dict + tail, ctx->samples + segment.begin, segmentSize);
data/tarantool-2.6.0/third_party/zstd/lib/dictBuilder/cover.c:810:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(best->dict, dict, dictSize);
data/tarantool-2.6.0/third_party/zstd/lib/dictBuilder/cover.c:857:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(freqs, ctx->freqs, ctx->suffixSize * sizeof(U32));
data/tarantool-2.6.0/third_party/zstd/lib/dictBuilder/cover.c:1040:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dictBuffer, best.dict, dictSize);
data/tarantool-2.6.0/third_party/zstd/lib/dictBuilder/zdict.c:883:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dictBuffer, header, hSize);
data/tarantool-2.6.0/third_party/zstd/lib/dictBuilder/zdict.c:1014:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(ptr, (const char*)samplesBuffer+dictList[u].pos, l);
data/tarantool-2.6.0/third_party/zstd/lib/dictBuilder/zdict.c:1042:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newBuff, samplesBuffer, sBuffSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v01.c:1352:56:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void   ZSTD_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v01.c:1354:56:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void   ZSTD_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v01.c:1484:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v01.c:1791:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(saved, endMatch, qutt);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v01.c:1821:26:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        if (overlapRisk) memcpy(endMatch, saved, qutt);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v02.c:189:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v02.c:1147:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dt, &DTableH, sizeof(DTableH));   /* memcpy(), to avoid strict aliasing warnings */
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v02.c:2006:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, dt+val, 2);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v02.c:2014:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, dt+val, 1);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v02.c:2353:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, ds+val, sizeof(HUF_DSeqX6));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v02.c:2365:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(op, ds+val, length);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v02.c:2369:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, ds+val, maxL);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v02.c:2578:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; }   /* not compressed */
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v02.c:2732:56:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void   ZSTD_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v02.c:2734:56:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void   ZSTD_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v02.c:2826:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v02.c:2880:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dctx->litBuffer, istart, litSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v03.c:190:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v03.c:1148:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dt, &DTableH, sizeof(DTableH));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v03.c:2003:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, dt+val, 2);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v03.c:2011:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, dt+val, 1);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v03.c:2218:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; }   /* not compressed */
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v03.c:2373:56:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void   ZSTD_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v03.c:2375:56:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void   ZSTD_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v03.c:2467:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v03.c:2521:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dctx->litBuffer, istart, litSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:184:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:486:54:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void ZSTD_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:1266:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dt, &DTableH, sizeof(DTableH));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:2294:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, dt+val, 2);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:2302:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, dt+val, 1);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:2506:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; }   /* not compressed */
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:2606:54:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void ZSTD_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:2736:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:2789:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dctx->litBuffer, istart, litSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:3142:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            if (op != litPtr) memcpy(op, litPtr, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:3311:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ctx->headerBuffer, src, ZSTD_frameHeaderSize_min);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:3468:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char headerBuffer[ZSTD_frameHeaderSize_max];
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:3515:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, length);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:3545:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(zbc->headerBuffer+zbc->hPos, src, *srcSizePtr);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v04.c:3591:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(zbc->inBuff, zbc->headerBuffer, zbc->hPos);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:184:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:189:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:194:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:500:57:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void ZSTDv05_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:1259:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dt, &DTableH, sizeof(DTableH));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:2274:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, dt+val, 2);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:2282:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, dt+val, 1);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:2617:57:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void ZSTDv05_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:2692:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstDCtx, srcDCtx,
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:2849:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:2950:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dctx->litBuffer, istart+lhSize, litSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:3353:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(op, litPtr, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:3560:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dctx->headerBuffer, src, ZSTDv05_frameHeaderSize_min);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:3759:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, length);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:3806:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char headerBuffer[ZSTDv05_frameHeaderSize_max];
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:3871:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(zbc->headerBuffer+zbc->hPos, src, *srcSizePtr);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v05.c:3918:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(zbc->inBuff, zbc->headerBuffer, zbc->hPos);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:182:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:535:57:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void ZSTDv06_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:1486:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dt, &DTableH, sizeof(DTableH));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:2407:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, dt+val, 2);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:2415:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, dt+val, 1);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:2653:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; }   /* not compressed */
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:2795:57:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void ZSTDv06_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:2857:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstDCtx, srcDCtx,
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:3045:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:3142:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dctx->litBuffer, istart+lhSize, litSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:3504:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(op, litPtr, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:3710:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dctx->headerBuffer, src, ZSTDv06_frameHeaderSize_min);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:3720:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dctx->headerBuffer + ZSTDv06_frameHeaderSize_min, src, dctx->expected);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:3977:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, length);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:4008:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(zbd->headerBuffer + zbd->lhSize, ip, iend-ip);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v06.c:4013:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(zbd->headerBuffer + zbd->lhSize, ip, toLoad); zbd->lhSize = hSize; ip += toLoad;
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:342:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(memPtr, &value, sizeof(value));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:1506:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dt, &DTableH, sizeof(DTableH));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:1797:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(DTable, &dtd, sizeof(dtd));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:2210:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(DTable, &dtd, sizeof(dtd));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:2218:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, dt+val, 2);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:2226:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(op, dt+val, 1);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:2526:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; }   /* not compressed */
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:2542:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; }   /* not compressed */
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:2568:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; }   /* not compressed */
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:2769:57:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void ZSTDv07_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:2917:57:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void ZSTDv07_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:2987:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dctx->customMem, &customMem, sizeof(ZSTDv07_customMem));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:3006:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstDCtx, srcDCtx,
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:3271:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:3368:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dctx->litBuffer, istart+lhSize, litSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:3715:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(op, litPtr, lastLLSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:3959:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dctx->headerBuffer, src, ZSTDv07_frameHeaderSize_min);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:3966:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dctx->headerBuffer, src, ZSTDv07_frameHeaderSize_min);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:3976:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dctx->headerBuffer + ZSTDv07_frameHeaderSize_min, src, dctx->expected);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:4031:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        {   memcpy(dctx->headerBuffer + ZSTDv07_frameHeaderSize_min, src, dctx->expected);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:4168:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dictContent, dict, dictSize);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:4313:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&zbd->customMem, &customMem, sizeof(ZSTDv07_customMem));
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:4350:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, length);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:4381:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(zbd->headerBuffer + zbd->lhSize, ip, iend-ip);
data/tarantool-2.6.0/third_party/zstd/lib/legacy/zstd_v07.c:4386:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(zbd->headerBuffer + zbd->lhSize, ip, toLoad); zbd->lhSize = hSize; ip += toLoad;
data/tarantool-2.6.0/third_party/zstd/programs/bench.c:368:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(compressedBuffer, srcBuffer, loadedCompressedSize);
data/tarantool-2.6.0/third_party/zstd/programs/bench.c:554:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        f = fopen(fileNamesTable[n], "rb");
data/tarantool-2.6.0/third_party/zstd/programs/bench.c:620:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char mfName[20] = {0};
data/tarantool-2.6.0/third_party/zstd/programs/bench.c:638:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[20] = {0};
data/tarantool-2.6.0/third_party/zstd/programs/datagen.c:176:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buff, buff + stdBlockSize, stdDictSize);
data/tarantool-2.6.0/third_party/zstd/programs/dibio.c:122:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE* const f = fopen(fileName, "rb");
data/tarantool-2.6.0/third_party/zstd/programs/dibio.c:216:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const f = fopen(dictFileName, "wb");
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:295:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    {   FILE* const f = fopen(srcFileName, "rb");
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:328:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fCheck = fopen( dstFileName, "rb" );
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:352:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    {   FILE* const f = fopen( dstFileName, "wb" );
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:376:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fileHandle = fopen(fileName, "rb");
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:1105:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        {   const char lastZeroByte[1] = { 0 };
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:1696:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dstFileName, srcFileName, sfnSize - suffixSize);
data/tarantool-2.6.0/third_party/zstd/programs/util.h:382:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(path, dirName, dirLength);
data/tarantool-2.6.0/third_party/zstd/programs/util.h:398:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(path, dirName, dirLength);
data/tarantool-2.6.0/third_party/zstd/programs/util.h:400:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(path+dirLength+1, cFile.cFileName, fnameLength);
data/tarantool-2.6.0/third_party/zstd/programs/util.h:455:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(path, dirName, dirLength);
data/tarantool-2.6.0/third_party/zstd/programs/util.h:458:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(path+dirLength+1, entry->d_name, fnameLength);
data/tarantool-2.6.0/third_party/zstd/programs/util.h:686:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    {   FILE* const cpuinfo = fopen("/proc/cpuinfo", "r");
data/tarantool-2.6.0/third_party/zstd/programs/util.h:688:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buff[BUF_SIZE];
data/tarantool-2.6.0/third_party/zstd/programs/util.h:710:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    siblings = atoi(sep + 1);
data/tarantool-2.6.0/third_party/zstd/programs/util.h:719:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                    cpu_cores = atoi(sep + 1);
data/tarantool-2.6.0/third_party/zstd/tests/decodecorpus.c:409:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(op, LITERAL_BUFFER, litSize);
data/tarantool-2.6.0/third_party/zstd/tests/decodecorpus.c:679:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(srcPtr, literals, literalLen);
data/tarantool-2.6.0/third_party/zstd/tests/decodecorpus.c:764:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(srcPtr, literals, literalsSize);
data/tarantool-2.6.0/third_party/zstd/tests/decodecorpus.c:1039:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(op, frame->src, contentSize);
data/tarantool-2.6.0/third_party/zstd/tests/decodecorpus.c:1065:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(op, frame->src, contentSize);
data/tarantool-2.6.0/third_party/zstd/tests/decodecorpus.c:1133:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        out = fopen(path, "wb");
data/tarantool-2.6.0/third_party/zstd/tests/decodecorpus.c:1584:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outPath[MAX_PATH];
data/tarantool-2.6.0/third_party/zstd/tests/decodecorpus.c:1626:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outPath[MAX_PATH];
data/tarantool-2.6.0/third_party/zstd/tests/fullbench.c:246:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(firstBlockBuf, src, FIRST_BLOCK_SIZE);
data/tarantool-2.6.0/third_party/zstd/tests/fullbench.c:377:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buff2, dstBuff+skippedSize, g_cSize-skippedSize);
data/tarantool-2.6.0/third_party/zstd/tests/fullbench.c:403:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buff2, ip, g_cSize);   /* copy rest of block (it starts by SeqHeader) */
data/tarantool-2.6.0/third_party/zstd/tests/fullbench.c:488:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE* const inFile = fopen( inFileName, "rb" );
data/tarantool-2.6.0/third_party/zstd/tests/fuzz/block_round_trip.c:46:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(result, src, srcSize);
data/tarantool-2.6.0/third_party/zstd/tests/fuzz/regression_driver.c:54:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(fileName, "rb");
data/tarantool-2.6.0/third_party/zstd/tests/fuzzer.c:1055:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((char*)compressedBuffer+cSize, (char*)CNBuffer+dictSize+blockSize, blockSize);   /* fake non-compressed block */
data/tarantool-2.6.0/third_party/zstd/tests/fuzzer.c:1337:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(sampleBuffer, srcBuffer + sampleStart, sampleSize); }
data/tarantool-2.6.0/third_party/zstd/tests/fuzzer.c:1353:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dstBuffer+tooSmallSize, &endMark, 4);
data/tarantool-2.6.0/third_party/zstd/tests/fuzzer.c:1356:33:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                { U32 endCheck; memcpy(&endCheck, dstBuffer+tooSmallSize, 4);
data/tarantool-2.6.0/third_party/zstd/tests/fuzzer.c:1386:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(cBufferTooSmall, cBuffer, tooSmallSize);
data/tarantool-2.6.0/third_party/zstd/tests/fuzzer.c:1423:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(cBuffer + pos, srcBuffer + noiseStart, noiseLength);
data/tarantool-2.6.0/third_party/zstd/tests/fuzzer.c:1429:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dstBuffer+sampleSize, &endMark, 4);
data/tarantool-2.6.0/third_party/zstd/tests/fuzzer.c:1435:35:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                {   U32 endCheck; memcpy(&endCheck, dstBuffer+sampleSize, 4);
data/tarantool-2.6.0/third_party/zstd/tests/fuzzer.c:1482:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(mirrorBuffer + totalTestSize, srcBuffer+segmentStart, segmentSize);
data/tarantool-2.6.0/third_party/zstd/tests/paramgrill.c:172:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[30] = { 0 };
data/tarantool-2.6.0/third_party/zstd/tests/paramgrill.c:584:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const f = fopen(rfName, "w");
data/tarantool-2.6.0/third_party/zstd/tests/paramgrill.c:672:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE* const inFile = fopen( inFileName, "rb" );
data/tarantool-2.6.0/third_party/zstd/tests/paramgrill.c:733:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const inFile = fopen( inFileName, "rb" );
data/tarantool-2.6.0/third_party/zstd/tests/roundTripCrash.c:194:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* const f = fopen(fileName, "rb");
data/tarantool-2.6.0/third_party/zstd/tests/zbufftest.c:374:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(copyBuffer+totalTestSize, srcBuffer+srcStart, readChunkSize);
data/tarantool-2.6.0/third_party/zstd/tests/zbufftest.c:429:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(cBuffer+cStart, srcBuffer+noiseStart, noiseSize);
data/tarantool-2.6.0/third_party/zstd/tests/zstreamtest.c:718:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dst, srcToCopy, segLength);   /* create a long repetition at long distance for job 2 */
data/tarantool-2.6.0/third_party/zstd/tests/zstreamtest.c:1034:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(copyBuffer+totalTestSize, srcBuffer+srcStart, inBuff.pos);
data/tarantool-2.6.0/third_party/zstd/tests/zstreamtest.c:1100:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(cBuffer+cStart, srcBuffer+noiseStart, noiseSize);
data/tarantool-2.6.0/third_party/zstd/tests/zstreamtest.c:1296:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(copyBuffer+totalTestSize, srcBuffer+srcStart, inBuff.pos);
data/tarantool-2.6.0/third_party/zstd/tests/zstreamtest.c:1361:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(cBuffer+cStart, srcBuffer+noiseStart, noiseSize);
data/tarantool-2.6.0/third_party/zstd/tests/zstreamtest.c:1651:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(copyBuffer+totalTestSize, srcBuffer+srcStart, inBuff.pos);
data/tarantool-2.6.0/third_party/zstd/tests/zstreamtest.c:1712:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(cBuffer+cStart, srcBuffer+noiseStart, noiseSize);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example.c:123:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((char*)uncompr, "garbage");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example.c:174:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((char*)uncompr, "garbage");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example.c:270:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((char*)uncompr, "garbage");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example.c:366:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((char*)uncompr, "garbage");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example.c:445:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((char*)uncompr, "garbage");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example.c:526:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((char*)uncompr, "garbage");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example_original.c:115:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((char*)uncompr, "garbage");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example_original.c:166:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((char*)uncompr, "garbage");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example_original.c:262:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((char*)uncompr, "garbage");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example_original.c:358:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((char*)uncompr, "garbage");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example_original.c:437:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((char*)uncompr, "garbage");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example_original.c:518:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy((char*)uncompr, "garbage");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/fitblk.c:81:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char raw[RAWLEN];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/fitblk.c:106:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char raw[RAWLEN];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/fitblk_original.c:76:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char raw[RAWLEN];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/fitblk_original.c:99:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char raw[RAWLEN];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:86:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[1024];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:115:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "unknown win32 error (%ld)", error);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:226:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                              fopen(path, gz->write ? "wb" : "rb");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:245:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char out[BUFLEN];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:270:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char in[1];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:304:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char out[BUFLEN];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:369:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    local char buf[BUFLEN];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:437:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    local char buf[BUFLEN];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:464:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    local char outfile[MAX_NAME_LEN];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:480:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    in = fopen(file, "rb");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:502:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    local char buf[MAX_NAME_LEN];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:537:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = fopen(outfile, "wb");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:566:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *bname, outmode[20];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:571:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(outmode, "wb6 ");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:636:33:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                    FILE * in = fopen(*argv, "rb");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/zwrapbench.c:692:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        f = fopen(fileNamesTable[n], "rb");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/zwrapbench.c:716:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mfName[20] = {0};
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/zwrapbench.c:761:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[20] = {0};
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzguts.h:52:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#  define open _open
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzlib.c:39:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[1024];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzlib.c:68:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "unknown win32 error (%ld)", error);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzlib.c:248:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        open((const char *)path, oflag, 0666));
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzlib.c:301:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(path, "<fd:%d>", fd);   /* for debugging */
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzlib.c:618:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(state.state->msg, ": ");
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzread.c:165:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(state.state->x.next, strm->next_in, strm->avail_in);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzread.c:329:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buf, state.state->x.next, n);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzread.c:467:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzread.c:607:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf, state.state->x.next, n);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:216:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(state.state->in + have, buf, copy);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:312:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1];
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:447:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(state.state->in, state.state->in + state.state->size, left);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:546:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(state.state->in, state.state->in + state.state->size, left);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/zstd_zlibwrapper.c:123:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&zwc->allocFunc, strm, sizeof(z_stream));
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/zstd_zlibwrapper.c:432:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char headerBuf[16];   /* must be >= ZSTD_frameHeaderSize_min */
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/zstd_zlibwrapper.c:690:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(zwd->headerBuf+zwd->totalInBytes, strm->next_in, srcSize);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/zstd_zlibwrapper.c:766:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(zwd->headerBuf+zwd->totalInBytes, strm->next_in, srcSize);
data/tarantool-2.6.0/extra/bin2c.c:60:14:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((c = fgetc(in)) != -1) {
data/tarantool-2.6.0/extra/lemon.c:61:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define lemonStrlen(X)   ((int)strlen(X))
data/tarantool-2.6.0/extra/lemon.c:4539:16:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    nextChar = fgetc(in);
data/tarantool-2.6.0/extra/mkkeywordhash.c:326:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p->len = (int)strlen(p->zName);
data/tarantool-2.6.0/extra/mkkeywordhash.c:534:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    printf("%s,%*s", zToken, (int)(14-strlen(zToken)), "");
data/tarantool-2.6.0/extra/mkkeywordhash.c:548:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    printf("%s,%*s", flag, (int)(14-strlen(flag)), "");
data/tarantool-2.6.0/extra/txt2c.c:65:14:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((c = fgetc(in)) != -1) {
data/tarantool-2.6.0/src/box/alter.cc:372:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					     strlen(space->sequence_path) : 0,
data/tarantool-2.6.0/src/box/alter.cc:395:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			diag_set(OutOfMemory, strlen(opts->sql) + 1, "strdup",
data/tarantool-2.6.0/src/box/alter.cc:431:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t action_literal_len = strlen("nullable_action");
data/tarantool-2.6.0/src/box/alter.cc:464:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t field_name_len = strlen(field->name);
data/tarantool-2.6.0/src/box/alter.cc:509:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							     strlen(dv));
data/tarantool-2.6.0/src/box/alter.cc:2015:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					old_def->name, strlen(old_def->name),
data/tarantool-2.6.0/src/box/alter.cc:3257:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (len != strlen("function") ||
data/tarantool-2.6.0/src/box/alter.cc:3267:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (len != strlen("none") ||
data/tarantool-2.6.0/src/box/alter.cc:4941:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(trigger_name) != trigger_name_len ||
data/tarantool-2.6.0/src/box/alter.cc:5569:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	assert(space_ck_constraint_by_name(space, name, strlen(name)) != NULL);
data/tarantool-2.6.0/src/box/alter.cc:5597:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	assert(space_ck_constraint_by_name(space, name, strlen(name)) == NULL);
data/tarantool-2.6.0/src/box/alter.cc:5625:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					ck->def->name, strlen(ck->def->name));
data/tarantool-2.6.0/src/box/alter.cc:5684:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			space_ck_constraint_by_name(space, name, strlen(name));
data/tarantool-2.6.0/src/box/applier.cc:64:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  strlen("APPLIER_"));
data/tarantool-2.6.0/src/box/call.c:132:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (module_reload(name, name + strlen(name), &module) == 0) {
data/tarantool-2.6.0/src/box/ck_constraint.c:234:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				 strlen(ck_constraint_def->expr_str));
data/tarantool-2.6.0/src/box/ck_constraint.c:271:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(ck_constraint->def->name) == name_len &&
data/tarantool-2.6.0/src/box/constraint_id.c:47:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t len = strlen(name);
data/tarantool-2.6.0/src/box/error.cc:339:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(m_custom_type, custom_type, sizeof(m_custom_type) - 1);
data/tarantool-2.6.0/src/box/execute.c:292:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		map_size += mp_sizeof_str(strlen(coll));
data/tarantool-2.6.0/src/box/execute.c:307:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		map_size += span != NULL ? mp_sizeof_str(strlen(span)) :
data/tarantool-2.6.0/src/box/execute.c:312:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	map_size += mp_sizeof_str(strlen(name));
data/tarantool-2.6.0/src/box/execute.c:313:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	map_size += mp_sizeof_str(strlen(type));
data/tarantool-2.6.0/src/box/execute.c:328:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf = mp_encode_str(buf, name, strlen(name));
data/tarantool-2.6.0/src/box/execute.c:330:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf = mp_encode_str(buf, type, strlen(type));
data/tarantool-2.6.0/src/box/execute.c:333:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buf = mp_encode_str(buf, coll, strlen(coll));
data/tarantool-2.6.0/src/box/execute.c:355:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		buf = mp_encode_str(buf, span, strlen(span));
data/tarantool-2.6.0/src/box/execute.c:430:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size += mp_sizeof_str(strlen(name));
data/tarantool-2.6.0/src/box/execute.c:431:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size += mp_sizeof_str(strlen(type));
data/tarantool-2.6.0/src/box/execute.c:439:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pos = mp_encode_str(pos, name, strlen(name));
data/tarantool-2.6.0/src/box/execute.c:441:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pos = mp_encode_str(pos, type, strlen(type));
data/tarantool-2.6.0/src/box/execute.c:450:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t stmt_id = sql_stmt_calculate_id(sql_str, strlen(sql_str));
data/tarantool-2.6.0/src/box/execute.c:595:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (sql_stmt_compile(sql_str, strlen(sql_str), NULL,
data/tarantool-2.6.0/src/box/execute.c:713:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		return sql_prepare_and_execute(sql_str, strlen(sql_str), bind,
data/tarantool-2.6.0/src/box/func.c:94:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		name->package_end = str + strlen(str);
data/tarantool-2.6.0/src/box/func.c:217:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t package_len = strlen(module->package);
data/tarantool-2.6.0/src/box/index_def.c:134:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		diag_set(OutOfMemory, strlen(def->name) + 1, "malloc",
data/tarantool-2.6.0/src/box/key_def.c:261:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sz += parts[i].path != NULL ? strlen(parts[i].path) : 0;
data/tarantool-2.6.0/src/box/key_def.c:286:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		uint32_t path_len = part->path != NULL ? strlen(part->path) : 0;
data/tarantool-2.6.0/src/box/key_def.c:480:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size += mp_sizeof_str(strlen(PART_OPT_FIELD));
data/tarantool-2.6.0/src/box/key_def.c:483:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size += mp_sizeof_str(strlen(PART_OPT_TYPE));
data/tarantool-2.6.0/src/box/key_def.c:484:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size += mp_sizeof_str(strlen(field_type_strs[part->type]));
data/tarantool-2.6.0/src/box/key_def.c:486:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size += mp_sizeof_str(strlen(PART_OPT_COLLATION));
data/tarantool-2.6.0/src/box/key_def.c:490:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size += mp_sizeof_str(strlen(PART_OPT_NULLABILITY));
data/tarantool-2.6.0/src/box/key_def.c:494:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size += mp_sizeof_str(strlen(PART_OPT_PATH));
data/tarantool-2.6.0/src/box/key_def.c:495:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size += mp_sizeof_str(strlen(part->path));
data/tarantool-2.6.0/src/box/key_def.c:516:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     strlen(PART_OPT_FIELD));
data/tarantool-2.6.0/src/box/key_def.c:519:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     strlen(PART_OPT_TYPE));
data/tarantool-2.6.0/src/box/key_def.c:522:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data = mp_encode_str(data, type_str, strlen(type_str));
data/tarantool-2.6.0/src/box/key_def.c:525:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					     strlen(PART_OPT_COLLATION));
data/tarantool-2.6.0/src/box/key_def.c:530:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					     strlen(PART_OPT_NULLABILITY));
data/tarantool-2.6.0/src/box/key_def.c:535:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					     strlen(PART_OPT_PATH));
data/tarantool-2.6.0/src/box/key_def.c:537:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					     strlen(part->path));
data/tarantool-2.6.0/src/box/key_def.c:625:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		uint32_t  action_literal_len = strlen("nullable_action");
data/tarantool-2.6.0/src/box/key_def.c:684:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    json_path_validate(part->path, strlen(part->path),
data/tarantool-2.6.0/src/box/lua/call.c:651:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int ret = box_lua_find(L, deepcopy, deepcopy + strlen(deepcopy));
data/tarantool-2.6.0/src/box/lua/call.c:657:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		uint32_t name_len = strlen(exports[i]);
data/tarantool-2.6.0/src/box/lua/call.c:693:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(load_pref) + strlen(func->base.def->body) + 1;
data/tarantool-2.6.0/src/box/lua/call.c:693:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(load_pref) + strlen(func->base.def->body) + 1;
data/tarantool-2.6.0/src/box/lua/console.c:589:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (luaL_loadbuffer(L, serpent_lua, strlen(serpent_lua), modfile)) {
data/tarantool-2.6.0/src/box/lua/console.c:759:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t n = strlen(s);
data/tarantool-2.6.0/src/box/lua/execute.c:220:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							 strlen(sql_str)));
data/tarantool-2.6.0/src/box/lua/execute.c:251:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							 strlen(sql_str)));
data/tarantool-2.6.0/src/box/lua/info.c:91:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const char *s = applier_state_strs[applier->state] + strlen("APPLIER_");
data/tarantool-2.6.0/src/box/lua/info.c:92:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	assert(strlen(s) < sizeof(status));
data/tarantool-2.6.0/src/box/lua/init.c:498:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (luaL_loadbuffer(L, modsrc, strlen(modsrc), modfile) != 0 ||
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:186:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int nd_len = strlen(nd_type_names[i]);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:414:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t len = strlen(d->indent_buf);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:793:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(str_nil);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:797:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(str_null);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:802:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(buf);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:807:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(buf);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:831:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(str_true);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:835:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(str_false);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:842:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(buf);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:848:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(buf);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:856:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(str);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:868:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(d->err_msg);
data/tarantool-2.6.0/src/box/lua/serialize_lua.c:877:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(d->err_msg);
data/tarantool-2.6.0/src/box/lua/session.c:461:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t len = strlen(str);
data/tarantool-2.6.0/src/box/lua/xlog.c:299:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			 (int) strlen(cur->meta.filetype),
data/tarantool-2.6.0/src/box/mp_error.cc:141:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data_size += mp_sizeof_str(strlen(error->type->name));
data/tarantool-2.6.0/src/box/mp_error.cc:145:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data_size += mp_sizeof_str(strlen(error->file));
data/tarantool-2.6.0/src/box/mp_error.cc:147:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data_size += mp_sizeof_str(strlen(error->errmsg));
data/tarantool-2.6.0/src/box/mp_error.cc:158:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data_size += mp_sizeof_str(strlen("object_type"));
data/tarantool-2.6.0/src/box/mp_error.cc:159:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data_size += mp_sizeof_str(strlen(ad_err->object_type()));
data/tarantool-2.6.0/src/box/mp_error.cc:160:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data_size += mp_sizeof_str(strlen("object_name"));
data/tarantool-2.6.0/src/box/mp_error.cc:161:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data_size += mp_sizeof_str(strlen(ad_err->object_name()));
data/tarantool-2.6.0/src/box/mp_error.cc:162:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data_size += mp_sizeof_str(strlen("access_type"));
data/tarantool-2.6.0/src/box/mp_error.cc:163:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data_size += mp_sizeof_str(strlen(ad_err->access_type()));
data/tarantool-2.6.0/src/box/mp_error.cc:168:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		data_size += mp_sizeof_str(strlen("custom_type"));
data/tarantool-2.6.0/src/box/mp_error.cc:170:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			mp_sizeof_str(strlen(box_error_custom_type(error)));
data/tarantool-2.6.0/src/box/mp_error.cc:181:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return mp_encode_str(data, str, strlen(str));
data/tarantool-2.6.0/src/box/mp_error.cc:346:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return r_len == strlen(l) && memcmp(l, r, r_len) == 0;
data/tarantool-2.6.0/src/box/opt_def.c:109:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			assert (strlen(ptr) == str_len);
data/tarantool-2.6.0/src/box/opt_def.c:172:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (key_len != strlen(def->name) ||
data/tarantool-2.6.0/src/box/request.c:182:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		tuple_go_to_path(&key, path, strlen(path), MULTIKEY_NONE);
data/tarantool-2.6.0/src/box/schema.cc:102:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					     strlen(name));
data/tarantool-2.6.0/src/box/schema.cc:187:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							 strlen(name));
data/tarantool-2.6.0/src/box/schema.cc:213:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		uint32_t name_len = strlen(name);
data/tarantool-2.6.0/src/box/schema.cc:242:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		k = mh_strnptr_find_inp(spaces_by_name, name, strlen(name));
data/tarantool-2.6.0/src/box/schema.cc:277:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						    strlen("primary"),
data/tarantool-2.6.0/src/box/schema.cc:286:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		space_def_new_xc(id, ADMIN, 0, name, strlen(name), "memtx",
data/tarantool-2.6.0/src/box/schema.cc:287:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				 strlen("memtx"), &space_opts_default, NULL, 0);
data/tarantool-2.6.0/src/box/schema.cc:493:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				       name, strlen(name), engine,
data/tarantool-2.6.0/src/box/schema.cc:494:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				       strlen(engine), &opts, NULL, 0);
data/tarantool-2.6.0/src/box/schema.cc:549:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	assert(func_by_name(func->def->name, strlen(func->def->name)) == NULL);
data/tarantool-2.6.0/src/box/schema.cc:557:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t def_name_len = strlen(func->def->name);
data/tarantool-2.6.0/src/box/schema.cc:578:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strlen(func->def->name));
data/tarantool-2.6.0/src/box/schema.cc:622:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	assert(strlen(type) <= GRANT_NAME_MAX);
data/tarantool-2.6.0/src/box/schema.cc:623:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mp_encode_uint(mp_encode_str(key, type, strlen(type)), id);
data/tarantool-2.6.0/src/box/session_settings.c:463:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t name_len = strlen(name);
data/tarantool-2.6.0/src/box/space.c:636:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t len = strlen(name);
data/tarantool-2.6.0/src/box/space.c:648:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t len = strlen(id->name);
data/tarantool-2.6.0/src/box/space.c:662:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t len = strlen(name);
data/tarantool-2.6.0/src/box/space_def.c:66:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		field_strs_size += strlen(fields[i].name) + 1;
data/tarantool-2.6.0/src/box/space_def.c:68:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			int len = strlen(fields[i].default_value);
data/tarantool-2.6.0/src/box/space_def.c:98:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			diag_set(OutOfMemory, strlen(opts->sql) + 1, "strdup",
data/tarantool-2.6.0/src/box/space_def.c:110:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t size = space_def_sizeof(strlen(src->name), src->fields,
data/tarantool-2.6.0/src/box/space_def.c:126:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strs_pos += strlen(strs_pos) + 1;
data/tarantool-2.6.0/src/box/space_def.c:129:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strs_pos += strlen(strs_pos) + 1;
data/tarantool-2.6.0/src/box/space_def.c:199:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			uint32_t len = strlen(fields[i].name);
data/tarantool-2.6.0/src/box/space_def.c:206:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				len = strlen(fields[i].default_value);
data/tarantool-2.6.0/src/box/space_def.c:251:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						    strlen("ephemeral"),
data/tarantool-2.6.0/src/box/space_def.c:252:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						    "memtx", strlen("memtx"),
data/tarantool-2.6.0/src/box/sql.c:341:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t name_len = strlen("_COLUMN_") + 11;
data/tarantool-2.6.0/src/box/sql.c:401:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		index_def_new(0, 0, "ephemer_idx", strlen("ephemer_idx"), TREE,
data/tarantool-2.6.0/src/box/sql.c:626:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t trig_name_len = strlen(trig_name);
data/tarantool-2.6.0/src/box/sql.c:627:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t old_table_name_len = strlen(old_table_name);
data/tarantool-2.6.0/src/box/sql.c:628:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t new_table_name_len = strlen(new_table_name);
data/tarantool-2.6.0/src/box/sql.c:695:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int name_len = strlen(new_name);
data/tarantool-2.6.0/src/box/sql.c:1237:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t name_len = name != NULL ? strlen(name) : 0;
data/tarantool-2.6.0/src/box/sql/analyze.c:1208:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					    strlen(argv[1]));
data/tarantool-2.6.0/src/box/sql/analyze.c:1254:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strncmp("unordered", z, strlen("unordered")) == 0)
data/tarantool-2.6.0/src/box/sql/analyze.c:1256:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		else if (strncmp("noskipscan", z, strlen("noskipscan")) == 0)
data/tarantool-2.6.0/src/box/sql/analyze.c:1378:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						    strlen(index_name));
data/tarantool-2.6.0/src/box/sql/analyze.c:1446:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						    strlen(index_name));
data/tarantool-2.6.0/src/box/sql/analyze.c:1526:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						    strlen(index_name));
data/tarantool-2.6.0/src/box/sql/build.c:152:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ssize_t len = strlen(zName);
data/tarantool-2.6.0/src/box/sql/build.c:407:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			strncpy(field->default_value, pSpan->zStart,
data/tarantool-2.6.0/src/box/sql/build.c:596:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t name_len = strlen(name);
data/tarantool-2.6.0/src/box/sql/build.c:1824:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t column_len = strlen(column_name);
data/tarantool-2.6.0/src/box/sql/build.c:1975:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int name_len = strlen(constraint_name);
data/tarantool-2.6.0/src/box/sql/build.c:2356:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return strncmp(name, "sql_autoindex_", strlen("sql_autoindex_")) &&
data/tarantool-2.6.0/src/box/sql/build.c:2357:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncmp(name, "pk_unnamed_", strlen("pk_unnamed_")) &&
data/tarantool-2.6.0/src/box/sql/build.c:2358:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strncmp(name, "unique_unnamed_", strlen("unique_unnamed_"));
data/tarantool-2.6.0/src/box/sql/build.c:2558:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (index_fill_def(parse, index, def, iid, name, strlen(name),
data/tarantool-2.6.0/src/box/sql/build.c:3395:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t name_len = strlen(name);
data/tarantool-2.6.0/src/box/sql/build.c:3409:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		engine_len = strlen(engine);
data/tarantool-2.6.0/src/box/sql/callback.c:49:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	struct coll_id *p = coll_by_name(name, strlen(name));
data/tarantool-2.6.0/src/box/sql/expr.c:3343:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				 strlen(z) - 2, 16);
data/tarantool-2.6.0/src/box/sql/expr.c:3348:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t len = strlen(z);
data/tarantool-2.6.0/src/box/sql/fk_constraint.c:834:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t name_len = strlen(space_name);
data/tarantool-2.6.0/src/box/sql/func.c:2187:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	struct func *base = func_by_name(name, strlen(name));
data/tarantool-2.6.0/src/box/sql/malloc.c:412:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	n = strlen(z) + 1;
data/tarantool-2.6.0/src/box/sql/os_unix.c:735:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		got = read(id->h, pBuf, cnt);
data/tarantool-2.6.0/src/box/sql/os_unix.c:914:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (ii = (int)strlen(zDirname); ii > 0 && zDirname[ii] != '/'; ii--) ;
data/tarantool-2.6.0/src/box/sql/os_unix.c:1709:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		       || zName[strlen(zName) + 1] == 0);
data/tarantool-2.6.0/src/box/sql/os_unix.c:1722:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		assert(zName[strlen(zName) + 1] == 0);
data/tarantool-2.6.0/src/box/sql/parse_def.c:46:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p->n = z == NULL ? 0 : strlen(z);
data/tarantool-2.6.0/src/box/sql/select.c:289:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pItem->zName = sqlDbStrNDup(db, new_name, strlen(new_name));
data/tarantool-2.6.0/src/box/sql/select.c:291:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		diag_set(OutOfMemory, strlen(new_name), "sqlDbStrNDup",
data/tarantool-2.6.0/src/box/sql/select.c:359:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (memcmp(name, cte->zName, strlen(name)) == 0)
data/tarantool-2.6.0/src/box/sql/select.c:1977:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t name_len = strlen(zName);
data/tarantool-2.6.0/src/box/sql/select.c:4220:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				int len = strlen(str);
data/tarantool-2.6.0/src/box/sql/tokenize.c:554:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(outer) + expr_len;
data/tarantool-2.6.0/src/box/sql/tokenize.c:563:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	parser.line_pos -= strlen(outer);
data/tarantool-2.6.0/src/box/sql/trigger.c:91:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						 strlen(table_name));
data/tarantool-2.6.0/src/box/sql/trigger.c:201:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int sql_str_len = strlen(sql_str);
data/tarantool-2.6.0/src/box/sql/trigger.c:202:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int sql_len = strlen("sql");
data/tarantool-2.6.0/src/box/sql/util.c:74:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return 0x3fffffff & (unsigned)strlen(z);
data/tarantool-2.6.0/src/box/sql/vdbe.c:1930:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	struct func *func = func_by_name(pOp->p4.z, strlen(pOp->p4.z));
data/tarantool-2.6.0/src/box/sql/vdbeapi.c:790:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size += strlen(metadata->type);
data/tarantool-2.6.0/src/box/sql/vdbeapi.c:792:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size += strlen(metadata->name);
data/tarantool-2.6.0/src/box/sql/vdbeapi.c:794:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size += strlen(metadata->collation);
data/tarantool-2.6.0/src/box/sql/vdbeapi.c:828:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				size += strlen(v->aOp[i].p4.z);
data/tarantool-2.6.0/src/box/sql/vdbeapi.c:848:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size += strlen(v->zSql);
data/tarantool-2.6.0/src/box/sql/vdbeaux.c:1843:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		diag_set(OutOfMemory, strlen(name) + 1, "strdup", "name");
data/tarantool-2.6.0/src/box/sql/vdbeaux.c:1857:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		diag_set(OutOfMemory, strlen(type) + 1, "strdup", "type");
data/tarantool-2.6.0/src/box/sql/vdbeaux.c:1904:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		diag_set(OutOfMemory, strlen(span) + 1, "strdup", "span");
data/tarantool-2.6.0/src/box/sql/vdbemem.c:309:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		nByte = strlen(value_str) + 1;
data/tarantool-2.6.0/src/box/sql/vdbemem.c:638:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strncasecmp(str, SQL_TOKEN_TRUE, strlen(SQL_TOKEN_TRUE)) == 0) {
data/tarantool-2.6.0/src/box/sql/vdbemem.c:642:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			       strlen(SQL_TOKEN_FALSE)) == 0) {
data/tarantool-2.6.0/src/box/sql/vdbemem.c:746:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			sqlVdbeMemSetStr(pMem, str_bool, strlen(str_bool), 1,
data/tarantool-2.6.0/src/box/sql/whereexpr.c:301:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t u_ci_id = coll_by_name("unicode_ci", strlen("unicode_ci"))->id;
data/tarantool-2.6.0/src/box/sql/whereexpr.c:302:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t bin_id = coll_by_name("binary", strlen("binary"))->id;
data/tarantool-2.6.0/src/box/sql_stmt_cache.c:105:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							 strlen(sql_str));
data/tarantool-2.6.0/src/box/sql_stmt_cache.c:172:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							 strlen(sql_str));
data/tarantool-2.6.0/src/box/sql_stmt_cache.c:232:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t stmt_id = sql_stmt_calculate_id(sql_str, strlen(sql_str));
data/tarantool-2.6.0/src/box/sql_stmt_cache.c:263:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t stmt_id = sql_stmt_calculate_id(sql_str, strlen(sql_str));
data/tarantool-2.6.0/src/box/tuple_convert.c:156:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(buf);
data/tarantool-2.6.0/src/box/tuple_convert.c:162:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(buf);
data/tarantool-2.6.0/src/box/tuple_dictionary.c:139:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		total += strlen(fields[i].name) + 1;
data/tarantool-2.6.0/src/box/tuple_dictionary.c:159:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = strlen(fields[i].name);
data/tarantool-2.6.0/src/box/txn.c:1018:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int name_len = name != NULL ? strlen(name) : 0;
data/tarantool-2.6.0/src/box/user.cc:558:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t name_len = strlen("guest");
data/tarantool-2.6.0/src/box/user.cc:575:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	name_len = strlen("admin");
data/tarantool-2.6.0/src/box/vinyl.c:407:67:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	vy_info_append_disk_stmt_counter(h, "read", &stat->disk.iterator.read);
data/tarantool-2.6.0/src/box/vinyl.c:2582:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		diag_set(OutOfMemory, strlen(path),
data/tarantool-2.6.0/src/box/vy_log.c:1414:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strlen(key_parts[i].path) + 1 : 0;
data/tarantool-2.6.0/src/box/vy_log.c:1429:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		uint32_t path_len = strlen(key_parts[i].path);
data/tarantool-2.6.0/src/box/vy_run.c:1076:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	itr->stat->read.rows += page_info->row_count;
data/tarantool-2.6.0/src/box/vy_run.c:1077:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	itr->stat->read.bytes += page_info->unpacked_size;
data/tarantool-2.6.0/src/box/vy_run.c:1078:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	itr->stat->read.bytes_compressed += page_info->size;
data/tarantool-2.6.0/src/box/vy_run.c:1079:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	itr->stat->read.pages++;
data/tarantool-2.6.0/src/box/vy_stat.h:103:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	struct vy_disk_stmt_counter read;
data/tarantool-2.6.0/src/box/xlog.c:202:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return key_len == strlen(str) && memcmp(key, str, key_len) == 0;
data/tarantool-2.6.0/src/box/xlog.c:883:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(xlog->filename, name, sizeof(xlog->filename));
data/tarantool-2.6.0/src/box/xrow.c:1197:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		d = mp_encode_str(d, "chap-sha1", strlen("chap-sha1"));
data/tarantool-2.6.0/src/box/xrow.c:1643:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (memcmp(greetingbuf, "Tarantool ", strlen("Tarantool ")) != 0 ||
data/tarantool-2.6.0/src/box/xrow.c:1649:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const char *pos = greetingbuf + strlen("Tarantool ");
data/tarantool-2.6.0/src/httpc.c:199:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(HTTP_ACCEPT_HEADER)) == 0)
data/tarantool-2.6.0/src/httpc.c:202:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		 strlen(HTTP_CONNECTION_HEADER)) == 0)
data/tarantool-2.6.0/src/httpc.c:205:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			     strlen(HTTP_KEEP_ALIVE_HEADER)) == 0)
data/tarantool-2.6.0/src/httpc.c:210:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		diag_set(OutOfMemory, strlen(header), "curl", "http header");
data/tarantool-2.6.0/src/lib/coll/coll.c:409:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = strlen(coll->fingerprint);
data/tarantool-2.6.0/src/lib/core/coio_file.c:85:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		} read;
data/tarantool-2.6.0/src/lib/core/coio_file.c:264:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	req->result = read(eio->read.fd, eio->read.buf, eio->read.count);
data/tarantool-2.6.0/src/lib/core/coio_file.c:264:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	req->result = read(eio->read.fd, eio->read.buf, eio->read.count);
data/tarantool-2.6.0/src/lib/core/coio_file.c:264:40:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	req->result = read(eio->read.fd, eio->read.buf, eio->read.count);
data/tarantool-2.6.0/src/lib/core/coio_file.c:264:55:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	req->result = read(eio->read.fd, eio->read.buf, eio->read.count);
data/tarantool-2.6.0/src/lib/core/coio_file.c:272:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	eio.read.buf = buf;
data/tarantool-2.6.0/src/lib/core/coio_file.c:273:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	eio.read.count = count;
data/tarantool-2.6.0/src/lib/core/coio_file.c:274:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	eio.read.fd = fd;
data/tarantool-2.6.0/src/lib/core/coio_file.c:569:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t namlen = strlen(entry->d_name);
data/tarantool-2.6.0/src/lib/core/coio_task.c:395:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			diag_set(OutOfMemory, strlen(host), "malloc",
data/tarantool-2.6.0/src/lib/core/coio_task.c:404:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			diag_set(OutOfMemory, strlen(port), "malloc",
data/tarantool-2.6.0/src/lib/core/errinj.h:201:55:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define ERROR_INJECT_SLEEP(ID) ERROR_INJECT_WHILE(ID, usleep(1000))
data/tarantool-2.6.0/src/lib/core/fiber.c:915:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t size = strlen(name) + 1;
data/tarantool-2.6.0/src/lib/core/fio.c:74:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		ssize_t nrd = read(fd, buf + n, count - n);
data/tarantool-2.6.0/src/lib/core/popen.c:194:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size += strlen(opts->argv[i]) + 3;
data/tarantool-2.6.0/src/lib/core/popen.c:212:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pos += strlen(opts->argv[i]);
data/tarantool-2.6.0/src/lib/core/random.c:61:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	ssize_t res = read(rfd, &seed, sizeof(seed));
data/tarantool-2.6.0/src/lib/core/random.c:86:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		ssize_t n = read(rfd, buf + generated, size - generated);
data/tarantool-2.6.0/src/lib/core/say.c:268:36:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	ERROR_INJECT(ERRINJ_LOG_ROTATE, { usleep(10); });
data/tarantool-2.6.0/src/lib/core/say.c:462:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		diag_set(OutOfMemory, strlen(init_str), "malloc", "abspath");
data/tarantool-2.6.0/src/lib/core/say.c:516:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		diag_set(OutOfMemory, strlen(server_address), "malloc",
data/tarantool-2.6.0/src/lib/core/say.c:597:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			diag_set(OutOfMemory, strlen(opts.server_path),
data/tarantool-2.6.0/src/lib/core/say.c:607:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		diag_set(OutOfMemory, strlen(opts.identity), "malloc",
data/tarantool-2.6.0/src/lib/core/say.c:886:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int str_len = strlen(str);
data/tarantool-2.6.0/src/lib/core/say.c:1083:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = strlen(prefix);
data/tarantool-2.6.0/src/lib/core/say.c:1154:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		diag_set(OutOfMemory, strlen(init_str), "malloc", "opts->copy");
data/tarantool-2.6.0/src/lib/core/sio.c:233:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	ssize_t n = read(fd, buf, count);
data/tarantool-2.6.0/src/lib/core/sio.c:353:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (u.host_len == strlen(URI_HOST_UNIX) &&
data/tarantool-2.6.0/src/lib/core/util.c:81:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    strlen(haystack[index]) == len)
data/tarantool-2.6.0/src/lib/core/util.c:177:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = strlen(start);
data/tarantool-2.6.0/src/lib/core/util.c:210:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (getcwd(abspath, PATH_MAX - strlen(filename) - 1) == NULL)
data/tarantool-2.6.0/src/lib/core/util.c:213:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(abspath, "/");
data/tarantool-2.6.0/src/lib/core/util.c:318:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int data_len = strlen(data);
data/tarantool-2.6.0/src/lib/mpstream/mpstream.h:130:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mpstream_encode_strn(stream, str, strlen(str));
data/tarantool-2.6.0/src/lib/msgpuck/msgpuck.c:144:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				uint32_t len = (uint32_t)strlen(str);
data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c:901:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int esize = strlen(expected);
data/tarantool-2.6.0/src/lib/msgpuck/test/msgpuck.c:1022:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t plain_len = strlen(plain);
data/tarantool-2.6.0/src/lib/salad/rope.h:635:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	rope_size_t child_prefix_len = strlen(prefix) + strlen(padding[0]) + 1;
data/tarantool-2.6.0/src/lib/salad/rope.h:635:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	rope_size_t child_prefix_len = strlen(prefix) + strlen(padding[0]) + 1;
data/tarantool-2.6.0/src/lib/uri/uri.c:40:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const char *pe = p + strlen(p);
data/tarantool-2.6.0/src/lib/uri/uri.c:216:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				uri->host_len = strlen(URI_HOST_UNIX);
data/tarantool-2.6.0/src/lib/uri/uri.c:242:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				uri->host_len = strlen(URI_HOST_UNIX);
data/tarantool-2.6.0/src/lib/uri/uri.c:645:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				uri->host_len = strlen(URI_HOST_UNIX);
data/tarantool-2.6.0/src/lib/uri/uri.c:671:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				uri->host_len = strlen(URI_HOST_UNIX);
data/tarantool-2.6.0/src/lib/uri/uri.c:2856:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				uri->host_len = strlen(URI_HOST_UNIX);
data/tarantool-2.6.0/src/lib/uri/uri.c:6048:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				uri->host_len = strlen(URI_HOST_UNIX);
data/tarantool-2.6.0/src/lib/uri/uri.c:6107:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				uri->host_len = strlen(URI_HOST_UNIX);
data/tarantool-2.6.0/src/lib/uri/uri.c:6198:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				uri->host_len = strlen(URI_HOST_UNIX);
data/tarantool-2.6.0/src/lib/uuid/tt_uuid.h:84:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(in) != UUID_STR_LEN ||
data/tarantool-2.6.0/src/lua/digest.c:84:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (coio_call(digest_pbkdf2_f, password, strlen(password), salt,
data/tarantool-2.6.0/src/lua/digest.c:85:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				  strlen(salt), digest, num_iterations, digest_len) < 0) {
data/tarantool-2.6.0/src/lua/fiber.c:585:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int name_size = strlen(name) + 1;
data/tarantool-2.6.0/src/lua/init.c:488:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (luaL_loadbuffer(L, modsrc, strlen(modsrc), modfile))
data/tarantool-2.6.0/src/lua/init.c:596:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (luaL_loadbuffer(L, optv[i + 1], strlen(optv[i + 1]),
data/tarantool-2.6.0/src/lua/socket.c:407:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    strlen(port) >= sizeof(uaddr->sun_path)) {
data/tarantool-2.6.0/src/proc_title.c:176:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			rel->clobber_end += strlen(argv[i]) + 1;
data/tarantool-2.6.0/src/proc_title.c:331:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		pstat(PSTAT_SETCMD, pst, strlen(ps_buffer), 0, 0);
data/tarantool-2.6.0/src/systemd.c:69:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(sd_unix_path) >= sizeof(sa.sun_path)) {
data/tarantool-2.6.0/src/systemd.c:120:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(sa.sun_path, sd_unix_path, sizeof(sa.sun_path) - 1);
data/tarantool-2.6.0/src/systemd.c:129:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ssize_t sent = sendto(systemd_fd, message, (size_t) strlen(message),
data/tarantool-2.6.0/src/title.c:133:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		            strlen(interpretor_name_short)) == 0) {
data/tarantool-2.6.0/src/title.c:189:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = strlen(str); \
data/tarantool-2.6.0/test/box/function1.c:54:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	d = mp_encode_str(d, "hello", strlen("hello"));
data/tarantool-2.6.0/test/box/function1.c:108:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t space_id = box_space_id_by_name(SPACE_NAME, strlen(SPACE_NAME));
data/tarantool-2.6.0/test/box/function1.c:110:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(INDEX_NAME));
data/tarantool-2.6.0/test/box/function1.c:204:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t space_id = box_space_id_by_name(SPACE_NAME, strlen(SPACE_NAME));
data/tarantool-2.6.0/test/box/function1.c:278:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pos = mp_encode_str(buf, str, strlen(str));
data/tarantool-2.6.0/test/box/reload1.c:12:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(SPACE_TEST_NAME));
data/tarantool-2.6.0/test/box/reload1.c:14:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(INDEX_NAME));
data/tarantool-2.6.0/test/box/reload1.c:52:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t space_id = box_space_id_by_name(SPACE_NAME, strlen(SPACE_NAME));
data/tarantool-2.6.0/test/box/reload2.c:11:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(SPACE_TEST_NAME));
data/tarantool-2.6.0/test/box/tuple_bench.c:21:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t space_id = box_space_id_by_name(SPACE_NAME, strlen(SPACE_NAME));
data/tarantool-2.6.0/test/box/tuple_bench.c:23:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(INDEX_NAME));
data/tarantool-2.6.0/test/box/tuple_bench.c:60:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						strlen(test_strings[kstr]));
data/tarantool-2.6.0/test/unit/base64.c:12:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = strlen(str);
data/tarantool-2.6.0/test/unit/bps_tree.cc:72:1:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
equal(const elem_t &a, const elem_t &b)
data/tarantool-2.6.0/test/unit/bps_tree.cc:90:37:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
#define BPS_TREE_IS_IDENTICAL(a, b) equal(a, b)
data/tarantool-2.6.0/test/unit/bps_tree_iterator.cc:14:13:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
static bool equal(const elem_t &a, const elem_t &b);
data/tarantool-2.6.0/test/unit/bps_tree_iterator.cc:21:37:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
#define BPS_TREE_IS_IDENTICAL(a, b) equal(a, b)
data/tarantool-2.6.0/test/unit/bps_tree_iterator.cc:30:1:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
equal(const elem_t &a, const elem_t &b)
data/tarantool-2.6.0/test/unit/bps_tree_iterator.cc:507:9:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (!equal(*e, comp_buf1[tested_count])) {
data/tarantool-2.6.0/test/unit/bps_tree_iterator.cc:529:9:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
			if (!equal(*e, comp_buf1[tested_count])) {
data/tarantool-2.6.0/test/unit/cbus_hang.c:134:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
		usleep(200);
data/tarantool-2.6.0/test/unit/coio.cc:15:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int rc = fwrite(c, strlen(c), 1, f);
data/tarantool-2.6.0/test/unit/coio.cc:57:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(1000);
data/tarantool-2.6.0/test/unit/coll.cpp:24:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int cmp = coll->cmp(a, strlen(a), b, strlen(b), coll);
data/tarantool-2.6.0/test/unit/coll.cpp:24:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int cmp = coll->cmp(a, strlen(a), b, strlen(b), coll);
data/tarantool-2.6.0/test/unit/coll.cpp:35:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int cmp = coll->cmp(strings[i], strlen(strings[i]),
data/tarantool-2.6.0/test/unit/coll.cpp:36:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				    strings[i - 1], strlen(strings[i - 1]),
data/tarantool-2.6.0/test/unit/coll.cpp:118:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t str_len = strlen(str);
data/tarantool-2.6.0/test/unit/crc32.c:44:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t crc = crc32_calc(0, str, strlen(str));
data/tarantool-2.6.0/test/unit/crc32.c:48:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	crc = crc32_calc(0, str, strlen(str));
data/tarantool-2.6.0/test/unit/crc32.c:51:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	crc = crc32_calc(0, str + 2, strlen(str) - 2);
data/tarantool-2.6.0/test/unit/crc32.c:55:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	crc = crc32_calc(0, str + 2, strlen(str) - 2);
data/tarantool-2.6.0/test/unit/crypto.c:63:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int plain_size = strlen(plain) + 1;
data/tarantool-2.6.0/test/unit/crypto.c:226:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int plain_size = strlen(plain);
data/tarantool-2.6.0/test/unit/csv.c:83:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	csv_parse_chunk(&csv, s, s + strlen(s));
data/tarantool-2.6.0/test/unit/csv.c:134:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	csv_parse_chunk(&csv, s, s + strlen(s));
data/tarantool-2.6.0/test/unit/csv.c:149:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	csv_parse_chunk(&csv, s1, s1 + strlen(s1));
data/tarantool-2.6.0/test/unit/csv.c:151:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	csv_parse_chunk(&csv, s2 + 2, s2 + strlen(s2));
data/tarantool-2.6.0/test/unit/csv.c:195:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int k =  linelen / strlen(s);
data/tarantool-2.6.0/test/unit/csv.c:197:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			memcpy(buf + bufn, s, strlen(s));
data/tarantool-2.6.0/test/unit/csv.c:198:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			bufn += strlen(s);
data/tarantool-2.6.0/test/unit/csv.c:213:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	       (int) (lines * (strlen(s) - 6) * (linelen / strlen(s))));
data/tarantool-2.6.0/test/unit/csv.c:213:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	       (int) (lines * (strlen(s) - 6) * (linelen / strlen(s))));
data/tarantool-2.6.0/test/unit/csv.c:215:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fail_unless(lines * (strlen(s) - 6) * (linelen / strlen(s))  == cnt.fieldsizes_cnt);
data/tarantool-2.6.0/test/unit/csv.c:215:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fail_unless(lines * (strlen(s) - 6) * (linelen / strlen(s))  == cnt.fieldsizes_cnt);
data/tarantool-2.6.0/test/unit/csv.c:245:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	csv_parse_chunk(&csv, rand_test, rand_test + strlen(rand_test));
data/tarantool-2.6.0/test/unit/csv.c:265:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			csv_feed(&it, buf, strlen(buf));
data/tarantool-2.6.0/test/unit/csv.c:266:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			buf += strlen(buf);
data/tarantool-2.6.0/test/unit/csv.c:295:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			csv_feed(&it, buf, strlen(buf));
data/tarantool-2.6.0/test/unit/csv.c:326:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			csv_feed(&it, buf, strlen(buf));
data/tarantool-2.6.0/test/unit/csv.c:353:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = csv_escape_field(&csv, fields[i], strlen(fields[i]), buf, sizeof(buf));
data/tarantool-2.6.0/test/unit/decimal.c:307:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const int len = strlen(expected);
data/tarantool-2.6.0/test/unit/json.c:11:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(value); \
data/tarantool-2.6.0/test/unit/json.c:22:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(value); \
data/tarantool-2.6.0/test/unit/json.c:238:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	node = test_add_path(&tree, path1, strlen(path1), records,
data/tarantool-2.6.0/test/unit/json.c:242:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	node = test_add_path(&tree, path2, strlen(path2), records,
data/tarantool-2.6.0/test/unit/json.c:246:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	node = test_add_path(&tree, path3, strlen(path3), records,
data/tarantool-2.6.0/test/unit/json.c:250:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	node = test_add_path(&tree, path4, strlen(path4), records,
data/tarantool-2.6.0/test/unit/json.c:254:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	node = test_add_path(&tree, path4_copy, strlen(path4_copy), records,
data/tarantool-2.6.0/test/unit/json.c:259:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   strlen(path1), INDEX_BASE,
data/tarantool-2.6.0/test/unit/json.c:264:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   strlen(path2), INDEX_BASE,
data/tarantool-2.6.0/test/unit/json.c:269:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   strlen(path_unregistered), INDEX_BASE,
data/tarantool-2.6.0/test/unit/json.c:372:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   strlen(path3), INDEX_BASE,
data/tarantool-2.6.0/test/unit/json.c:377:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   strlen(path4), INDEX_BASE,
data/tarantool-2.6.0/test/unit/json.c:382:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   strlen(path2), INDEX_BASE,
data/tarantool-2.6.0/test/unit/json.c:408:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	node = test_add_path(&tree, path2, strlen(path2), records, &records_idx);
data/tarantool-2.6.0/test/unit/json.c:413:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	node = test_add_path(&tree, path3, strlen(path3), records, &records_idx);
data/tarantool-2.6.0/test/unit/json.c:425:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	node = test_add_path(&tree, path1, strlen(path1), records, &records_idx);
data/tarantool-2.6.0/test/unit/json.c:437:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	node = test_add_path(&tree, path_multikey, strlen(path_multikey),
data/tarantool-2.6.0/test/unit/json.c:442:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   strlen(path_multikey), INDEX_BASE,
data/tarantool-2.6.0/test/unit/json.c:460:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	token->len = strlen("str");
data/tarantool-2.6.0/test/unit/json.c:478:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	uint32_t a_len = strlen(a);
data/tarantool-2.6.0/test/unit/json.c:491:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int rc = json_path_cmp(a, a_len, path, strlen(path),
data/tarantool-2.6.0/test/unit/json.c:500:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int ret = json_path_cmp(multikey_a, strlen(multikey_a), multikey_b,
data/tarantool-2.6.0/test/unit/json.c:501:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				strlen(multikey_b), INDEX_BASE);
data/tarantool-2.6.0/test/unit/json.c:506:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ret = json_path_validate(a, strlen(a), INDEX_BASE);
data/tarantool-2.6.0/test/unit/json.c:508:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ret = json_path_validate(invalid, strlen(invalid), INDEX_BASE);
data/tarantool-2.6.0/test/unit/json.c:526:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int path_len = strlen(path);
data/tarantool-2.6.0/test/unit/json.c:582:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						   strlen(test_cases[i].str),
data/tarantool-2.6.0/test/unit/light.cc:23:1:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
equal(hash_value_t v1, hash_value_t v2)
data/tarantool-2.6.0/test/unit/light.cc:38:32:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
#define LIGHT_EQUAL(a, b, arg) equal(a, b)
data/tarantool-2.6.0/test/unit/mp_error.cc:97:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return mp_encode_str(data, str, strlen(str));
data/tarantool-2.6.0/test/unit/mp_error.cc:482:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	is(len, (int) strlen(str), "%s depth %d correct returned value", method,
data/tarantool-2.6.0/test/unit/mp_error.cc:484:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int expected_len = strlen(expected);
data/tarantool-2.6.0/test/unit/popen-child.c:14:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		ssize_t nr = read(pfd, &dest[off], left);
data/tarantool-2.6.0/test/unit/popen-child.c:98:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ssize_t nr = (ssize_t)strlen(argv[2]) + 1;
data/tarantool-2.6.0/test/unit/popen.c:77:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				 (int)strlen(data),
data/tarantool-2.6.0/test/unit/popen.c:82:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				 (int)strlen(data),
data/tarantool-2.6.0/test/unit/popen.c:84:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ok(rc == (int)strlen(data), "write to pipe");
data/tarantool-2.6.0/test/unit/popen.c:85:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (rc != (int)strlen(data))
data/tarantool-2.6.0/test/unit/popen.c:243:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
		strncpy(popen_child_path, "./test/unit/popen-child", size);
data/tarantool-2.6.0/test/unit/rope_common.h:72:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	rope_insert(rope, offset, str, strlen(str));
data/tarantool-2.6.0/test/unit/rope_stress.c:17:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = strlen(d);
data/tarantool-2.6.0/test/unit/rope_stress.c:46:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int len = strlen(d);
data/tarantool-2.6.0/test/unit/scramble.c:22:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	SHA1Update(&ctx, (unsigned char *) password, strlen(password));
data/tarantool-2.6.0/test/unit/scramble.c:31:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	scramble_prepare(scramble, salt, password, strlen(password));
data/tarantool-2.6.0/test/unit/scramble.c:46:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	scramble_prepare(scramble, salt, password, strlen(password));
data/tarantool-2.6.0/test/unit/scramble.c:64:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fail_unless(strlen(buf) == SCRAMBLE_BASE64_SIZE);
data/tarantool-2.6.0/test/unit/swim.c:695:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int s0_payload_size = strlen(s0_payload) + 1;
data/tarantool-2.6.0/test/unit/swim.c:709:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s0_payload_size = strlen(s0_payload) + 1;
data/tarantool-2.6.0/test/unit/swim.c:724:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	s0_payload_size = strlen(s0_payload) + 1;
data/tarantool-2.6.0/test/unit/swim.c:988:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int p1_size = strlen(p1);
data/tarantool-2.6.0/test/unit/swim.c:995:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int p2_size = strlen(p2);
data/tarantool-2.6.0/test/unit/swim_errinj.c:54:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int s0_old_payload_size = strlen(s0_old_payload) + 1;
data/tarantool-2.6.0/test/unit/swim_errinj.c:73:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int s0_new_payload_size = strlen(s0_new_payload);
data/tarantool-2.6.0/test/unit/uri.c:18:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ok((key && uri.key && strlen(key) == uri.key ## _len && \
data/tarantool-2.6.0/third_party/c-ares/ares__read_line.c:51:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = offset + strlen(*buf + offset);
data/tarantool-2.6.0/third_party/c-ares/ares_android.c:333:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(dns_list[i], ch_server_address, 64);
data/tarantool-2.6.0/third_party/c-ares/ares_create_query.c:109:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(name) + 2 + HFIXEDSZ + QFIXEDSZ +
data/tarantool-2.6.0/third_party/c-ares/ares_expand_string.c:61:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy((char *)q, (char *)encoded, elen.uns);
data/tarantool-2.6.0/third_party/c-ares/ares_gethostbyaddr.c:287:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       sprintf(name+strlen(name),
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:339:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      name_len = strlen(name);
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:406:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  bufl = strlen(buf);
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:408:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(bufl + strlen(tmpbuf) < buflen)
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:419:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t s1_len = strlen(s1), s2_len = strlen(s2);
data/tarantool-2.6.0/third_party/c-ares/ares_getnameinfo.c:419:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t s1_len = strlen(s1), s2_len = strlen(s2);
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:127:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if((endptr != env) && (endptr == env + strlen(env)) && (num > 0))
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:300:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy((*dest)->local_dev_name, src->local_dev_name,
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:859:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  newsize = len + (*dst ? (strlen(*dst) + 2) : 1);
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:866:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(*dst) != 0)
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:867:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(*dst, ",");
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:868:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
  strncat(*dst, src, len);
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:878:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  commanjoin(dst, src, strlen(src));
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2342:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(opt);
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2386:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((len = strlen(opt)) == 0)
data/tarantool-2.6.0/third_party/c-ares/ares_init.c:2550:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(channel->local_dev_name, local_dev_name,
data/tarantool-2.6.0/third_party/c-ares/ares_options.c:267:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i = strlen(_csv);
data/tarantool-2.6.0/third_party/c-ares/ares_parse_ns_reply.c:126:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      nameservers[nameservers_num] = ares_malloc(strlen(rr_data)+1);
data/tarantool-2.6.0/third_party/c-ares/ares_parse_ptr_reply.c:128:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          rr_data_len = strlen(rr_data)+1;
data/tarantool-2.6.0/third_party/c-ares/ares_parse_ptr_reply.c:136:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
          strncpy(aliases[aliascnt], rr_data, rr_data_len);
data/tarantool-2.6.0/third_party/c-ares/ares_platform.c:11003:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      switch (strlen(proto)) {
data/tarantool-2.6.0/third_party/c-ares/ares_search.c:216:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t nlen = strlen(name);
data/tarantool-2.6.0/third_party/c-ares/ares_search.c:217:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t dlen = strlen(domain);
data/tarantool-2.6.0/third_party/c-ares/ares_search.c:235:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(name);
data/tarantool-2.6.0/third_party/c-ares/ares_strdup.c:35:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      sz = strlen(s1);
data/tarantool-2.6.0/third_party/c-ares/ares_strsplit.c:26:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(str);
data/tarantool-2.6.0/third_party/c-ares/ares_strsplit.c:90:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  in_len = strlen(in);
data/tarantool-2.6.0/third_party/c-ares/ares_strsplit.c:91:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  num_delims = strlen(delms);
data/tarantool-2.6.0/third_party/c-ares/inet_ntop.c:177:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      tp += strlen(tp);
data/tarantool-2.6.0/third_party/c-ares/setup_once.h:134:36:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define sread(x,y,z) (ares_ssize_t)read((RECV_TYPE_ARG1)(x), \
data/tarantool-2.6.0/third_party/c-ares/test/ares-fuzz.c:32:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  int count = read(fd, afl_buffer, kMaxAflInputSize);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-mock.cc:728:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  SetAllocSizeFail(strlen("1.2.3.4") + 1);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test-ns.cc:41:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(100000);
data/tarantool-2.6.0/third_party/c-ares/test/ares-test.h:369:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  buf_size = strlen(name) + strlen(value) + 1 /* = */ + 1 /* NULL */;
data/tarantool-2.6.0/third_party/c-ares/test/ares-test.h:369:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  buf_size = strlen(name) + strlen(value) + 1 /* = */ + 1 /* NULL */;
data/tarantool-2.6.0/third_party/c-ares/test/dns-dump.cc:25:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int len = read(fd, buffer, sizeof(buffer));
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:2308:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const int length = strlen(ansi);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:3273:34:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    num_chars = static_cast<int>(wcslen(str));
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:5046:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      segment = next_segment + strlen("]]>");
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:5211:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  result.reserve(strlen(str) + 1);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:6450:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t prefix_len = strlen(prefix);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:9148:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t full_regex_len = strlen(regex) + 10;
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:9402:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t len = strlen(regex);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:9614:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  else if (temp_dir[strlen(temp_dir) - 1] == '\\')
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:10131:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    PrintCharsAsStringTo(s, strlen(s), os);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gmock-gtest-all.cc:10148:34:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    PrintCharsAsStringTo(s, std::wcslen(s), os);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gtest/gtest.h:3632:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  return strncpy(dest, src, n);
data/tarantool-2.6.0/third_party/c-ares/test/gmock-1.8.0/gtest/gtest.h:3654:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  return static_cast<int>(read(fd, buf, count));
data/tarantool-2.6.0/third_party/curl/docs/examples/anyauthput.c:89:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  retcode = read(fd, ptr, (READ_3RD_ARG)(size * nmemb));
data/tarantool-2.6.0/third_party/curl/docs/examples/crawler.c:131:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(!link || strlen(link) < 20)
data/tarantool-2.6.0/third_party/curl/docs/examples/crawler.c:146:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return ctype != NULL && strlen(ctype) > 10 && strstr(ctype, "text/html");
data/tarantool-2.6.0/third_party/curl/docs/examples/curlx.c:452:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(hostporturl) + 9;
data/tarantool-2.6.0/third_party/curl/docs/examples/curlx.c:495:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  contenttype = malloc(15 + strlen(mimetype));
data/tarantool-2.6.0/third_party/curl/docs/examples/curlx.c:496:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  snprintf(contenttype, 15 + strlen(mimetype), "Content-type: %s", mimetype);
data/tarantool-2.6.0/third_party/curl/docs/examples/ephiperfifo.c:225:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  err = read(g->tfd, &count, sizeof(uint64_t));
data/tarantool-2.6.0/third_party/curl/docs/examples/ephiperfifo.c:400:10:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    rv = fscanf(g->input, "%1023s%n", s, &n);
data/tarantool-2.6.0/third_party/curl/docs/examples/evhiperfifo.c:379:10:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    rv = fscanf(g->input, "%1023s%n", s, &n);
data/tarantool-2.6.0/third_party/curl/docs/examples/fopen.c:485:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    fwrite(buffer, 1, strlen(buffer), outf);
data/tarantool-2.6.0/third_party/curl/docs/examples/ftpuploadfrommem.c:75:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  upload.sizeleft = strlen(data);
data/tarantool-2.6.0/third_party/curl/docs/examples/hiperfifo.c:371:10:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    rv = fscanf(g->input, "%1023s%n", s, &n);
data/tarantool-2.6.0/third_party/curl/docs/examples/imap-append.c:74:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(data);
data/tarantool-2.6.0/third_party/curl/docs/examples/imap-append.c:115:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      infilesize += (long)strlen(*p);
data/tarantool-2.6.0/third_party/curl/docs/examples/post-callback.c:72:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  wt.sizeleft = strlen(data);
data/tarantool-2.6.0/third_party/curl/docs/examples/postinmemory.c:86:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(postthis));
data/tarantool-2.6.0/third_party/curl/docs/examples/rtsp.c:53:8:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  ch = getchar();
data/tarantool-2.6.0/third_party/curl/docs/examples/rtsp.c:221:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *uri = malloc(strlen(url) + 32);
data/tarantool-2.6.0/third_party/curl/docs/examples/rtsp.c:222:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *sdp_filename = malloc(strlen(url) + 32);
data/tarantool-2.6.0/third_party/curl/docs/examples/rtsp.c:223:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *control = malloc(strlen(url) + 32);
data/tarantool-2.6.0/third_party/curl/docs/examples/rtsp.c:225:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    get_sdp_filename(url, sdp_filename, strlen(url) + 32);
data/tarantool-2.6.0/third_party/curl/docs/examples/rtsp.c:246:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf(uri, strlen(url) + 32, "%s", url);
data/tarantool-2.6.0/third_party/curl/docs/examples/rtsp.c:256:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf(uri, strlen(url) + 32, "%s/%s", url, control);
data/tarantool-2.6.0/third_party/curl/docs/examples/rtsp.c:260:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        snprintf(uri, strlen(url) + 32, "%s/", url);
data/tarantool-2.6.0/third_party/curl/docs/examples/sendrecv.c:64:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t request_len = strlen(request);
data/tarantool-2.6.0/third_party/curl/docs/examples/simplepost.c:44:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(postthis));
data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-authzid.c:82:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(data);
data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-mail.c:79:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(data);
data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-multi.c:76:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(data);
data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-ssl.c:76:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(data);
data/tarantool-2.6.0/third_party/curl/docs/examples/smtp-tls.c:76:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(data);
data/tarantool-2.6.0/third_party/curl/docs/examples/synctime.c:154:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(strlen((char *)(ptr)) > 50) /* Can prevent buffer overflow to
data/tarantool-2.6.0/third_party/curl/docs/examples/synctime.c:192:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(proxy_port) > 0)
data/tarantool-2.6.0/third_party/curl/docs/examples/synctime.c:195:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(proxy_user_password) > 0)
data/tarantool-2.6.0/third_party/curl/lib/base64.c:118:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  srclen = strlen(src);
data/tarantool-2.6.0/third_party/curl/lib/base64.c:195:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    insize = strlen(indata);
data/tarantool-2.6.0/third_party/curl/lib/base64.c:273:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  *outlen = strlen(base64data);
data/tarantool-2.6.0/third_party/curl/lib/conncache.c:191:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bundle = Curl_hash_pick(&connc->hash, key, strlen(key));
data/tarantool-2.6.0/third_party/curl/lib/conncache.c:201:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  void *p = Curl_hash_add(&connc->hash, key, strlen(key), bundle);
data/tarantool-2.6.0/third_party/curl/lib/connect.c:274:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(dev && (strlen(dev)<255) ) {
data/tarantool-2.6.0/third_party/curl/lib/connect.c:282:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strncmp(if_prefix, dev, strlen(if_prefix)) == 0) {
data/tarantool-2.6.0/third_party/curl/lib/connect.c:283:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      dev += strlen(if_prefix);
data/tarantool-2.6.0/third_party/curl/lib/connect.c:286:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if(strncmp(host_prefix, dev, strlen(host_prefix)) == 0) {
data/tarantool-2.6.0/third_party/curl/lib/connect.c:287:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      dev += strlen(host_prefix);
data/tarantool-2.6.0/third_party/curl/lib/connect.c:310:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    dev, (curl_socklen_t)strlen(dev) + 1) == 0) {
data/tarantool-2.6.0/third_party/curl/lib/content_encoding.c:770:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len += strlen(ce->name) + 2;
data/tarantool-2.6.0/third_party/curl/lib/content_encoding.c:783:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p += strlen(p);
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:123:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t cookie_domain_len = strlen(cooke_domain);
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:124:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t hostname_len = strlen(hostname);
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:181:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cookie_path_len = strlen(cookie_path);
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:195:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(0 == strlen(uri_path) || uri_path[0] != '/') {
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:211:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  uri_path_len = strlen(uri_path);
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:252:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(domain);
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:309:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(new_path);
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:468:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t linelength = strlen(lineptr);
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:493:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t len = strlen(what);
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:494:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nlen = strlen(name);
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:1002:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              cllen = strlen(clist->spath);
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:1191:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  l1 = c1->path ? strlen(c1->path) : 0;
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:1192:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  l2 = c2->path ? strlen(c2->path) : 0;
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:1198:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  l1 = c1->domain ? strlen(c1->domain) : 0;
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:1199:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  l2 = c2->domain ? strlen(c2->domain) : 0;
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:1205:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  l1 = c1->name ? strlen(c1->name) : 0;
data/tarantool-2.6.0/third_party/curl/lib/cookie.c:1206:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  l2 = c2->name ? strlen(c2->name) : 0;
data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.c:131:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t namelen = ai->ai_canonname ? strlen(ai->ai_canonname) + 1 : 0;
data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.c:280:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t namelen = strlen(he->h_name) + 1; /* include zero termination */
data/tarantool-2.6.0/third_party/curl/lib/curl_addrinfo.c:488:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  path_len = strlen(path) + 1;
data/tarantool-2.6.0/third_party/curl/lib/curl_get_line.c:40:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t rlen = strlen(b);
data/tarantool-2.6.0/third_party/curl/lib/curl_gethostname.c:69:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(name, force_hostname, namelen);
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:452:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = CURLMIN(strlen(password), 14);
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_core.c:541:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(password);
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_wb.c:264:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len_in = strlen(input), len_out = 0;
data/tarantool-2.6.0/third_party/curl/lib/curl_ntlm_wb.c:342:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  header += strlen("NTLM");
data/tarantool-2.6.0/third_party/curl/lib/curl_path.c:64:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t homelen = strlen(homedir);
data/tarantool-2.6.0/third_party/curl/lib/curl_path.c:132:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  fullPathLength = strlen(cp) + strlen(homedir) + 2;
data/tarantool-2.6.0/third_party/curl/lib/curl_path.c:132:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  fullPathLength = strlen(cp) + strlen(homedir) + 2;
data/tarantool-2.6.0/third_party/curl/lib/curl_path.c:142:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for(i = j = 0; i <= strlen(cp); i++) {
data/tarantool-2.6.0/third_party/curl/lib/curl_path.c:182:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pathLength = strlen(homedir);
data/tarantool-2.6.0/third_party/curl/lib/curl_sasl.c:396:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       strlen(mech) + len > sasl->params->maxirlen) {
data/tarantool-2.6.0/third_party/curl/lib/curl_setup_once.h:130:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define sread(x,y,z) (ssize_t)read((RECV_TYPE_ARG1)(x), \
data/tarantool-2.6.0/third_party/curl/lib/curl_sspi.c:180:39:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  identity->UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
data/tarantool-2.6.0/third_party/curl/lib/curl_sspi.c:189:3:  [1] (buffer) _tcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  _tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
data/tarantool-2.6.0/third_party/curl/lib/curl_sspi.c:207:43:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  identity->PasswordLength = curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
data/tarantool-2.6.0/third_party/curl/lib/doh.c:85:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t hostlen = strlen(host);
data/tarantool-2.6.0/third_party/curl/lib/doh.c:143:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      labellen = strlen(hostp);
data/tarantool-2.6.0/third_party/curl/lib/doh.c:766:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        l = strlen(ptr);
data/tarantool-2.6.0/third_party/curl/lib/doh.c:806:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t hostlen = strlen(hostname) + 1; /* include zero terminator */
data/tarantool-2.6.0/third_party/curl/lib/dotdot.c:55:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t inlen = strlen(input);
data/tarantool-2.6.0/third_party/curl/lib/dotdot.c:176:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    qlen = strlen(&input[oindex]);
data/tarantool-2.6.0/third_party/curl/lib/dynbuf.c:168:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t n = strlen(str);
data/tarantool-2.6.0/third_party/curl/lib/dynbuf.c:187:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CURLcode result = dyn_nappend(s, (unsigned char *)str, strlen(str));
data/tarantool-2.6.0/third_party/curl/lib/escape.c:91:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  length = (inlength?(size_t)inlength:strlen(string));
data/tarantool-2.6.0/third_party/curl/lib/escape.c:156:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  alloc = (length?length:strlen(string)) + 1;
data/tarantool-2.6.0/third_party/curl/lib/file.c:515:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    nread = read(fd, buf, bytestoread);
data/tarantool-2.6.0/third_party/curl/lib/formdata.c:83:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    post->namelength = (long)(name?(namelength?namelength:strlen(name)):0);
data/tarantool-2.6.0/third_party/curl/lib/formdata.c:608:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                   strlen(form->name) + 1);
data/tarantool-2.6.0/third_party/curl/lib/formdata.c:622:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          clen = strlen(form->value) + 1;
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:948:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     (strlen(data->set.str[STRING_FTPPORT]) > 1)) {
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:951:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t addrlen = INET6_ADDRSTRLEN > strlen(string_ftpport) ?
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:952:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      INET6_ADDRSTRLEN : strlen(string_ftpport);
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:954:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t addrlen = INET_ADDRSTRLEN > strlen(string_ftpport) ?
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:955:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      INET_ADDRSTRLEN : strlen(string_ftpport);
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:972:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(addr, ip_start, ip_end - ip_start);
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:994:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(addr, string_ftpport, ip_end - ip_start);
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:3217:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          pathLen -= ftpc->file?strlen(ftpc->file):0; /* file is url-decoded */
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:3966:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  write_len = strlen(cmd);
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:4151:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(ftpc->dirs[0], rawPath, dirlen);
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:4194:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(comp, curPos, compLen);
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:4230:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        n -= ftpc->file?strlen(ftpc->file):0;
data/tarantool-2.6.0/third_party/curl/lib/ftp.c:4232:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if((strlen(oldPath) == n) && !strncmp(rawPath, oldPath, n)) {
data/tarantool-2.6.0/third_party/curl/lib/gopher.c:106:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(gopherpath) <= 2) {
data/tarantool-2.6.0/third_party/curl/lib/gopher.c:108:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(sel);
data/tarantool-2.6.0/third_party/curl/lib/hostcheck.c:76:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(hostname);
data/tarantool-2.6.0/third_party/curl/lib/hostcheck.c:79:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(pattern);
data/tarantool-2.6.0/third_party/curl/lib/hostip.c:173:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(name);
data/tarantool-2.6.0/third_party/curl/lib/hostip.c:268:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  entry_len = strlen(entry_id);
data/tarantool-2.6.0/third_party/curl/lib/hostip.c:276:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    entry_len = strlen(entry_id);
data/tarantool-2.6.0/third_party/curl/lib/hostip.c:441:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  entry_len = strlen(entry_id);
data/tarantool-2.6.0/third_party/curl/lib/hostip.c:896:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      entry_len = strlen(entry_id);
data/tarantool-2.6.0/third_party/curl/lib/hostip.c:948:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          addr_end = addr_begin + strlen(addr_begin);
data/tarantool-2.6.0/third_party/curl/lib/hostip.c:1006:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      entry_len = strlen(entry_id);
data/tarantool-2.6.0/third_party/curl/lib/http.c:207:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t thislen = strlen(thisheader);
data/tarantool-2.6.0/third_party/curl/lib/http.c:315:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  result = Curl_base64_encode(data, out, strlen(out), &authorization, &size);
data/tarantool-2.6.0/third_party/curl/lib/http.c:1344:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t hlen = strlen(header);
data/tarantool-2.6.0/third_party/curl/lib/http.c:1372:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  clen = strlen(content); /* length of the word to find */
data/tarantool-2.6.0/third_party/curl/lib/http.c:2225:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memmove(cookiehost, cookiehost + 1, strlen(cookiehost) - 1);
data/tarantool-2.6.0/third_party/curl/lib/http.c:2345:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if(!*data->state.up.path && path[strlen(path) - 1] != '/') {
data/tarantool-2.6.0/third_party/curl/lib/http.c:3013:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t ch = CURLMIN(strlen(prefix), len);
data/tarantool-2.6.0/third_party/curl/lib/http.c:3036:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s) + 1)) {
data/tarantool-2.6.0/third_party/curl/lib/http.c:3076:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(CURLE_OK != Curl_convert_from_network(data, scratch, strlen(s) + 1)) {
data/tarantool-2.6.0/third_party/curl/lib/http.c:3567:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(&scratch[0], headp, SCRATCHSIZE);
data/tarantool-2.6.0/third_party/curl/lib/http.c:3745:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result = Curl_convert_from_network(data, headp, strlen(headp));
data/tarantool-2.6.0/third_party/curl/lib/http.c:3931:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      k->timeofdoc = Curl_getdate_capped(headp + strlen("Last-Modified:"));
data/tarantool-2.6.0/third_party/curl/lib/http.c:4010:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 &headp[ strlen("Alt-Svc:") ],
data/tarantool-2.6.0/third_party/curl/lib/http2.c:417:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(header);
data/tarantool-2.6.0/third_party/curl/lib/http2.c:1940:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nva[0].namelen = strlen((char *)nva[0].name);
data/tarantool-2.6.0/third_party/curl/lib/http2.c:1962:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nva[1].namelen = strlen((char *)nva[1].name);
data/tarantool-2.6.0/third_party/curl/lib/http2.c:1972:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nva[2].namelen = strlen((char *)nva[2].name);
data/tarantool-2.6.0/third_party/curl/lib/http2.c:1977:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nva[2].valuelen = strlen((char *)nva[2].value);
data/tarantool-2.6.0/third_party/curl/lib/http2.c:2010:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      nva[i].namelen = strlen((char *)nva[i].name);
data/tarantool-2.6.0/third_party/curl/lib/http_digest.c:64:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  header += strlen("Digest");
data/tarantool-2.6.0/third_party/curl/lib/http_negotiate.c:85:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  header += strlen("Negotiate");
data/tarantool-2.6.0/third_party/curl/lib/http_negotiate.c:89:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(header);
data/tarantool-2.6.0/third_party/curl/lib/http_ntlm.c:76:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    header += strlen("NTLM");
data/tarantool-2.6.0/third_party/curl/lib/http_proxy.c:517:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                  strlen("Content-Length:"), NULL, 10, &s->cl);
data/tarantool-2.6.0/third_party/curl/lib/idn_win32.c:96:21:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t in_len = wcslen(in_w) + 1;
data/tarantool-2.6.0/third_party/curl/lib/if2ip.c:201:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(interf);
data/tarantool-2.6.0/third_party/curl/lib/imap.c:209:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t cmd_len = strlen(cmd);
data/tarantool-2.6.0/third_party/curl/lib/imap.c:250:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t id_len = strlen(id);
data/tarantool-2.6.0/third_party/curl/lib/imap.c:348:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(buffer);
data/tarantool-2.6.0/third_party/curl/lib/imap.c:1029:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(line);
data/tarantool-2.6.0/third_party/curl/lib/imap.c:1439:3:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
  strcpy(imapc->resptag, "*");
data/tarantool-2.6.0/third_party/curl/lib/imap.c:1809:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  newlen = strlen(str) + backsp_count + quote_count + (escape_only ? 0 : 2);
data/tarantool-2.6.0/third_party/curl/lib/inet_ntop.c:64:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(tmp);
data/tarantool-2.6.0/third_party/curl/lib/inet_ntop.c:148:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      tp += strlen(tp);
data/tarantool-2.6.0/third_party/curl/lib/krb5.c:202:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    input_buffer.length = strlen(stringp);
data/tarantool-2.6.0/third_party/curl/lib/ldap.c:531:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      name_len = strlen(name);
data/tarantool-2.6.0/third_party/curl/lib/ldap.c:591:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      attr_len = strlen(attr);
data/tarantool-2.6.0/third_party/curl/lib/memdebug.c:227:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(str) + 1;
data/tarantool-2.6.0/third_party/curl/lib/memdebug.c:251:10:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  wsiz = wcslen(str) + 1;
data/tarantool-2.6.0/third_party/curl/lib/mime.c:321:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(hdr);
data/tarantool-2.6.0/third_party/curl/lib/mime.c:756:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t tsz = strlen(trail);
data/tarantool-2.6.0/third_party/curl/lib/mime.c:934:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            hdr->data, strlen(hdr->data), "\r\n");
data/tarantool-2.6.0/third_party/curl/lib/mime.c:1037:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          strlen(mime->boundary), part? "\r\n": "--\r\n");
data/tarantool-2.6.0/third_party/curl/lib/mime.c:1412:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      datasize = strlen(data);
data/tarantool-2.6.0/third_party/curl/lib/mime.c:1655:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t skiplen = skip? strlen(skip): 0;
data/tarantool-2.6.0/third_party/curl/lib/mime.c:1659:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size += strlen(s->data) + overhead;
data/tarantool-2.6.0/third_party/curl/lib/mime.c:1673:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  boundarysize = 4 + strlen(mime->boundary) + 2;
data/tarantool-2.6.0/third_party/curl/lib/mime.c:1767:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len1 = strlen(filename);
data/tarantool-2.6.0/third_party/curl/lib/mime.c:1772:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t len2 = strlen(ctts[i].extension);
data/tarantool-2.6.0/third_party/curl/lib/mime.c:1783:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(target);
data/tarantool-2.6.0/third_party/curl/lib/mprintf.c:824:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          len = strlen(str);
data/tarantool-2.6.0/third_party/curl/lib/mprintf.c:882:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t left = sizeof(formatbuf)-strlen(formatbuf);
data/tarantool-2.6.0/third_party/curl/lib/mprintf.c:947:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        DEBUGASSERT(strlen(work) <= sizeof(work));
data/tarantool-2.6.0/third_party/curl/lib/mqtt.c:145:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t curl_len = strlen("curl");
data/tarantool-2.6.0/third_party/curl/lib/mqtt.c:213:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(path) > 1) {
data/tarantool-2.6.0/third_party/curl/lib/openldap.c:294:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      passwd.bv_len = strlen(passwd.bv_val);
data/tarantool-2.6.0/third_party/curl/lib/parsedate.c:360:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(buf);
data/tarantool-2.6.0/third_party/curl/lib/pingpong.c:197:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  write_len = strlen(s);
data/tarantool-2.6.0/third_party/curl/lib/pop3.c:246:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(buffer);
data/tarantool-2.6.0/third_party/curl/lib/pop3.c:433:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  curlx_uztoui(strlen(pop3c->apoptimestamp)));
data/tarantool-2.6.0/third_party/curl/lib/pop3.c:436:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  curlx_uztoui(strlen(conn->passwd)));
data/tarantool-2.6.0/third_party/curl/lib/pop3.c:610:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(line);
data/tarantool-2.6.0/third_party/curl/lib/pop3.c:669:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(line);
data/tarantool-2.6.0/third_party/curl/lib/rand.c:51:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t elen = strlen(force_entropy);
data/tarantool-2.6.0/third_party/curl/lib/rand.c:80:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ssize_t nread = read(fd, &randseed, sizeof(randseed));
data/tarantool-2.6.0/third_party/curl/lib/rtsp.c:507:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (data->set.postfields? (curl_off_t)strlen(data->set.postfields):0);
data/tarantool-2.6.0/third_party/curl/lib/rtsp.c:790:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strlen(data->set.str[STRING_RTSP_SESSION_ID]))  != 0) {
data/tarantool-2.6.0/third_party/curl/lib/sendf.c:247:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(fmt);
data/tarantool-2.6.0/third_party/curl/lib/sendf.c:254:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(print_buffer);
data/tarantool-2.6.0/third_party/curl/lib/sendf.c:271:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(error);
data/tarantool-2.6.0/third_party/curl/lib/sendf.c:304:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  write_len = strlen(s);
data/tarantool-2.6.0/third_party/curl/lib/sendf.c:646:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(ptr);
data/tarantool-2.6.0/third_party/curl/lib/setopt.c:65:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t len = strlen(str);
data/tarantool-2.6.0/third_party/curl/lib/setopt.c:120:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result = Curl_parse_login_details(option, strlen(option),
data/tarantool-2.6.0/third_party/curl/lib/setopt.c:2671:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       strncasecompare(argptr, "SRP", strlen("SRP")))
data/tarantool-2.6.0/third_party/curl/lib/setopt.c:2680:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       strncasecompare(argptr, "SRP", strlen("SRP")))
data/tarantool-2.6.0/third_party/curl/lib/smb.c:128:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  p += strlen(str);
data/tarantool-2.6.0/third_party/curl/lib/smb.c:133:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  p += strlen(str) + 1;
data/tarantool-2.6.0/third_party/curl/lib/smb.c:440:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  byte_count += strlen(smbc->user) + strlen(smbc->domain);
data/tarantool-2.6.0/third_party/curl/lib/smb.c:440:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  byte_count += strlen(smbc->user) + strlen(smbc->domain);
data/tarantool-2.6.0/third_party/curl/lib/smb.c:441:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  byte_count += strlen(OS) + strlen(CLIENTNAME) + 4; /* 4 null chars */
data/tarantool-2.6.0/third_party/curl/lib/smb.c:441:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  byte_count += strlen(OS) + strlen(CLIENTNAME) + 4; /* 4 null chars */
data/tarantool-2.6.0/third_party/curl/lib/smb.c:485:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t byte_count = strlen(conn->host.name) + strlen(smbc->share);
data/tarantool-2.6.0/third_party/curl/lib/smb.c:485:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t byte_count = strlen(conn->host.name) + strlen(smbc->share);
data/tarantool-2.6.0/third_party/curl/lib/smb.c:486:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  byte_count += strlen(SERVICENAME) + 5; /* 2 nulls and 3 backslashes */
data/tarantool-2.6.0/third_party/curl/lib/smb.c:512:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if((strlen(req->path) + 1) > sizeof(msg.bytes))
data/tarantool-2.6.0/third_party/curl/lib/smb.c:518:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  byte_count = strlen(req->path);
data/tarantool-2.6.0/third_party/curl/lib/smtp.c:244:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(buffer);
data/tarantool-2.6.0/third_party/curl/lib/smtp.c:842:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(line);
data/tarantool-2.6.0/third_party/curl/lib/smtp.c:994:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(line);
data/tarantool-2.6.0/third_party/curl/lib/smtp.c:1762:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  length = strlen(dup);
data/tarantool-2.6.0/third_party/curl/lib/socketpair.c:103:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  dlen = strlen(data[0]);
data/tarantool-2.6.0/third_party/curl/lib/socks.c:317:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t plen = strlen(proxy_user);
data/tarantool-2.6.0/third_party/curl/lib/socks.c:331:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen((char *)socksreq + 8); /* size including NUL */
data/tarantool-2.6.0/third_party/curl/lib/socks.c:341:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        hostnamelen = (ssize_t)strlen(hostname) + 1; /* length including NUL */
data/tarantool-2.6.0/third_party/curl/lib/socks.c:515:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t hostname_len = strlen(hostname);
data/tarantool-2.6.0/third_party/curl/lib/socks.c:664:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      proxy_user_len = strlen(proxy_user);
data/tarantool-2.6.0/third_party/curl/lib/socks.c:665:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      proxy_password_len = strlen(proxy_password);
data/tarantool-2.6.0/third_party/curl/lib/socks.c:800:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    destlen = strlen(dest);
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:126:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t serviceptr_length = strlen(serviceptr);
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:149:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen(conn->socks_proxy.host.name) + 2);
data/tarantool-2.6.0/third_party/curl/lib/socks_gssapi.c:153:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strlen(conn->socks_proxy.host.name) + 1;
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:90:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t service_length = strlen(service);
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:108:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          strlen(conn->socks_proxy.host.name) + 2);
data/tarantool-2.6.0/third_party/curl/lib/socks_sspi.c:112:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(conn->socks_proxy.host.name) + 2, "%s/%s",
data/tarantool-2.6.0/third_party/curl/lib/strcase.h:46:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define checkprefix(a,b)    curl_strnequal(a,b,strlen(a))
data/tarantool-2.6.0/third_party/curl/lib/strdup.c:42:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(str);
data/tarantool-2.6.0/third_party/curl/lib/strerror.c:639:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buf, p, len);
data/tarantool-2.6.0/third_party/curl/lib/strerror.c:737:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(buf, strerror(err), max);
data/tarantool-2.6.0/third_party/curl/lib/strerror.c:770:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(buf, msg, max);
data/tarantool-2.6.0/third_party/curl/lib/strerror.c:782:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(buf, buffer, max);
data/tarantool-2.6.0/third_party/curl/lib/strerror.c:790:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(buf, msg, max);
data/tarantool-2.6.0/third_party/curl/lib/strerror.c:843:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(buf, txt, buflen);
data/tarantool-2.6.0/third_party/curl/lib/strerror.c:985:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(buf, txtbuf, buflen);
data/tarantool-2.6.0/third_party/curl/lib/strerror.c:995:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buf, txt, buflen);
data/tarantool-2.6.0/third_party/curl/lib/system_win32.c:408:28:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t filenamelen = _tcslen(filename);
data/tarantool-2.6.0/third_party/curl/lib/system_win32.c:412:24:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        _tcscpy(path + _tcslen(path), TEXT("\\"));
data/tarantool-2.6.0/third_party/curl/lib/system_win32.c:413:24:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        _tcscpy(path + _tcslen(path), filename);
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:844:8:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if(sscanf(head->data, "%127[^= ]%*[ =]%255s",
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:849:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(tn->subopt_ttype, option_arg, 31);
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:857:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(tn->subopt_xdisploc, option_arg, 127);
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:937:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(tn->subopt_ttype) + 4 + 2;
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:949:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(tn->subopt_xdisploc) + 4 + 2;
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:967:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t tmplen = (strlen(v->data) + 1);
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:970:14:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
          if(sscanf(v->data, "%127[^,],%127s", varname, varval)) {
data/tarantool-2.6.0/third_party/curl/lib/telnet.c:1649:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          nread = read(pfd[1].fd, buf, data->set.buffer_size);
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:328:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  *value = &buf[strlen(*option) + 1];
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:409:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(( strlen(option) + *csize + 1) > (size_t)state->blksize)
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:412:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  *csize += strlen(option) + 1;
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:494:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(filename) > (state->blksize - strlen(mode) - 4)) {
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:494:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(filename) > (state->blksize - strlen(mode) - 4)) {
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:503:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sbytes = 4 + strlen(filename) + strlen(mode);
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:503:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sbytes = 4 + strlen(filename) + strlen(mode);
data/tarantool-2.6.0/third_party/curl/lib/tftp.c:513:9:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
        strcpy(buf, "0"); /* the destination is large enough */
data/tarantool-2.6.0/third_party/curl/lib/transfer.c:99:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t thislen = strlen(thisheader);
data/tarantool-2.6.0/third_party/curl/lib/transfer.c:342:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(endofline_network));
data/tarantool-2.6.0/third_party/curl/lib/transfer.c:389:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      nread += strlen(endofline_network); /* for the added end of line */
data/tarantool-2.6.0/third_party/curl/lib/transfer.c:1479:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      data->state.infilesize = (curl_off_t)strlen(data->set.postfields);
data/tarantool-2.6.0/third_party/curl/lib/url.c:1483:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(host->name);
data/tarantool-2.6.0/third_party/curl/lib/url.c:1969:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hlen = strlen(hostname);
data/tarantool-2.6.0/third_party/curl/lib/url.c:2097:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    no_proxy_len = strlen(no_proxy);
data/tarantool-2.6.0/third_party/curl/lib/url.c:2107:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      namelen = strlen(name);
data/tarantool-2.6.0/third_party/curl/lib/url.c:2360:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(host);
data/tarantool-2.6.0/third_party/curl/lib/url.c:2608:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t llen = strlen(login);
data/tarantool-2.6.0/third_party/curl/lib/url.c:2989:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hostname_to_match_len = strlen(hostname_to_match);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:119:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sep = url + strlen(url);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:122:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    query = url + strlen(url);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:396:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  urllen = strlen(url_clone);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:589:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t n = strlen(part);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:602:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t hlen = strlen(hostname);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:686:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  urllen = strlen(url);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:700:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    schemelen = strlen(schemebuf);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:766:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      memmove(path, &path[1], strlen(&path[1]) + 1);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:826:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(p);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:842:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *newp = malloc(strlen(path) * 3);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:911:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(0 == strlen(hostname) && (flags & CURLU_NO_AUTHORITY)) {
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:1135:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t hostlen = strlen(u->host);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:1136:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t alen = hostlen + 3 + strlen(u->zoneid) + 1;
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:1266:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(part) > MAX_SCHEME_LEN)
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:1383:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t nalloc = strlen(part);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:1452:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t querylen = u->query ? strlen(u->query) : 0;
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:1455:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t newplen = strlen(newp);
data/tarantool-2.6.0/third_party/curl/lib/urlapi.c:1473:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(0 == strlen(newp) && (flags & CURLU_NO_AUTHORITY)) {
data/tarantool-2.6.0/third_party/curl/lib/vauth/cleartext.c:79:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  zlen = (authzid == NULL ? 0 : strlen(authzid));
data/tarantool-2.6.0/third_party/curl/lib/vauth/cleartext.c:80:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  clen = strlen(authcid);
data/tarantool-2.6.0/third_party/curl/lib/vauth/cleartext.c:81:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  plen = strlen(passwd);
data/tarantool-2.6.0/third_party/curl/lib/vauth/cleartext.c:128:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t vlen = strlen(valuep);
data/tarantool-2.6.0/third_party/curl/lib/vauth/cram.c:61:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t chlg64len = strlen(chlg64);
data/tarantool-2.6.0/third_party/curl/lib/vauth/cram.c:104:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    chlglen = strlen(chlg);
data/tarantool-2.6.0/third_party/curl/lib/vauth/cram.c:109:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        curlx_uztoui(strlen(passwdp)));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:65:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  result = Curl_convert_to_network(a, b, strlen(b)); \
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:206:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  find_pos += strlen(key);
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:276:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t chlg64len = strlen(chlg64);
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:300:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(realm, "");
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:412:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  curlx_uztoui(strlen(userp)));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:415:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  curlx_uztoui(strlen(realm)));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:418:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  curlx_uztoui(strlen(passwdp)));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:428:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  curlx_uztoui(strlen(nonce)));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:431:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  curlx_uztoui(strlen(cnonce)));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:452:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  curlx_uztoui(strlen(method)));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:455:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  curlx_uztoui(strlen(spn)));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:472:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  curlx_uztoui(strlen(nonce)));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:476:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  curlx_uztoui(strlen(nonceCount)));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:479:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  curlx_uztoui(strlen(cnonce)));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:482:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  curlx_uztoui(strlen(qop)));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:717:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf),
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:731:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:753:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:766:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hash(hashbuf, (unsigned char *) tmp, strlen(tmp));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:805:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:821:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  hash(hashbuf, (unsigned char *) hashthis, strlen(hashthis));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest.c:914:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  *outlen = strlen(response);
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest_sspi.c:118:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(chlg64) && *chlg64 != '=') {
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest_sspi.c:304:49:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          identity->DomainLength = curlx_uztoul(_tcslen(dup_domain.tchar_ptr));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest_sspi.c:345:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t chlglen = strlen(chlg);
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest_sspi.c:475:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    chlg_buf[1].cbBuffer   = curlx_uztoul(strlen((const char *) request));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest_sspi.c:478:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    chlg_buf[2].cbBuffer   = curlx_uztoul(strlen((const char *) uripath));
data/tarantool-2.6.0/third_party/curl/lib/vauth/digest_sspi.c:573:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    chlg_buf[1].cbBuffer   = curlx_uztoul(strlen((const char *) request));
data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_gssapi.c:113:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    spn_token.length = strlen(spn);
data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_gssapi.c:232:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(chlg64) && *chlg64 != '=') {
data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_sspi.c:302:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(chlg64) && *chlg64 != '=') {
data/tarantool-2.6.0/third_party/curl/lib/vauth/krb5_sspi.c:407:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  messagelen = sizeof(outdata) + strlen(user_name) + 1;
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:289:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(type2msg) && *type2msg != '=') {
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:554:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  userlen = strlen(user);
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm.c:563:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hostlen = strlen(host);
data/tarantool-2.6.0/third_party/curl/lib/vauth/ntlm_sspi.c:215:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(type2msg) && *type2msg != '=') {
data/tarantool-2.6.0/third_party/curl/lib/vauth/oauth2.c:82:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  result = Curl_base64_encode(data, oauth, strlen(oauth), outptr, outlen);
data/tarantool-2.6.0/third_party/curl/lib/vauth/oauth2.c:119:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  result = Curl_base64_encode(data, xoauth, strlen(xoauth), outptr, outlen);
data/tarantool-2.6.0/third_party/curl/lib/vauth/spnego_gssapi.c:112:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    spn_token.length = strlen(spn);
data/tarantool-2.6.0/third_party/curl/lib/vauth/vauth.c:136:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    valid = (p != NULL && p > user && p < user + strlen(user) - 1 ? TRUE :
data/tarantool-2.6.0/third_party/curl/lib/version.c:137:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(out, debugversion, sizeof(out)-1);
data/tarantool-2.6.0/third_party/curl/lib/version.c:216:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t n = strlen(src[j]);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:546:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  gnutls_server_name_set(qs->ssl, GNUTLS_NAME_DNS, hostname, strlen(hostname));
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1460:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nva[0].namelen = strlen((char *)nva[0].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1478:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nva[1].namelen = strlen((char *)nva[1].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1484:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nva[2].namelen = strlen((char *)nva[2].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1489:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nva[2].valuelen = strlen((char *)nva[2].value);
data/tarantool-2.6.0/third_party/curl/lib/vquic/ngtcp2.c:1519:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      nva[i].namelen = strlen((char *)nva[i].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:436:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  olen = strlen(headers->dest);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:642:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nva[0].name_len = strlen((char *)nva[0].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:659:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nva[1].name_len = strlen((char *)nva[1].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:664:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nva[2].name_len = strlen((char *)nva[2].name);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:669:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nva[2].value_len = strlen((char *)nva[2].value);
data/tarantool-2.6.0/third_party/curl/lib/vquic/quiche.c:698:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      nva[i].name_len = strlen((char *)nva[i].name);
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c:396:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      knownkey.len = strlen(known_base64);
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c:466:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    foundkey.len = strlen(found_base64);
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c:1151:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result = Curl_client_write(conn, CLIENTWRITE_HEADER, tmp, strlen(tmp));
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c:1190:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(protop->path[strlen(protop->path)-1] == '/')
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c:1243:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             (strlen(protop->path) > 1))) {
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c:1335:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(strlen(protop->path) > 1) {
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c:1409:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sshc->readdir_len = strlen(sshc->readdir_filename);
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c:1440:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          sshc->readdir_currLen = strlen(sshc->readdir_longentry);
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c:1501:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          sshc->readdir_len = strlen(sshc->readdir_tmp);
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c:1506:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sshc->readdir_len = strlen(sshc->readdir_link_attrs->name);
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c:2641:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      Curl_debug(data, CURLINFO_HEADER_IN, tmp, strlen(tmp));
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh.c:2646:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result = Curl_client_write(conn, CLIENTWRITE_HEADER, tmp, strlen(tmp));
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:97:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  libssh2_sftp_symlink_ex((s), (p), curlx_uztoui(strlen(p)),    \
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:207:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    responses[0].length = curlx_uztoui(strlen(conn->passwd));
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:629:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(pubkey_md5 && strlen(pubkey_md5) == 32) {
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:705:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              kh_name_size = strlen(store->name) - 1 - strlen(kh_name_end);
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:705:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              kh_name_size = strlen(store->name) - 1 - strlen(kh_name_end);
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:866:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                             curlx_uztoui(strlen(conn->user)));
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:985:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                    strlen(conn->user)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1023:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        curlx_uztoui(strlen(conn->user)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1025:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        curlx_uztoui(strlen(conn->passwd)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1164:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                      strlen(conn->user)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1338:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          Curl_debug(data, CURLINFO_HEADER_IN, tmp, strlen(tmp));
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1343:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result = Curl_client_write(conn, CLIENTWRITE_HEADER, tmp, strlen(tmp));
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1527:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                  curlx_uztoui(strlen(sshc->quote_path2)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1598:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                curlx_uztoui(strlen(sshc->quote_path2)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1620:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                   curlx_uztoui(strlen(sshc->quote_path1)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1622:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                   curlx_uztoui(strlen(sshc->quote_path2)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1643:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 curlx_uztoui(strlen(sshc->quote_path1)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1663:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                  curlx_uztoui(strlen(sshc->quote_path1)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1665:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                  curlx_uztoui(strlen(sshc->quote_path2)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1689:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 curlx_uztoui(strlen(sshc->quote_path1)));
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1708:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                  curlx_uztoui(strlen(sshc->quote_path1)));
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1729:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                curlx_uztoui(strlen(sshc->quote_path1)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1766:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result = Curl_client_write(conn, CLIENTWRITE_HEADER, tmp, strlen(tmp));
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1794:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                curlx_uztoui(strlen(sftp_scp->path)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1811:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/')
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1832:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    curlx_uztoui(strlen(sftp_scp->path)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1863:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             curlx_uztoui(strlen(sftp_scp->path)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:1892:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            (strlen(sftp_scp->path) > 1))) {
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:2002:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(strlen(sftp_scp->path) > 1) {
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:2026:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 curlx_uztoui(strlen(sftp_scp->path)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:2067:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                 strlen(sftp_scp->path)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:2255:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             curlx_uztoui(strlen(sftp_scp->path)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/libssh2.c:2280:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                curlx_uztoui(strlen(sftp_scp->path)),
data/tarantool-2.6.0/third_party/curl/lib/vssh/wolfssh.c:345:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    authdata->sf.password.passwordSz = (word32) strlen(conn->passwd);
data/tarantool-2.6.0/third_party/curl/lib/vssh/wolfssh.c:548:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(sftp_scp->path[strlen(sftp_scp->path)-1] == '/')
data/tarantool-2.6.0/third_party/curl/lib/vssh/wolfssh.c:861:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                     line, strlen(line));
data/tarantool-2.6.0/third_party/curl/lib/vtls/gskit.c:332:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  l = strlen(cipherlist) + 1;
data/tarantool-2.6.0/third_party/curl/lib/vtls/gskit.c:368:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          ciphers[i].ptr += strlen(ctp->gsktoken);
data/tarantool-2.6.0/third_party/curl/lib/vtls/gskit.c:575:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    n = read(BACKEND->remotefd, buf, sizeof(buf));
data/tarantool-2.6.0/third_party/curl/lib/vtls/gskit.c:1205:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    nread = read(conn->sock[sockindex], buf, sizeof(buf));
data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.c:544:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen(hostname)) < 0))
data/tarantool-2.6.0/third_party/curl/lib/vtls/gtls.c:590:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(prioritylist);
data/tarantool-2.6.0/third_party/curl/lib/vtls/keylog.c:96:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  linelen = strlen(line);
data/tarantool-2.6.0/third_party/curl/lib/vtls/keylog.c:128:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  pos = strlen(label);
data/tarantool-2.6.0/third_party/curl/lib/vtls/mesalink.c:103:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t hostname_len = strlen(hostname);
data/tarantool-2.6.0/third_party/curl/lib/vtls/nss.c:475:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (CK_ULONG)strlen(filename) + 1);
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:339:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(buf, (error ? "Unknown error" : "No error"), size);
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:377:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int klen = curlx_uztosi(strlen((char *)global_passwd));
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:1504:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                strlen(match_pattern2)) == CURLE_OK) {
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:1641:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if((altlen == strlen(altptr)) &&
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:1718:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(peer_CN && (curlx_uztosi(strlen((char *)peer_CN)) != j)) {
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:1732:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                           strlen((char *)peer_CN));
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:4144:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
          strncpy(error_buffer, SSL_ERROR_to_str(err), sizeof(error_buffer));
data/tarantool-2.6.0/third_party/curl/lib/vtls/openssl.c:4234:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
          strncpy(error_buffer, SSL_ERROR_to_str(err), sizeof(error_buffer));
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:209:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    min(strlen(name), LONGEST_ALG_ID - 1);
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:210:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(tmp, name, n);
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:398:6:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(_tcslen(*thumbprint) != CERT_THUMBPRINT_STR_LEN)
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel.c:678:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          pwd_len = strlen(data->set.ssl.key_passwd);
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c:186:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  END_CERT_LEN = strlen(END_CERT);
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c:192:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(!begin_cert_ptr || !is_cr_or_lf(begin_cert_ptr[strlen(BEGIN_CERT)])) {
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c:397:22:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    current_length = wcslen(entry->pwszDNSName) + 1;
data/tarantool-2.6.0/third_party/curl/lib/vtls/schannel_verify.c:503:29:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cert_hostname_len = _tcslen(
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:213:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    rrtn = read(sock, currData, bytesToGo);
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:1010:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  attr.length = (UInt32)strlen(label);
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:1155:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                              strlen(cPath), false);
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:1650:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen(SSL_SET_OPTION(cert_type))) != 0)
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:1793:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen(hostname));
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:1967:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ssl_sessionid_len = strlen(ssl_sessionid);
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:2073:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    n = read(fd, buf, sizeof(buf));
data/tarantool-2.6.0/third_party/curl/lib/vtls/sectransp.c:3025:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    nread = read(conn->sock[sockindex], buf, sizeof(buf));
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c:763:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t labellen = strlen(label);
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c:799:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t valuelen = strlen(value);
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c:920:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pinkeylen = strlen(pinnedpubkey) + 1;
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c:939:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(encodedlen == strlen(begin_pos + 8) &&
data/tarantool-2.6.0/third_party/curl/lib/vtls/vtls.c:1336:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(buffer, backends, size - 1);
data/tarantool-2.6.0/third_party/curl/lib/vtls/wolfssl.c:425:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t hostname_len = strlen(hostname);
data/tarantool-2.6.0/third_party/curl/lib/vtls/wolfssl.c:477:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strcpy(protocols + strlen(protocols), NGHTTP2_PROTO_VERSION_ID ",");
data/tarantool-2.6.0/third_party/curl/lib/vtls/wolfssl.c:482:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1);
data/tarantool-2.6.0/third_party/curl/lib/vtls/wolfssl.c:486:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       (unsigned)strlen(protocols),
data/tarantool-2.6.0/third_party/curl/lib/warnless.c:448:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  return (ssize_t)read(fd, buf, curlx_uztoui(count));
data/tarantool-2.6.0/third_party/curl/lib/warnless.h:77:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#  undef  read
data/tarantool-2.6.0/third_party/curl/lib/warnless.h:78:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#  define read(fd, buf, count)  curlx_read(fd, buf, count)
data/tarantool-2.6.0/third_party/curl/lib/x509asn1.c:1208:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if(len > 0 && (size_t)len == strlen(dnsname))
data/tarantool-2.6.0/third_party/curl/lib/x509asn1.c:1266:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(dnsname) != (size_t) len)         /* Nul byte in string ? */
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:130:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    lslen = slen >= 0? slen: strlen(s) + 1;
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:175:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  dlen = (size_t) (slen < 0? strlen(s): slen) + 1;
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:254:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i = strlen(aversion) + 1;
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:327:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *outlength = strlen(s);
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:437:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      n += strlen(p->protocols[nproto++]);
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:443:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n += strlen(p->version) + 1;
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:446:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n += strlen(p->host) + 1;
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:449:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n += strlen(p->ssl_version) + 1;
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:452:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n += strlen(p->libz_version) + 1;
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:455:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n += strlen(p->ares) + 1;
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:458:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n += strlen(p->libidn) + 1;
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:461:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n += strlen(p->libssh_version) + 1;
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:533:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i = MAX_CONV_EXPANSION * (strlen(s) + 1);
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:559:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i = MAX_CONV_EXPANSION * (strlen(s) + 1);
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:585:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i = MAX_CONV_EXPANSION * (strlen(s) + 1);
data/tarantool-2.6.0/third_party/curl/packages/OS400/ccsidcurl.c:766:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    l = strlen(forms[formx].value) + 1;
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:252:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i = strlen(s) + 1;
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:296:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nodenamelen - 1, strlen(enodename));
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:302:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        servnamelen - 1, strlen(eservname));
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:328:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(nodename);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:339:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(servname);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:533:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bufSize = strlen(buffer);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:950:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i = strlen(host);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:976:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(dn);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:987:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(passwd);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:1024:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(base);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:1036:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(filter);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:1056:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        i = strlen(attrs[j]);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:1098:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int i = strlen(attr);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:1142:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i = strlen(cp);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:1175:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i = strlen(cp);
data/tarantool-2.6.0/third_party/curl/packages/OS400/os400sys.c:1208:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i = strlen(cp);
data/tarantool-2.6.0/third_party/curl/packages/vms/curl_crtl_init.c:124:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    name_dsc.dsc$w_length = strlen(logname);
data/tarantool-2.6.0/third_party/curl/packages/vms/curl_crtl_init.c:153:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    proc_table_dsc.dsc$w_length = strlen(proc_table);
data/tarantool-2.6.0/third_party/curl/packages/vms/curl_crtl_init.c:158:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    logname_dsc.dsc$w_length = strlen(logname);
data/tarantool-2.6.0/third_party/curl/packages/vms/curl_crtl_init.c:162:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    item_list[0].buflen = strlen(value);
data/tarantool-2.6.0/third_party/curl/packages/vms/report_openssl_version.c:84:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      symbol_dsc.dsc$w_length = strlen(argv[2]);
data/tarantool-2.6.0/third_party/curl/packages/vms/report_openssl_version.c:89:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      value_dsc.dsc$w_length = strlen(version);
data/tarantool-2.6.0/third_party/curl/src/tool_cb_hdr.c:295:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memmove(copy, p, strlen(p) + 1);
data/tarantool-2.6.0/third_party/curl/src/tool_cb_prg.c:228:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 20) &&
data/tarantool-2.6.0/third_party/curl/src/tool_cb_rea.c:43:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  rc = read(in->fd, buffer, sz*nmemb);
data/tarantool-2.6.0/third_party/curl/src/tool_dirhie.c:111:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  outlen = strlen(outfile);
data/tarantool-2.6.0/third_party/curl/src/tool_dirhie.c:133:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t dlen = strlen(dirbuildup);
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:140:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(file_name);
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:153:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(target, file_name, len);
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:207:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(target);
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:221:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(target);
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:266:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(path);
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:331:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(file_name) > PATH_MAX-1 &&
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:481:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(file_name);
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:485:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(*sanitized, file_name, len + 1);
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:490:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(file_name) > PATH_MAX-1 &&
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:495:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(fname, file_name, PATH_MAX-1);
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:538:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p_len = strlen(p);
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:541:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(fname) == PATH_MAX-1) {
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:565:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t blen = strlen(base);
data/tarantool-2.6.0/third_party/curl/src/tool_doswin.c:567:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(strlen(fname) == PATH_MAX-1) {
data/tarantool-2.6.0/third_party/curl/src/tool_formparse.c:274:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          size_t size = strlen(m->data);
data/tarantool-2.6.0/third_party/curl/src/tool_formparse.c:425:13:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int c = getc(fp);
data/tarantool-2.6.0/third_party/curl/src/tool_formparse.c:529:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      p = type + strlen(type_major) + strlen(type_minor) + 1;
data/tarantool-2.6.0/third_party/curl/src/tool_formparse.c:529:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      p = type + strlen(type_major) + strlen(type_minor) + 1;
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:346:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t param_length = strlen(cert_parameter);
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:375:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(certname_place, param_place, span);
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:469:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  else if(strlen(unit) > 1)
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:528:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t fnam = strlen(word);
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:968:16:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
          rc = sscanf(p, " - %6s", lrange);
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:1380:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size = strlen(postdata);
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:1397:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t outlen = nlen + strlen(enc) + 2;
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:1441:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size = strlen(postdata);
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:1460:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          size = strlen(postdata);
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:1466:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(convert_to_network(postdata, strlen(postdata))) {
data/tarantool-2.6.0/third_party/curl/src/tool_getparam.c:1561:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(!config->hostpubmd5 || strlen(config->hostpubmd5) != 32)
data/tarantool-2.6.0/third_party/curl/src/tool_getpass.c:91:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   prompt, strlen(prompt));
data/tarantool-2.6.0/third_party/curl/src/tool_getpass.c:104:19:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#  define getch() getchar()
data/tarantool-2.6.0/third_party/curl/src/tool_getpass.c:239:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  nread = read(fd, password, buflen);
data/tarantool-2.6.0/third_party/curl/src/tool_main.c:111:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(env) >= CURL_MT_LOGFNAME_BUFSIZE)
data/tarantool-2.6.0/third_party/curl/src/tool_main.c:125:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if((endptr != env) && (endptr == env + strlen(env)) && (num > 0))
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:566:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ssize_t len = read(fd, buf, sizeof(buf));
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:618:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(hex_digest);
data/tarantool-2.6.0/third_party/curl/src/tool_metalink.c:858:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t media_type_len = strlen(media_type);
data/tarantool-2.6.0/third_party/curl/src/tool_msgs.c:42:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t width = (79 - strlen(prefix));
data/tarantool-2.6.0/third_party/curl/src/tool_msgs.c:51:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(print_buffer);
data/tarantool-2.6.0/third_party/curl/src/tool_operate.c:1561:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if(config->cert && (strlen(config->cert) > 8) &&
data/tarantool-2.6.0/third_party/curl/src/tool_operate.c:1604:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if(config->key && (strlen(config->key) > 8) &&
data/tarantool-2.6.0/third_party/curl/src/tool_panykey.c:41:3:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  getchar();
data/tarantool-2.6.0/third_party/curl/src/tool_paramhlp.c:80:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      buflen = strlen(buffer);
data/tarantool-2.6.0/third_party/curl/src/tool_paramhlp.c:163:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(str);
data/tarantool-2.6.0/third_party/curl/src/tool_paramhlp.c:189:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if((endptr != str) && (endptr == str + strlen(str))) {
data/tarantool-2.6.0/third_party/curl/src/tool_paramhlp.c:264:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if((endptr != str) && (endptr == str + strlen(str))) {
data/tarantool-2.6.0/third_party/curl/src/tool_paramhlp.c:457:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if((endptr != str) && (endptr == str + strlen(str)))
data/tarantool-2.6.0/third_party/curl/src/tool_paramhlp.c:485:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t userlen = strlen(*userpwd);
data/tarantool-2.6.0/third_party/curl/src/tool_paramhlp.c:503:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    passwdlen = strlen(passwd);
data/tarantool-2.6.0/third_party/curl/src/tool_parsecfg.c:60:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      remaining = sizeof(filebuffer) - strlen(filebuffer);
data/tarantool-2.6.0/third_party/curl/src/tool_parsecfg.c:61:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(strlen(filename) < remaining - 1) {
data/tarantool-2.6.0/third_party/curl/src/tool_parsecfg.c:190:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        param = malloc(strlen(line) + 1); /* parameter */
data/tarantool-2.6.0/third_party/curl/src/tool_parsecfg.c:357:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t linelen = strlen(line);
data/tarantool-2.6.0/third_party/curl/src/tool_parsecfg.c:358:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ptr = realloc(line, linelen + strlen(buf) + 1);
data/tarantool-2.6.0/third_party/curl/src/tool_setopt.c:229:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(str);
data/tarantool-2.6.0/third_party/curl/src/tool_setopt.c:335:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        msnprintf(preamble, sizeof(preamble), "%*s", strlen(preamble), "");
data/tarantool-2.6.0/third_party/curl/src/tool_setopt.c:378:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        msnprintf(preamble, sizeof(preamble), "%*s", strlen(preamble), "");
data/tarantool-2.6.0/third_party/curl/src/tool_setopt.c:464:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t size = strlen(part->data);
data/tarantool-2.6.0/third_party/curl/src/tool_strdup.c:33:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(str);
data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c:451:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  glob_buffer = malloc(strlen(url) + 1);
data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c:461:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  glob_expand->urllen = strlen(url);
data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c:577:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(buf);
data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c:593:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(buf);
data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c:625:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  allocsize = strlen(filename) + 1; /* make it at least one byte to store the
data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c:655:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(pat->content.Set.elements[pat->content.Set.ptr_s]);
data/tarantool-2.6.0/third_party/curl/src/tool_urlglob.c:669:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          appendlen = strlen(numbuf);
data/tarantool-2.6.0/third_party/curl/src/tool_writeout_json.c:44:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char *in_end = in + strlen(in);
data/tarantool-2.6.0/third_party/curl/src/tool_xattr.c:110:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        err = fsetxattr(fd, mappings[i].attr, value, strlen(value), 0, 0);
data/tarantool-2.6.0/third_party/curl/src/tool_xattr.c:112:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        err = fsetxattr(fd, mappings[i].attr, value, strlen(value), 0);
data/tarantool-2.6.0/third_party/curl/src/tool_xattr.c:116:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                      mappings[i].attr, value, strlen(value));
data/tarantool-2.6.0/third_party/curl/tests/libtest/first.c:95:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(env) >= CURL_MT_LOGFNAME_BUFSIZE)
data/tarantool-2.6.0/third_party/curl/tests/libtest/first.c:109:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if((endptr != env) && (endptr == env + strlen(env)) && (num > 0))
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1517.c:62:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  pooh.sizeleft = strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1520.c:62:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1525.c:38:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(amount < strlen(data)) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1525.c:39:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1525.c:42:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  memcpy(ptr, data, strlen(data));
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1525.c:43:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1525.c:85:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  test_setopt(curl, CURLOPT_INFILESIZE, (long)strlen(data));
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1526.c:37:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(amount < strlen(data)) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1526.c:38:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1526.c:41:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  memcpy(ptr, data, strlen(data));
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1526.c:42:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1526.c:88:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  test_setopt(curl, CURLOPT_INFILESIZE, (long)strlen(data));
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1527.c:37:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(amount < strlen(data)) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1527.c:38:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1527.c:41:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  memcpy(ptr, data, strlen(data));
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1527.c:42:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1527.c:86:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  test_setopt(curl, CURLOPT_INFILESIZE, (long)strlen(data));
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1537.c:56:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  raw = curl_easy_unescape(NULL, ptr, (int)strlen(ptr), &outlen);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1537.c:63:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  raw = curl_unescape(ptr, (int)strlen(ptr));
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1537.c:68:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  outlen = (int)strlen(raw);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1560.c:75:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = strlen(bufp);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1591.c:39:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(consumed == strlen(data)) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1591.c:43:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(amount > strlen(data)-consumed) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1591.c:44:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    amount = strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1900.c:66:8:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if(fscanf(f, "%d %199s\n", &filetime, buf)) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib1900.c:73:8:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if(fscanf(f, "blocklist_site %199s\n", buf)) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib508.c:58:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  pooh.sizeleft = strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib510.c:50:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib547.c:55:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(size * nmemb > strlen(UPLOADTHIS)) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib547.c:58:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(UPLOADTHIS);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib547.c:114:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  test_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(UPLOADTHIS));
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib554.c:79:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  pooh.sizeleft = strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib554.c:109:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  pooh2.sizeleft = strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib555.c:62:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(size * nmemb > strlen(uploadthis)) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib555.c:65:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(uploadthis);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib555.c:109:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(uploadthis));
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib556.c:75:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    res = curl_easy_send(curl, request, strlen(request), &iolen);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:212:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(us_test[i].expected))) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:382:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(ss_test[i].expected))) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:532:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(ui_test[i].expected))) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:760:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(si_test[i].expected))) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:909:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(ul_test[i].expected))) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:1137:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(sl_test[i].expected))) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:1366:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(co_test[i].expected))) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib557.c:1396:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t buflen = strlen(buf);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib579.c:78:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib582.c:41:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  struct Sockets read, write;
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib582.c:114:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    addFd(&sockets->read, s, "read");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib582.c:120:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    removeFd(&sockets->read, s, 1);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib582.c:308:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    updateFdSet(&sockets.read, &readSet, &maxFd);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib582.c:324:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    checkFdSet(m, &sockets.read, &readSet, CURL_CSELECT_IN, "read");
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib582.c:353:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  free(sockets.read.sockets);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib643.c:93:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  datasize = (curl_off_t)strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib643.c:148:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  datasize = (curl_off_t)strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib650.c:98:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  contentlength = (long)(strlen(data) - 1);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib650.c:110:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        CURLFORM_NAMELENGTH, strlen(name) - 1,
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib654.c:102:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  pooh.sizeleft = (curl_off_t) strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib667.c:92:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  pooh.sizeleft = (curl_off_t) strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib668.c:42:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(pooh->readptr);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib668.c:86:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  pooh1.sizeleft = (curl_off_t) strlen(data);
data/tarantool-2.6.0/third_party/curl/tests/libtest/lib668.c:94:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  curl_mime_data_cb(part, (curl_off_t) strlen(data),
data/tarantool-2.6.0/third_party/curl/tests/libtest/libauthretry.c:34:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(url) + 4 + 1;
data/tarantool-2.6.0/third_party/curl/tests/libtest/libntlmconnect.c:95:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t urllen = strlen(url) + 4 + 1;
data/tarantool-2.6.0/third_party/curl/tests/libtest/sethostname.c:34:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(name, force_hostname, namelen);
data/tarantool-2.6.0/third_party/curl/tests/libtest/stub_gssapi.c:104:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(!creds || strlen(creds) >= MAX_CREDS_LENGTH) {
data/tarantool-2.6.0/third_party/curl/tests/libtest/stub_gssapi.c:339:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      status_string->length = strlen(status_string->value);
data/tarantool-2.6.0/third_party/curl/tests/server/fake_ntlm.c:63:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    inlength = strlen(inbuf);
data/tarantool-2.6.0/third_party/curl/tests/server/fake_ntlm.c:164:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if((endptr != env + strlen(env)) || (lnum < 1L)) {
data/tarantool-2.6.0/third_party/curl/tests/server/fake_ntlm.c:243:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if(strncmp(buf, type3_input, strlen(type3_input)) == 0) {
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:135:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = offset + strlen(*buffer + offset);
data/tarantool-2.6.0/third_party/curl/tests/server/getpart.c:185:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t src_len = strlen(src_buf);
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:153:15:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      if(2 == sscanf(buffer, "%31s %31s", key, value)) {
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:391:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t topiclen = strlen(topic);
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:604:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        publish(dump, fd, packet_id, topic, def, strlen(def));
data/tarantool-2.6.0/third_party/curl/tests/server/mqttd.c:917:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if((endptr != argv[arg] + strlen(argv[arg])) ||
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:220:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
     sscanf(line,
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:250:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if((strlen(doc) + strlen(request)) < 200)
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:250:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if((strlen(doc) + strlen(request)) < 200)
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:321:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if(!strncmp(CMD_AUTH_REQUIRED, ptr, strlen(CMD_AUTH_REQUIRED))) {
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:325:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            else if(!strncmp(CMD_IDLE, ptr, strlen(CMD_IDLE))) {
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:330:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            else if(!strncmp(CMD_STREAM, ptr, strlen(CMD_STREAM))) {
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:447:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    req->checkindex += (end - line) + strlen(END_OF_HEADERS);
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:491:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen("Transfer-Encoding: chunked"))) {
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:556:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     req->reqbuf + req->offset > end + strlen(END_OF_HEADERS) &&
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:557:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     (!strncmp(req->reqbuf, "GET", strlen("GET")) ||
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:558:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      !strncmp(req->reqbuf, "HEAD", strlen("HEAD")))) {
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:561:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    req->checkindex = (end - req->reqbuf) + strlen(END_OF_HEADERS);
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:573:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    req->checkindex += (end - line) + strlen(END_OF_HEADERS);
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:585:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(req->cl <= req->offset - (end - req->reqbuf) - strlen(END_OF_HEADERS))
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:784:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    count = strlen(STREAMTHIS);
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:816:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      msglen = strlen(msgbuf);
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:845:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    count = strlen(buffer);
data/tarantool-2.6.0/third_party/curl/tests/server/rtspd.c:1003:15:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      if(2 == sscanf(ptr, "%31s %d", command, &num)) {
data/tarantool-2.6.0/third_party/curl/tests/server/sockfilt.c:164:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return read(fd, buf, count);
data/tarantool-2.6.0/third_party/curl/tests/server/sockfilt.c:180:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#undef  read
data/tarantool-2.6.0/third_party/curl/tests/server/sockfilt.c:181:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define read(a,b,c) read_wincon(a,b,c)
data/tarantool-2.6.0/third_party/curl/tests/server/sockfilt.c:232:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ssize_t rc = read(filedes,
data/tarantool-2.6.0/third_party/curl/tests/server/sockfilt.c:1049:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      buffer_len = (ssize_t)strlen((char *)buffer);
data/tarantool-2.6.0/third_party/curl/tests/server/sockfilt.c:1390:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if((endptr != argv[arg] + strlen(argv[arg])) ||
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:185:15:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      if(2 == sscanf(buffer, "%31s %31s", key, value)) {
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:441:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if((ulen != strlen(config.user)) ||
data/tarantool-2.6.0/third_party/curl/tests/server/socksd.c:442:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       (plen != strlen(config.password)) ||
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:292:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(!strncmp(CMD_AUTH_REQUIRED, cmd, strlen(CMD_AUTH_REQUIRED))) {
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:296:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      else if(!strncmp(CMD_IDLE, cmd, strlen(CMD_IDLE))) {
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:301:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      else if(!strncmp(CMD_STREAM, cmd, strlen(CMD_STREAM))) {
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:306:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen(CMD_CONNECTIONMONITOR))) {
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:310:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      else if(!strncmp(CMD_UPGRADE, cmd, strlen(CMD_UPGRADE))) {
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:314:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      else if(!strncmp(CMD_SWSCLOSE, cmd, strlen(CMD_SWSCLOSE))) {
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:322:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      else if(!strncmp(CMD_NOEXPECT, cmd, strlen(CMD_NOEXPECT))) {
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:399:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if((strlen(doc) + strlen(request)) < 400)
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:399:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if((strlen(doc) + strlen(request)) < 400)
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:651:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen("Transfer-Encoding: chunked"))) {
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:657:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen("Expect: 100-continue"))) {
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:752:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     req->reqbuf + req->offset > end + strlen(end_of_headers) &&
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:754:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     (!strncmp(req->reqbuf, "GET", strlen("GET")) ||
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:755:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      !strncmp(req->reqbuf, "HEAD", strlen("HEAD")))) {
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:758:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    req->checkindex = (end - req->reqbuf) + strlen(end_of_headers);
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:777:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(req->cl <= req->offset - (end - req->reqbuf) - strlen(end_of_headers))
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:969:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    count = strlen(STREAMTHIS);
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:1000:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      msglen = strlen(msgbuf);
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:1016:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    count = strlen(buffer);
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:1173:15:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      if(2 == sscanf(ptr, "%31s %d", command, &num)) {
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:1947:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(strlen(unix_socket) >= sizeof(me.sau.sun_path)) {
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:1964:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if((endptr != argv[arg] + strlen(argv[arg])) ||
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:2067:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(me.sau.sun_path, unix_socket, sizeof(me.sau.sun_path) - 1);
data/tarantool-2.6.0/third_party/curl/tests/server/sws.c:2291:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              storerequest(keepopen, strlen(keepopen));
data/tarantool-2.6.0/third_party/curl/tests/server/tftpd.c:1352:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  length = (int)strlen(pe->e_msg);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1304.c:54:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  memcpy(filename, filename1, strlen(filename1));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1305.c:125:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    key_len = strlen(data_key);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1396.c:105:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    outlen = (int)strlen(out);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1601.c:44:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  Curl_md5it(output, (const unsigned char *) string1, strlen(string1));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1601.c:49:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  Curl_md5it(output, (const unsigned char *) string2, strlen(string2));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:63:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(Curl_hash_str(key1, strlen(key1), slots) != 1 ||
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:64:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     Curl_hash_str(key2, strlen(key2), slots) != 0 ||
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:65:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     Curl_hash_str(key3, strlen(key3), slots) != 2 ||
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:66:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     Curl_hash_str(key4, strlen(key4), slots) != 1)
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:70:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_add(&hash_static, &key1, strlen(key1), &key1);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:72:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key1, strlen(key1));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:75:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_add(&hash_static, &key2, strlen(key2), &key2);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:77:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key2, strlen(key2));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:80:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_add(&hash_static, &key3, strlen(key3), &key3);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:82:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key3, strlen(key3));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:86:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_add(&hash_static, &key4, strlen(key4), &key4);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:88:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key4, strlen(key4));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:92:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key1, strlen(key1));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:94:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key2, strlen(key2));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:96:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key3, strlen(key3));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:98:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key4, strlen(key4));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:102:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  rc = Curl_hash_delete(&hash_static, &key4, strlen(key4));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:104:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key1, strlen(key1));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:106:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key4, strlen(key4));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:110:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_add(&hash_static, &key4, strlen(key4), &key4);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:112:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key4, strlen(key4));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:116:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  rc = Curl_hash_delete(&hash_static, &key1, strlen(key1));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:118:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key1, strlen(key1));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:120:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key4, strlen(key4));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:124:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  rc = Curl_hash_delete(&hash_static, &key4, strlen(key4));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:126:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key1, strlen(key1));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:128:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key4, strlen(key4));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:132:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  rc = Curl_hash_delete(&hash_static, &key4, strlen(key4));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:136:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_add(&hash_static, &key1, strlen(key1), &notakey);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:138:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key1, strlen(key1));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:142:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key2, strlen(key2));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1603.c:144:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  nodep = Curl_hash_pick(&hash_static, &key3, strlen(key3));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1607.c:135:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dns = Curl_hash_pick(easy->dns.hostcache, entry_id, strlen(entry_id) + 1);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1609.c:143:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dns = Curl_hash_pick(easy->dns.hostcache, entry_id, strlen(entry_id) + 1);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1610.c:44:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  Curl_sha256it(output, (const unsigned char *) string1, strlen(string1));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1610.c:51:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  Curl_sha256it(output, (const unsigned char *) string2, strlen(string2));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1611.c:44:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  Curl_md4it(output, (const unsigned char *) string1, strlen(string1));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1611.c:50:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  Curl_md4it(output, (const unsigned char *) string2, strlen(string2));
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1612.c:47:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              (const unsigned char *) password, strlen(password),
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1612.c:48:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              (const unsigned char *) string1, strlen(string1),
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1612.c:56:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              (const unsigned char *) password, strlen(password),
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1612.c:57:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              (const unsigned char *) string2, strlen(string2),
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1620.c:72:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                          hostname, strlen(hostname), NULL, NULL, NULL);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1650.c:205:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        o = strlen(ptr);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1650.c:215:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          l = strlen(ptr);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1650.c:227:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      o = strlen(ptr);
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1652.c:94:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
fail_unless(strlen(result) == 0, "Empty string");
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1652.c:102:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
fail_unless(strlen(result) == 2048, "No truncation of infof input");
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1652.c:110:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
fail_unless(strlen(result) == 2048, "Truncation of infof input 1");
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1652.c:119:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
fail_unless(strlen(result) == 2048, "Truncation of infof input 2");
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1652.c:128:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
fail_unless(strlen(result) == 2048, "Truncation of infof input 3");
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1655.c:132:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        fail_unless(olen > strlen(name), "unrealistic low size");
data/tarantool-2.6.0/third_party/curl/tests/unit/unit1655.c:155:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  fail_unless(olen1 > strlen(sunshine1), "bad out length");
data/tarantool-2.6.0/third_party/decNumber/decCommon.c:1169:22:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    if ((i+1)%4==0) {strcpy(&hexbuf[j], " "); j++;}
data/tarantool-2.6.0/third_party/decNumber/decNumber.c:3732:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(string, "?");
data/tarantool-2.6.0/third_party/decNumber/decNumberLocal.h:187:27:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    #error Maximum digits mismatch
data/tarantool-2.6.0/third_party/decNumber/decNumberLocal.h:190:29:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    #error Maximum exponent mismatch
data/tarantool-2.6.0/third_party/decNumber/decNumberLocal.h:193:29:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    #error Minimum exponent mismatch
data/tarantool-2.6.0/third_party/libeio/demo.c:28:3:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  read (respipe [0], &dummy, 1);
data/tarantool-2.6.0/third_party/libeio/demo.c:72:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      buf += strlen (buf) + 1;
data/tarantool-2.6.0/third_party/libeio/eio.c:313:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define D_NAMLEN(entp) strlen (D_NAME (entp))
data/tarantool-2.6.0/third_party/libeio/eio.c:1048:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          len = strlen (res);
data/tarantool-2.6.0/third_party/libeio/eio.c:1115:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int rellen = strlen (rel);
data/tarantool-2.6.0/third_party/libeio/eio.c:1337:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen ((const char *)req->ptr1);
data/tarantool-2.6.0/third_party/libeio/eio.c:1621:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int l2 = strlen (path);
data/tarantool-2.6.0/third_party/libeio/eio.c:1849:41:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                                      : read      (req->int1, req->ptr2, req->size); break;
data/tarantool-2.6.0/third_party/libeio/etp.c:310:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen (name);
data/tarantool-2.6.0/third_party/libeio/xthread.h:168:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define respipe_read(a,b,c)  read  ((a), (b), (c))
data/tarantool-2.6.0/third_party/libev/ev.c:1678:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  write (STDERR_FILENO, msg, strlen (msg));
data/tarantool-2.6.0/third_party/libev/ev.c:2527:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          read (evpipe [1], &counter, sizeof (uint64_t));
data/tarantool-2.6.0/third_party/libev/ev.c:2541:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          read (evpipe [0], &dummy, sizeof (dummy));
data/tarantool-2.6.0/third_party/libev/ev.c:2643:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ssize_t res = read (sigfd, si, sizeof (si));
data/tarantool-2.6.0/third_party/libev/ev.c:4353:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((errno == ENOENT || errno == EACCES) && strlen (w->path) < 4096)
data/tarantool-2.6.0/third_party/libev/ev.c:4439:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  int len = read (fs_fd, buf, sizeof (buf));
data/tarantool-2.6.0/third_party/libutil_freebsd/pidfile.c:89:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	i = read(fd, buf, sizeof(buf) - 1);
data/tarantool-2.6.0/third_party/libutil_freebsd/pidfile.c:208:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (pwrite(fd, pidstr, strlen(pidstr), 0) != (ssize_t)strlen(pidstr)) {
data/tarantool-2.6.0/third_party/libutil_freebsd/pidfile.c:208:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (pwrite(fd, pidstr, strlen(pidstr), 0) != (ssize_t)strlen(pidstr)) {
data/tarantool-2.6.0/third_party/libyaml/src/api.c:736:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen((char *)tag_directive->handle)))
data/tarantool-2.6.0/third_party/libyaml/src/api.c:739:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen((char *)tag_directive->prefix)))
data/tarantool-2.6.0/third_party/libyaml/src/api.c:800:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!yaml_check_utf8(anchor, strlen((char *)anchor))) return 0;
data/tarantool-2.6.0/third_party/libyaml/src/api.c:831:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!yaml_check_utf8(anchor, strlen((char *)anchor))) goto error;
data/tarantool-2.6.0/third_party/libyaml/src/api.c:837:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error;
data/tarantool-2.6.0/third_party/libyaml/src/api.c:843:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        length = strlen((char *)value);
data/tarantool-2.6.0/third_party/libyaml/src/api.c:881:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!yaml_check_utf8(anchor, strlen((char *)anchor))) goto error;
data/tarantool-2.6.0/third_party/libyaml/src/api.c:887:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error;
data/tarantool-2.6.0/third_party/libyaml/src/api.c:936:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!yaml_check_utf8(anchor, strlen((char *)anchor))) goto error;
data/tarantool-2.6.0/third_party/libyaml/src/api.c:942:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error;
data/tarantool-2.6.0/third_party/libyaml/src/api.c:1077:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen((char *)tag_directive->handle)))
data/tarantool-2.6.0/third_party/libyaml/src/api.c:1080:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        strlen((char *)tag_directive->prefix)))
data/tarantool-2.6.0/third_party/libyaml/src/api.c:1209:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error;
data/tarantool-2.6.0/third_party/libyaml/src/api.c:1214:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        length = strlen((char *)value);
data/tarantool-2.6.0/third_party/libyaml/src/api.c:1261:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error;
data/tarantool-2.6.0/third_party/libyaml/src/api.c:1306:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!yaml_check_utf8(tag, strlen((char *)tag))) goto error;
data/tarantool-2.6.0/third_party/libyaml/src/emitter.c:664:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen((char *)tag_directive->handle)))
data/tarantool-2.6.0/third_party/libyaml/src/emitter.c:667:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            strlen((char *)tag_directive->prefix), 1))
data/tarantool-2.6.0/third_party/libyaml/src/emitter.c:1394:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    handle_length = strlen((char *)tag_directive.handle);
data/tarantool-2.6.0/third_party/libyaml/src/emitter.c:1395:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    prefix_length = strlen((char *)tag_directive.prefix);
data/tarantool-2.6.0/third_party/libyaml/src/emitter.c:1443:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    anchor_length = strlen((char *)anchor);
data/tarantool-2.6.0/third_party/libyaml/src/emitter.c:1480:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tag_length = strlen((char *)tag);
data/tarantool-2.6.0/third_party/libyaml/src/emitter.c:1490:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t prefix_length = strlen((char *)tag_directive->prefix);
data/tarantool-2.6.0/third_party/libyaml/src/emitter.c:1497:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen((char *)tag_directive->handle);
data/tarantool-2.6.0/third_party/libyaml/src/emitter.c:1830:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    indicator_length = strlen(indicator);
data/tarantool-2.6.0/third_party/libyaml/src/parser.c:606:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        size_t prefix_len = strlen((char *)tag_directive->prefix);
data/tarantool-2.6.0/third_party/libyaml/src/parser.c:607:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        size_t suffix_len = strlen((char *)tag_suffix);
data/tarantool-2.6.0/third_party/libyaml/src/scanner.c:2437:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (handle[0] == '!' && handle[1] != '\0' && handle[strlen((char *)handle)-1] == '!')
data/tarantool-2.6.0/third_party/libyaml/src/scanner.c:2571:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t length = head ? strlen((char *)head) : 0;
data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter-test-suite.c:161:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        end = line + strlen(line);
data/tarantool-2.6.0/third_party/libyaml/tests/run-emitter-test-suite.c:185:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *end = line + strlen(line);
data/tarantool-2.6.0/third_party/lua-cjson/lua_cjson.c:431:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            return json_append_string(cfg, json, str, strlen(str));
data/tarantool-2.6.0/third_party/lua-yaml/lyaml.cc:631:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(buf);
data/tarantool-2.6.0/third_party/lua-yaml/lyaml.cc:637:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(buf);
data/tarantool-2.6.0/third_party/lua-yaml/lyaml.cc:642:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(buf);
data/tarantool-2.6.0/third_party/lua-yaml/lyaml.cc:647:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(buf);
data/tarantool-2.6.0/third_party/lua-yaml/lyaml.cc:703:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         len = strlen(str);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm.c:126:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  p = (char *)malloc(strlen(name)+1);  /* MSVC doesn't like strdup. */
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm.c:228:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = (int)strlen(gl);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_fold.c:217:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf[strlen(buf)-1] = '\0';
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:29:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t n = strlen(p);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:89:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  modnamelen = strlen(p);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:138:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(p) > sizeof(funcname)-1) {
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:219:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p += strlen(p)+1;
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:221:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (p+strlen(name)+1 >= (char *)obuf+sizeof(obuf)) {
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:266:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = (int)strlen(p);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:404:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  size_t n, len = strlen(ldh->suffix);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:416:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  buf[strlen(buf)-1] = '\0';
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_lib.c:452:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      p += strlen(p)+1;
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_peobj.c:134:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(name);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_peobj.c:224:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  sofs += (pesect[PEOBJ_SECT_RDATA_Z].size = (uint32_t)strlen(ctx->dasm_ident)+1);
data/tarantool-2.6.0/third_party/luajit/src/host/buildvm_peobj.c:340:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  owrite(ctx, ctx->dasm_ident, strlen(ctx->dasm_ident)+1);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:592:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define luaS_new(L,s)(luaS_newlstr(L,s,strlen(s)))
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:733:1:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
strncpy(out,source+1,bufflen);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:741:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(source);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:742:1:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
strcpy(out,"");
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:755:1:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
strncat(out,source,len);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:4823:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len=strlen(l);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:5540:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
lua_pushlstring(L,s,strlen(s));
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:5960:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len=(def?strlen(def):0);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:6035:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(e==NULL)e=fname+strlen(fname);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:6157:3:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
c=getc(lf.f);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:6160:10:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
while((c=getc(lf.f))!=EOF&&c!='\n');
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:6161:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
if(c=='\n')c=getc(lf.f);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:6166:10:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
while((c=getc(lf.f))!=EOF&&c!="\033Lua"[0]);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:6772:7:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
int c=getc(f);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:6787:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(p);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:7568:1:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
strncpy(form,strfrmt,p-strfrmt+1);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:7574:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l=strlen(form);
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:7576:1:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
strcpy(form+l-1,"l");
data/tarantool-2.6.0/third_party/luajit/src/host/minilua.c:7641:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
luaL_addlstring(&b,buff,strlen(buff));
data/tarantool-2.6.0/third_party/luajit/src/lib_aux.c:88:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (e == NULL) e = fname + strlen(fname);
data/tarantool-2.6.0/third_party/luajit/src/lib_aux.c:165:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t l = strlen(p);
data/tarantool-2.6.0/third_party/luajit/src/lib_aux.c:227:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  luaL_addlstring(B, s, strlen(s));
data/tarantool-2.6.0/third_party/luajit/src/lib_debug.c:370:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (luaL_loadbuffer(L, buffer, strlen(buffer), "=(debug command)") ||
data/tarantool-2.6.0/third_party/luajit/src/lib_ffi.c:691:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(p);
data/tarantool-2.6.0/third_party/luajit/src/lib_io.c:152:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n += (MSize)strlen(buf+n);
data/tarantool-2.6.0/third_party/luajit/src/lib_io.c:185:13:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int c = getc(fp);
data/tarantool-2.6.0/third_party/luajit/src/lib_package.c:284:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (l == NULL) l = path + strlen(path);
data/tarantool-2.6.0/third_party/luajit/src/lib_package.c:308:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(filename);
data/tarantool-2.6.0/third_party/luajit/src/lj_alloc.c:241:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int ok = ((size_t)read(fd, &val, sizeof(val)) == sizeof(val));
data/tarantool-2.6.0/third_party/luajit/src/lj_api.c:558:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (len != NULL) *len = def ? strlen(def) : 0;
data/tarantool-2.6.0/third_party/luajit/src/lj_ctype.c:437:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ctype_prepstr(ctr, t, (MSize)strlen(t));
data/tarantool-2.6.0/third_party/luajit/src/lj_ctype.c:610:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t len = strlen(name);
data/tarantool-2.6.0/third_party/luajit/src/lj_debug.c:323:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(out, src+1, LUA_IDSIZE);  /* Remove first char. */
data/tarantool-2.6.0/third_party/luajit/src/lj_debug.c:340:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(out, src, len); out += len;
data/tarantool-2.6.0/third_party/luajit/src/lj_debug.c:609:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    lj_buf_putmem(sb, name, (MSize)strlen(name));
data/tarantool-2.6.0/third_party/luajit/src/lj_ircall.h:218:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  _(FFI,	strlen,			1,   L, INTP, 0) \
data/tarantool-2.6.0/third_party/luajit/src/lj_load.c:154:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return luaL_loadbuffer(L, s, strlen(s), s);
data/tarantool-2.6.0/third_party/luajit/src/lj_str.h:24:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define lj_str_newz(L, s)	(lj_str_new(L, s, strlen(s)))
data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt.c:390:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p = lj_buf_wmem(p, lj_typename(o), (MSize)strlen(lj_typename(o)));
data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt.c:422:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  lj_strfmt_init(&fs, fmt, (MSize)strlen(fmt));
data/tarantool-2.6.0/third_party/luajit/src/lj_strfmt.c:440:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      lj_buf_putmem(sb, s, (MSize)strlen(s));
data/tarantool-2.6.0/third_party/luajit/src/luajit.c:174:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int status = luaL_loadbuffer(L, s, strlen(s), name) || docall(L, 0, 1);
data/tarantool-2.6.0/third_party/luajit/src/luajit.c:215:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(buf);
data/tarantool-2.6.0/third_party/luajit/src/luajit.c:347:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  lua_pushlstring(L, cmd, opt ? (size_t)(opt - cmd) : strlen(cmd));
data/tarantool-2.6.0/third_party/zstd/contrib/adaptive-compression/adapt.c:1058:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (argument[0]=='-' && strlen(argument) > 1) {
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/Pzstd.cpp:157:15:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      int c = getchar();
data/tarantool-2.6.0/third_party/zstd/contrib/pzstd/utils/Range.h:66:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  /* implicit */ Range(Iter str) : b_(str), e_(str + std::strlen(str)) {}
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/parallel_compression.c:21:20:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#  define SLEEP(x) usleep(x * 1000)
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/parallel_compression.c:188:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t const inL = strlen(filename);
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/parallel_processing.c:27:20:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#  define SLEEP(x) usleep(x * 1000)
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/seekable_compression.c:77:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    size_t read, toRead = buffInSize;
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/seekable_compression.c:79:41:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ZSTD_inBuffer input = { buffIn, read, 0 };
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/examples/seekable_compression.c:106:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t const inL = strlen(filename);
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/zstd_seekable.h:175:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ZSTD_seekable_read* read;
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/zstdseek_decompress.c:257:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    CHECK_IO(src.read(src.opaque, zs->inBuff, ZSTD_seekTableFooterSize));
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/zstdseek_decompress.c:282:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            CHECK_IO(src.read(src.opaque, zs->inBuff, toRead));
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/zstdseek_decompress.c:317:34:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                    CHECK_IO(src.read(src.opaque, zs->inBuff+offset, toRead));
data/tarantool-2.6.0/third_party/zstd/contrib/seekable_format/zstdseek_decompress.c:435:34:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                CHECK_IO(zs->src.read(zs->src.opaque, zs->inBuff, toRead));
data/tarantool-2.6.0/third_party/zstd/doc/educational_decoder/harness.c:52:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        pos += read;
data/tarantool-2.6.0/third_party/zstd/examples/dictionary_compression.c:121:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t const inL = strlen(filename);
data/tarantool-2.6.0/third_party/zstd/examples/multiple_streaming_compression.c:107:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    size_t read, toRead = ress.buffInSize;
data/tarantool-2.6.0/third_party/zstd/examples/multiple_streaming_compression.c:109:46:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ZSTD_inBuffer input = { ress.buffIn, read, 0 };
data/tarantool-2.6.0/third_party/zstd/examples/multiple_streaming_compression.c:147:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t const ifnSize = strlen(ifn);
data/tarantool-2.6.0/third_party/zstd/examples/simple_compression.c:109:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t const inL = strlen(filename);
data/tarantool-2.6.0/third_party/zstd/examples/streaming_compression.c:78:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    size_t read, toRead = buffInSize;
data/tarantool-2.6.0/third_party/zstd/examples/streaming_compression.c:80:41:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ZSTD_inBuffer input = { buffIn, read, 0 };
data/tarantool-2.6.0/third_party/zstd/examples/streaming_compression.c:105:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t const inL = strlen(filename);
data/tarantool-2.6.0/third_party/zstd/examples/streaming_decompression.c:82:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    size_t read, toRead = initResult;
data/tarantool-2.6.0/third_party/zstd/examples/streaming_decompression.c:84:41:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ZSTD_inBuffer input = { buffIn, read, 0 };
data/tarantool-2.6.0/third_party/zstd/lib/compress/fse_compress.c:629:9:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        getchar();
data/tarantool-2.6.0/third_party/zstd/programs/bench.c:214:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(displayName)>17) displayName += strlen(displayName)-17;   /* display last 17 characters */
data/tarantool-2.6.0/third_party/zstd/programs/bench.c:214:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(displayName)>17) displayName += strlen(displayName)-17;   /* display last 17 characters */
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:340:30:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                {   int ch = getchar();
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:346:58:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                    while ((ch!=EOF) && (ch!='\n')) ch = getchar();
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:938:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t const suffixSize = suffix ? strlen(suffix) : 0;
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:961:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t const ifnSize = strlen(inFileNamesTable[u]);
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:1179:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t const srcFileLength = strlen(srcFileName);
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:1670:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t const sfnSize = strlen(srcFileName);
data/tarantool-2.6.0/third_party/zstd/programs/fileio.c:1677:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            suffixSize = strlen(suffixPtr);
data/tarantool-2.6.0/third_party/zstd/programs/util.h:378:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dirLength = (int)strlen(dirName);
data/tarantool-2.6.0/third_party/zstd/programs/util.h:395:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        fnameLength = (int)strlen(cFile.cFileName);
data/tarantool-2.6.0/third_party/zstd/programs/util.h:418:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(*bufStart + *pos, path, *bufEnd - (*bufStart + *pos));
data/tarantool-2.6.0/third_party/zstd/programs/util.h:447:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dirLength = (int)strlen(dirName);
data/tarantool-2.6.0/third_party/zstd/programs/util.h:452:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        fnameLength = (int)strlen(entry->d_name);
data/tarantool-2.6.0/third_party/zstd/programs/util.h:478:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(*bufStart + *pos, path, *bufEnd - (*bufStart + *pos));
data/tarantool-2.6.0/third_party/zstd/programs/util.h:525:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t const len = strlen(inputNames[i]);
data/tarantool-2.6.0/third_party/zstd/programs/util.h:533:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(buf + pos, inputNames[i], bufend - (buf + pos));
data/tarantool-2.6.0/third_party/zstd/programs/util.h:549:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pos += strlen(fileTable[i]) + 1;
data/tarantool-2.6.0/third_party/zstd/programs/zstdcli.c:199:14:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    unused = getchar();
data/tarantool-2.6.0/third_party/zstd/programs/zstdcli.c:216:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return !strncmp(exeName, test, strlen(test)) &&
data/tarantool-2.6.0/third_party/zstd/programs/zstdcli.c:217:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (exeName[strlen(test)] == '\0' || exeName[strlen(test)] == '.');
data/tarantool-2.6.0/third_party/zstd/programs/zstdcli.c:217:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        (exeName[strlen(test)] == '\0' || exeName[strlen(test)] == '.');
data/tarantool-2.6.0/third_party/zstd/programs/zstdcli.c:247:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t const comSize = strlen(longCommand);
data/tarantool-2.6.0/third_party/zstd/tests/decodecorpus.c:1791:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t const comSize = strlen(longCommand);
data/tarantool-2.6.0/third_party/zstd/tests/decodecorpus.c:1854:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    argument += strlen(argument);
data/tarantool-2.6.0/third_party/zstd/tests/decodecorpus.c:1859:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    argument += strlen(argument);
data/tarantool-2.6.0/third_party/zstd/tests/decodecorpus.c:1887:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    argument += strlen(argument);
data/tarantool-2.6.0/third_party/zstd/tests/fullbench.c:640:72:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (main_pause) { int unused; printf("press enter...\n"); unused = getchar(); (void)unused; }
data/tarantool-2.6.0/third_party/zstd/tests/fuzzer.c:1593:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t const comSize = strlen(longCommand);
data/tarantool-2.6.0/third_party/zstd/tests/fuzzer.c:1710:18:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        unused = getchar();
data/tarantool-2.6.0/third_party/zstd/tests/legacy.c:41:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t const size = strlen(EXPECTED);
data/tarantool-2.6.0/third_party/zstd/tests/namespaceTest.c:22:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    unsigned result = XXH32(exename, strlen(exename), argc);
data/tarantool-2.6.0/third_party/zstd/tests/paramgrill.c:1048:72:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (main_pause) { int unused; printf("press enter...\n"); unused = getchar(); (void)unused; }
data/tarantool-2.6.0/third_party/zstd/tests/zbufftest.c:614:18:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        unused = getchar();
data/tarantool-2.6.0/third_party/zstd/tests/zstreamtest.c:1925:18:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        unused = getchar();
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example.c:118:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    uLong len = (uLong)strlen(hello)+1;
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example.c:148:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = (int)strlen(hello)+1;
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example.c:205:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen((char*)uncompr) != 7) { /* " hello!" */
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example.c:231:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    uLong len = (uLong)strlen(hello)+1;
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example.c:406:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    uInt len = (uInt)strlen(hello)+1;
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example.c:505:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    c_stream.avail_in = (uInt)strlen(hello)+1;
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example.c:602:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    argc = strlen(argv[0]);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example_original.c:110:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    uLong len = (uLong)strlen(hello)+1;
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example_original.c:140:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = (int)strlen(hello)+1;
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example_original.c:197:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen((char*)uncompr) != 7) { /* " hello!" */
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example_original.c:223:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    uLong len = (uLong)strlen(hello)+1;
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example_original.c:398:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    uInt len = (uInt)strlen(hello)+1;
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example_original.c:497:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    c_stream.avail_in = (uInt)strlen(hello)+1;
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/example_original.c:593:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    argc = strlen(argv[0]);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:468:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(file) + strlen(GZ_SUFFIX) >= sizeof(outfile)) {
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:468:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(file) + strlen(GZ_SUFFIX) >= sizeof(outfile)) {
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:506:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(file);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/minigzip.c:508:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (len + strlen(GZ_SUFFIX) >= sizeof(buf)) {
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/zwrapbench.c:170:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(displayName)>17) displayName += strlen(displayName)-17;   /* can only display 17 characters */
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/zwrapbench.c:170:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(displayName)>17) displayName += strlen(displayName)-17;   /* can only display 17 characters */
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/zwrapbench.c:835:14:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    unused = getchar();
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/examples/zwrapbench.c:881:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for (pos = (int)strlen(programName); pos > 0; pos--) { if (programName[pos] == '/') { pos++; break; } }
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzguts.h:53:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#  define read _read
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzlib.c:202:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen((const char *)path);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzlib.c:608:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((state.state->msg = (char *)malloc(strlen(state.state->path) + strlen(msg) + 3)) ==
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzlib.c:608:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((state.state->msg = (char *)malloc(strlen(state.state->path) + strlen(msg) + 3)) ==
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzlib.c:614:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    (void)snprintf(state.state->msg, strlen(state.state->path) + strlen(msg) + 3,
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzlib.c:614:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    (void)snprintf(state.state->msg, strlen(state.state->path) + strlen(msg) + 3,
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzread.c:38:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ret = read(state.state->fd, buf + *have, get);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:373:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(str);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:429:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(next);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/gzwrite.c:527:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(next);
data/tarantool-2.6.0/third_party/zstd/zlibWrapper/zstd_zlibwrapper.c:523:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        zwd->version = ZSTD_malloc(strlen(version)+1, zwd->customMem);

ANALYSIS SUMMARY:

Hits = 4877
Lines analyzed = 859291 in approximately 21.62 seconds (39747 lines/second)
Physical Source Lines of Code (SLOC) = 585151
Hits@level = [0] 3430 [1] 1398 [2] 2794 [3] 164 [4] 495 [5]  26
Hits@level+ = [0+] 8307 [1+] 4877 [2+] 3479 [3+] 685 [4+] 521 [5+]  26
Hits/KSLOC@level+ = [0+] 14.1963 [1+] 8.3346 [2+] 5.94547 [3+] 1.17064 [4+] 0.890368 [5+] 0.044433
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.