Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/upb-0.0.0~git200730/examples/bazel/test_binary.c
Examining data/upb-0.0.0~git200730/upbc/generator.h
Examining data/upb-0.0.0~git200730/upbc/message_layout.h
Examining data/upb-0.0.0~git200730/upbc/main.cc
Examining data/upb-0.0.0~git200730/upbc/generator.cc
Examining data/upb-0.0.0~git200730/upbc/message_layout.cc
Examining data/upb-0.0.0~git200730/generated_for_cmake/google/protobuf/descriptor.upb.c
Examining data/upb-0.0.0~git200730/generated_for_cmake/google/protobuf/descriptor.upb.h
Examining data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c
Examining data/upb-0.0.0~git200730/tests/test_generated_code.c
Examining data/upb-0.0.0~git200730/tests/corpus/temp.cc
Examining data/upb-0.0.0~git200730/tests/benchmark.cc
Examining data/upb-0.0.0~git200730/tests/testmain.cc
Examining data/upb-0.0.0~git200730/tests/upb_test.h
Examining data/upb-0.0.0~git200730/tests/json/test_json.cc
Examining data/upb-0.0.0~git200730/tests/test_table.cc
Examining data/upb-0.0.0~git200730/tests/test_cpp.cc
Examining data/upb-0.0.0~git200730/tests/test_util.h
Examining data/upb-0.0.0~git200730/tests/conformance_upb.c
Examining data/upb-0.0.0~git200730/tests/pb/test_decoder.cc
Examining data/upb-0.0.0~git200730/tests/pb/test_varint.c
Examining data/upb-0.0.0~git200730/tests/pb/test_encoder.cc
Examining data/upb-0.0.0~git200730/tests/file_descriptor_parsenew_fuzzer.cc
Examining data/upb-0.0.0~git200730/tests/bindings/lua/main.c
Examining data/upb-0.0.0~git200730/upb/upb.h
Examining data/upb-0.0.0~git200730/upb/msg.h
Examining data/upb-0.0.0~git200730/upb/handlers.h
Examining data/upb-0.0.0~git200730/upb/def.c
Examining data/upb-0.0.0~git200730/upb/port.c
Examining data/upb-0.0.0~git200730/upb/decode.h
Examining data/upb-0.0.0~git200730/upb/text_encode.h
Examining data/upb-0.0.0~git200730/upb/table.int.h
Examining data/upb-0.0.0~git200730/upb/decode.c
Examining data/upb-0.0.0~git200730/upb/json_encode.h
Examining data/upb-0.0.0~git200730/upb/reflection.h
Examining data/upb-0.0.0~git200730/upb/handlers.c
Examining data/upb-0.0.0~git200730/upb/json/printer.c
Examining data/upb-0.0.0~git200730/upb/json/printer.h
Examining data/upb-0.0.0~git200730/upb/json/parser.h
Examining data/upb-0.0.0~git200730/upb/encode.h
Examining data/upb-0.0.0~git200730/upb/reflection.c
Examining data/upb-0.0.0~git200730/upb/upb.hpp
Examining data/upb-0.0.0~git200730/upb/handlers-inl.h
Examining data/upb-0.0.0~git200730/upb/table.c
Examining data/upb-0.0.0~git200730/upb/def.hpp
Examining data/upb-0.0.0~git200730/upb/sink.c
Examining data/upb-0.0.0~git200730/upb/sink.h
Examining data/upb-0.0.0~git200730/upb/json_decode.c
Examining data/upb-0.0.0~git200730/upb/text_encode.c
Examining data/upb-0.0.0~git200730/upb/json_decode.h
Examining data/upb-0.0.0~git200730/upb/def.h
Examining data/upb-0.0.0~git200730/upb/msg.c
Examining data/upb-0.0.0~git200730/upb/json_encode.c
Examining data/upb-0.0.0~git200730/upb/upb.c
Examining data/upb-0.0.0~git200730/upb/encode.c
Examining data/upb-0.0.0~git200730/upb/pb/decoder.h
Examining data/upb-0.0.0~git200730/upb/pb/varint.c
Examining data/upb-0.0.0~git200730/upb/pb/textprinter.h
Examining data/upb-0.0.0~git200730/upb/pb/decoder.c
Examining data/upb-0.0.0~git200730/upb/pb/textprinter.c
Examining data/upb-0.0.0~git200730/upb/pb/decoder.int.h
Examining data/upb-0.0.0~git200730/upb/pb/encoder.h
Examining data/upb-0.0.0~git200730/upb/pb/compile_decoder.c
Examining data/upb-0.0.0~git200730/upb/pb/encoder.c
Examining data/upb-0.0.0~git200730/upb/pb/varint.int.h
Examining data/upb-0.0.0~git200730/upb/bindings/lua/upb.h
Examining data/upb-0.0.0~git200730/upb/bindings/lua/def.c
Examining data/upb-0.0.0~git200730/upb/bindings/lua/upbc.cc
Examining data/upb-0.0.0~git200730/upb/bindings/lua/msg.c
Examining data/upb-0.0.0~git200730/upb/bindings/lua/upb.c
Examining data/upb-0.0.0~git200730/upb/bindings/stdc++/string.h
FINAL RESULTS:
data/upb-0.0.0~git200730/tests/pb/test_decoder.cc:59:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, \
data/upb-0.0.0~git200730/tests/pb/test_decoder.cc:119:15: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int count = vsnprintf(NULL, 0, format, args);
data/upb-0.0.0~git200730/tests/pb/test_decoder.cc:125:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
count = vsnprintf(buffer, count + 1, format, copy);
data/upb-0.0.0~git200730/upb/def.c:1147:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret, prefix);
data/upb-0.0.0~git200730/upb/json/printer.c:183:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, inf);
data/upb-0.0.0~git200730/upb/json/printer.c:187:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, neginf);
data/upb-0.0.0~git200730/upb/json/printer.c:885:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer + base_len, nanos_buffer + 1);
data/upb-0.0.0~git200730/upb/json/printer.c:959:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer + UPB_TIMESTAMP_BEFORE_NANO_LEN, nanos_buffer + 1);
data/upb-0.0.0~git200730/upb/pb/textprinter.c:83:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dst, (use_hex ? "\\x%02x" : "\\%03o"), (uint8_t)*buf);
data/upb-0.0.0~git200730/upb/pb/textprinter.c:115:13: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
written = vsprintf(str, fmt, args);
data/upb-0.0.0~git200730/upbc/generator.cc:270:20: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
return absl::StrCat(field->default_value_int32());
data/upb-0.0.0~git200730/upbc/generator.cc:272:20: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
return absl::StrCat(field->default_value_int64());
data/upb-0.0.0~git200730/upbc/generator.cc:274:20: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
return absl::StrCat(field->default_value_uint32());
data/upb-0.0.0~git200730/upbc/generator.cc:276:20: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
return absl::StrCat(field->default_value_uint64());
data/upb-0.0.0~git200730/upbc/generator.cc:278:20: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
return absl::StrCat(field->default_value_float());
data/upb-0.0.0~git200730/upbc/generator.cc:280:20: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
return absl::StrCat(field->default_value_double());
data/upb-0.0.0~git200730/upbc/generator.cc:286:20: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
return absl::StrCat(field->default_value_enum()->number());
data/upb-0.0.0~git200730/upbc/generator.cc:773:28: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
presence = absl::StrCat(index);
data/upb-0.0.0~git200730/upbc/generator.cc:792:25: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
label = absl::StrCat(field->label());
data/upb-0.0.0~git200730/tests/test_table.cc:487:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
uint16_t rand_i = (random() / (double)RAND_MAX) * i;
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sink->ptr + sink->len, ptr, len);
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:497:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[3];
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:548:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2];
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:648:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->accumulate_buf, p->accumulated, p->accumulated_len);
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:653:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->accumulate_buf + p->accumulated_len, buf, len);
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:849:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8[3]; /* support \u0000 -- \uFFFF -- need only three bytes. */
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:1465:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seconds_buf[14];
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:1466:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nanos_buf[12];
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:1491:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seconds_buf, buf, fraction_start);
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:1515:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nanos_buf + 1, buf + fraction_start, len - fraction_start);
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:1561:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(buf);
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:1651:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nanos_buf[12];
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:1673:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nanos_buf + 1, buf, len);
data/upb-0.0.0~git200730/tests/benchmark.cc:10:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65535];
data/upb-0.0.0~git200730/tests/conformance_upb.c:123:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(err, inerr, strlen(inerr));
data/upb-0.0.0~git200730/tests/conformance_upb.c:145:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(err, inerr, strlen(inerr));
data/upb-0.0.0~git200730/tests/conformance_upb.c:221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/upb-0.0.0~git200730/tests/pb/test_decoder.cc:191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[UPB_PB_VARINT_MAX_LEN];
data/upb-0.0.0~git200730/tests/pb/test_varint.c:11:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/upb-0.0.0~git200730/tests/pb/test_varint.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[16];
data/upb-0.0.0~git200730/tests/pb/test_varint.c:24:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf2, &encoded, 8);
data/upb-0.0.0~git200730/tests/pb/test_varint.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char swap[8];
data/upb-0.0.0~git200730/tests/pb/test_varint.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[UPB_PB_VARINT_MAX_LEN]; \
data/upb-0.0.0~git200730/tests/pb/test_varint.c:69:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, bytes, n); \
data/upb-0.0.0~git200730/tests/pb/test_varint.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char twelvebyte[16] = {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 1, 1};
data/upb-0.0.0~git200730/tests/test_util.h:120:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf2, buf_ + ofs_, bytes);
data/upb-0.0.0~git200730/tests/test_util.h:210:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/upb-0.0.0~git200730/upb/bindings/lua/msg.c:263:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, ptr, len);
data/upb-0.0.0~git200730/upb/bindings/lua/msg.c:840:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/upb-0.0.0~git200730/upb/bindings/lua/msg.c:898:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, pb, len);
data/upb-0.0.0~git200730/upb/decode.c:336:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, &val, 1 << op);
data/upb-0.0.0~git200730/upb/decode.c:346:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, &val, sizeof(upb_strview));
data/upb-0.0.0~git200730/upb/decode.c:373:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, val.str_val.data, val.str_val.size);
data/upb-0.0.0~git200730/upb/decode.c:393:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &elem, scale);
data/upb-0.0.0~git200730/upb/decode.c:479:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, &val, sizeof(upb_strview));
data/upb-0.0.0~git200730/upb/decode.c:482:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, &val, 8);
data/upb-0.0.0~git200730/upb/decode.c:485:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, &val, 4);
data/upb-0.0.0~git200730/upb/decode.c:488:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, &val, 1);
data/upb-0.0.0~git200730/upb/decode.c:522:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, ptr, 4);
data/upb-0.0.0~git200730/upb/decode.c:529:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, ptr, 8);
data/upb-0.0.0~git200730/upb/def.c:14:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1]; /* Null-terminated string data follows. */
data/upb-0.0.0~git200730/upb/def.c:21:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (len) memcpy(ret->str, data, len);
data/upb-0.0.0~git200730/upb/def.c:1149:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret[n + 1], name.data, name.size);
data/upb-0.0.0~git200730/upb/def.c:1287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nullz[64];
data/upb-0.0.0~git200730/upb/def.c:1301:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nullz, str, len);
data/upb-0.0.0~git200730/upb/encode.c:75:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->ptr, data, len);
data/upb-0.0.0~git200730/upb/encode.c:103:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u64, &d, sizeof(uint64_t));
data/upb-0.0.0~git200730/upb/encode.c:110:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&u32, &d, sizeof(uint32_t));
data/upb-0.0.0~git200730/upb/json/printer.c:139:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escape_buf[8];
data/upb-0.0.0~git200730/upb/json/printer.c:250:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[64]; \
data/upb-0.0.0~git200730/upb/json/printer.c:275:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[64]; \
data/upb-0.0.0~git200730/upb/json/printer.c:457:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[16000];
data/upb-0.0.0~git200730/upb/json/printer.c:852:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[UPB_DURATION_MAX_JSON_LEN];
data/upb-0.0.0~git200730/upb/json/printer.c:877:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nanos_buffer[UPB_DURATION_MAX_NANO_LEN + 3];
data/upb-0.0.0~git200730/upb/json/printer.c:922:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[UPB_TIMESTAMP_MAX_JSON_LEN];
data/upb-0.0.0~git200730/upb/json/printer.c:951:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nanos_buffer[UPB_TIMESTAMP_MAX_NANO_LEN + 3];
data/upb-0.0.0~git200730/upb/json_decode.c:481:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const signed char table[256] = {
data/upb-0.0.0~git200730/upb/json_decode.c:1333:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, pre_type_data, len - 1);
data/upb-0.0.0~git200730/upb/json_encode.c:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->ptr, data, len);
data/upb-0.0.0~git200730/upb/json_encode.c:63:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (have) memcpy(e->ptr, data, have);
data/upb-0.0.0~git200730/upb/json_encode.c:185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/upb-0.0.0~git200730/upb/msg.c:10:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char _upb_fieldtype_to_sizelg2[12] = {
data/upb-0.0.0~git200730/upb/msg.c:78:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(in->unknown + in->unknown_len, data, len);
data/upb-0.0.0~git200730/upb/msg.c:159:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + (elem << lg2), value, 1 << lg2);
data/upb-0.0.0~git200730/upb/msg.h:79:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char _upb_fieldtype_to_size[12];
data/upb-0.0.0~git200730/upb/msg.h:260:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(PTR_AT(ptr, arr->len * elem_size, char), value, elem_size);
data/upb-0.0.0~git200730/upb/msg.h:315:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &key, sizeof(key));
data/upb-0.0.0~git200730/upb/msg.h:317:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, key.data, size);
data/upb-0.0.0~git200730/upb/msg.h:327:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret, &strp, sizeof(strp));
data/upb-0.0.0~git200730/upb/msg.h:329:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret, val, size);
data/upb-0.0.0~git200730/upb/msg.h:337:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, strp, sizeof(upb_strview));
data/upb-0.0.0~git200730/upb/msg.h:339:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, &val, size);
data/upb-0.0.0~git200730/upb/msg.h:459:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(strp, val, sizeof(*strp));
data/upb-0.0.0~git200730/upb/msg.h:461:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ent->val.val, val, size);
data/upb-0.0.0~git200730/upb/pb/compile_decoder.c:350:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dispatch, p, sizeof(void*));
data/upb-0.0.0~git200730/upb/pb/compile_decoder.c:849:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("/tmp/upb-bytecode", "w");
data/upb-0.0.0~git200730/upb/pb/compile_decoder.c:855:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("/tmp/upb-bytecode.bin", "wb");
data/upb-0.0.0~git200730/upb/pb/decoder.c:306:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->residual_end, d->buf_param, d->size_param);
data/upb-0.0.0~git200730/upb/pb/decoder.c:316:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->residual, d->ptr, save);
data/upb-0.0.0~git200730/upb/pb/decoder.c:330:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, d->ptr, bytes);
data/upb-0.0.0~git200730/upb/pb/decoder.c:374:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, d->ptr, ret);
data/upb-0.0.0~git200730/upb/pb/decoder.c:377:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)buf + ret, d->buf_param, copy);
data/upb-0.0.0~git200730/upb/pb/decoder.c:386:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, d->ptr, bytes);
data/upb-0.0.0~git200730/upb/pb/decoder.c:480:49: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static double as_double(uint64_t n) { double d; memcpy(&d, &n, 8); return d; }
data/upb-0.0.0~git200730/upb/pb/decoder.c:481:49: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static float as_float(uint32_t n) { float f; memcpy(&f, &n, 4); return f; }
data/upb-0.0.0~git200730/upb/pb/decoder.c:733:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d->top->dispatch, d->pc, sizeof(void*));
data/upb-0.0.0~git200730/upb/pb/decoder.c:852:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&actual, d->ptr, 2);
data/upb-0.0.0~git200730/upb/pb/decoder.c:867:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&expected, d->pc, 8);
data/upb-0.0.0~git200730/upb/pb/decoder.int.h:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char residual[UPB_DECODER_MAX_RESIDUAL_BYTES];
data/upb-0.0.0~git200730/upb/pb/encoder.c:198:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->ptr, data, len);
data/upb-0.0.0~git200730/upb/pb/encoder.c:268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[UPB_PB_VARINT_MAX_LEN];
data/upb-0.0.0~git200730/upb/pb/encoder.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[7];
data/upb-0.0.0~git200730/upb/pb/encoder.c:340:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret, &d, sizeof(uint64_t));
data/upb-0.0.0~git200730/upb/pb/encoder.c:346:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret, &d, sizeof(uint32_t));
data/upb-0.0.0~git200730/upb/pb/textprinter.c:53:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstbuf[4096], *dst = dstbuf, *dstend = dstbuf + sizeof(dstbuf);
data/upb-0.0.0~git200730/upb/pb/varint.int.h:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[UPB_PB_VARINT_MAX_LEN];
data/upb-0.0.0~git200730/upb/pb/varint.int.h:148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[UPB_PB_VARINT_MAX_LEN];
data/upb-0.0.0~git200730/upb/pb/varint.int.h:152:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret, buf, bytes);
data/upb-0.0.0~git200730/upb/reflection.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _upb_fieldtype_to_mapsize[12] = {
data/upb-0.0.0~git200730/upb/reflection.c:65:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, mem, get_field_size(field));
data/upb-0.0.0~git200730/upb/reflection.c:149:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret, mem, sizeof(void*));
data/upb-0.0.0~git200730/upb/reflection.c:164:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, &ret, sizeof(void*));
data/upb-0.0.0~git200730/upb/reflection.c:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, &val, get_field_size(field));
data/upb-0.0.0~git200730/upb/reflection.c:311:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret, data + (i << lg2), 1 << lg2);
data/upb-0.0.0~git200730/upb/reflection.c:319:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + (i << lg2), &val, 1 << lg2);
data/upb-0.0.0~git200730/upb/table.c:51:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, s, len);
data/upb-0.0.0~git200730/upb/table.c:265:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, &len, sizeof(uint32_t));
data/upb-0.0.0~git200730/upb/table.c:266:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (k2.str.len) memcpy(str + sizeof(uint32_t), k2.str.str, k2.str.len);
data/upb-0.0.0~git200730/upb/table.int.h:111:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val->val, &cval, sizeof(cval));
data/upb-0.0.0~git200730/upb/table.int.h:115:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val->val, &cval, sizeof(cval));
data/upb-0.0.0~git200730/upb/table.int.h:146:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (len) memcpy(len, mem, sizeof(*len));
data/upb-0.0.0~git200730/upb/text_encode.c:27:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->ptr, data, len);
data/upb-0.0.0~git200730/upb/text_encode.c:30:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (have) memcpy(e->ptr, data, have);
data/upb-0.0.0~git200730/upb/text_encode.c:283:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, ptr, 4);
data/upb-0.0.0~git200730/upb/text_encode.c:291:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&val, ptr, 8);
data/upb-0.0.0~git200730/upb/upb.h:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[UPB_STATUS_MAX_MESSAGE]; /* Error message; NULL-terminated. */
data/upb-0.0.0~git200730/upb/upb.h:183:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, ptr, oldsize);
data/upb-0.0.0~git200730/upb/upb.hpp:83:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char initial_block_[N];
data/upb-0.0.0~git200730/upbc/generator.cc:58:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr_, data.data(), to_write);
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:950:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(buf);
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:1027:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len == strlen("Infinity") && strcmp(buf, "Infinity") == 0) {
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:1030:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (len == strlen("-Infinity") && strcmp(buf, "-Infinity") == 0) {
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:2465:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
capture_end(p, membername + strlen(membername));
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:2482:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
capture_end(p, membername + strlen(membername));
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:2499:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
capture_end(p, membername + strlen(membername));
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:3322:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
upb_strtable_insert3(&m->name_table, name, strlen(name), v, alloc);
data/upb-0.0.0~git200730/generated_for_cmake/upb/json/parser.c:3329:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
upb_strtable_insert3(&m->name_table, name, strlen(name), v, alloc);
data/upb-0.0.0~git200730/tests/conformance_upb.c:30:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t bytes_read = read(fd, (char*)buf + ofs, len);
data/upb-0.0.0~git200730/tests/conformance_upb.c:68:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->response, upb_strview_make(msg, strlen(msg)));
data/upb-0.0.0~git200730/tests/conformance_upb.c:82:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->response, upb_strview_make(msg, strlen(msg)));
data/upb-0.0.0~git200730/tests/conformance_upb.c:121:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(inerr);
data/upb-0.0.0~git200730/tests/conformance_upb.c:123:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(err, inerr, strlen(inerr));
data/upb-0.0.0~git200730/tests/conformance_upb.c:143:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(inerr);
data/upb-0.0.0~git200730/tests/conformance_upb.c:145:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(err, inerr, strlen(inerr));
data/upb-0.0.0~git200730/tests/conformance_upb.c:171:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->response, upb_strview_make(msg, strlen(msg)));
data/upb-0.0.0~git200730/tests/conformance_upb.c:194:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->response, upb_strview_make(msg, strlen(msg)));
data/upb-0.0.0~git200730/tests/conformance_upb.c:208:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c->response, upb_strview_make(msg, strlen(msg)));
data/upb-0.0.0~git200730/tests/json/test_json.cc:202:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
env.Reset(json_src, strlen(json_src), false, false);
data/upb-0.0.0~git200730/tests/json/test_json.cc:244:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i = 0; i < strlen(test_case->input); i++) {
data/upb-0.0.0~git200730/tests/json/test_json.cc:259:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i = 0; i < strlen(test_case->input); i++) {
data/upb-0.0.0~git200730/tests/json/test_json.cc:276:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i = 0; i < strlen(test_case->input); i++) {
data/upb-0.0.0~git200730/tests/json/test_json.cc:295:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
env.Reset(json_src, strlen(json_src), false, true);
data/upb-0.0.0~git200730/tests/json/test_json.cc:321:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i = 0; i < strlen(test_case->input); i++) {
data/upb-0.0.0~git200730/tests/test_generated_code.c:379:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(status.msg) == end);
data/upb-0.0.0~git200730/tests/test_generated_code.c:380:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(status2.msg) == end);
data/upb-0.0.0~git200730/upb/def.c:1133:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return n == strlen(b) && memcmp(a, b, n) == 0;
data/upb-0.0.0~git200730/upb/def.c:1144:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(prefix);
data/upb-0.0.0~git200730/upb/def.c:1211:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CHK_OOM(upb_strtable_insert3(ctx->addtab, name, strlen(name), v, ctx->tmp));
data/upb-0.0.0~git200730/upb/def.c:1471:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
json_size = strlen(json_name);
data/upb-0.0.0~git200730/upb/def.c:1629:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
upb_strtable_insert3(&e->ntoi, name2, strlen(name2), v, ctx->alloc));
data/upb-0.0.0~git200730/upb/def.c:1970:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CHK_OOM(upb_strtable_insert3(&s->files, file->name, strlen(file->name),
data/upb-0.0.0~git200730/upb/def.h:132:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return upb_oneofdef_ntof(o, name, strlen(name));
data/upb-0.0.0~git200730/upb/def.h:191:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return upb_msgdef_ntoo(m, name, strlen(name));
data/upb-0.0.0~git200730/upb/def.h:196:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return upb_msgdef_ntof(m, name, strlen(name));
data/upb-0.0.0~git200730/upb/def.h:212:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return upb_msgdef_lookupname(m, name, strlen(name), f, o);
data/upb-0.0.0~git200730/upb/def.h:269:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return upb_enumdef_ntoi(e, name, strlen(name), num);
data/upb-0.0.0~git200730/upb/json/printer.c:66:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret->len = strlen(ret->ptr);
data/upb-0.0.0~git200730/upb/json/printer.c:69:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret->len = strlen(ret->ptr);
data/upb-0.0.0~git200730/upb/json/printer.c:80:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret->len = strlen(str);
data/upb-0.0.0~git200730/upb/json/printer.c:156:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_data(p, escape, strlen(escape));
data/upb-0.0.0~git200730/upb/json/printer.c:182:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CHKLENGTH(length >= strlen(inf));
data/upb-0.0.0~git200730/upb/json/printer.c:184:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(inf);
data/upb-0.0.0~git200730/upb/json/printer.c:186:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CHKLENGTH(length >= strlen(neginf));
data/upb-0.0.0~git200730/upb/json/printer.c:188:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(neginf);
data/upb-0.0.0~git200730/upb/json/printer.c:318:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
putstring(p, symbolic_name, strlen(symbolic_name));
data/upb-0.0.0~git200730/upb/json/printer.c:333:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
putstring(p, symbolic_name, strlen(symbolic_name));
data/upb-0.0.0~git200730/upb/json/printer.c:874:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base_len = strlen(buffer);
data/upb-0.0.0~git200730/upb/json/printer.c:888:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curr = strlen(buffer);
data/upb-0.0.0~git200730/upb/json/printer.c:889:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buffer + curr, "s");
data/upb-0.0.0~git200730/upb/json/printer.c:895:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_data(p, buffer, strlen(buffer));
data/upb-0.0.0~git200730/upb/json/printer.c:962:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curr = strlen(buffer);
data/upb-0.0.0~git200730/upb/json/printer.c:963:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buffer + curr, "Z");
data/upb-0.0.0~git200730/upb/json/printer.c:969:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print_data(p, buffer, strlen(buffer));
data/upb-0.0.0~git200730/upb/json_decode.c:42:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return str.size == strlen(lit) && memcmp(str.data, lit, str.size) == 0;
data/upb-0.0.0~git200730/upb/json_decode.c:88:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(lit);
data/upb-0.0.0~git200730/upb/json_decode.c:964:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t after_len = after ? strlen(after) : 0;
data/upb-0.0.0~git200730/upb/json_encode.c:70:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jsonenc_putbytes(e, str, strlen(str));
data/upb-0.0.0~git200730/upb/pb/decoder.c:524:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int32_t ok = getbytes(d, &data, read);
data/upb-0.0.0~git200730/upb/pb/decoder.c:527:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (read < bytes && memcmp(&data, &expected, read) == 0) {
data/upb-0.0.0~git200730/upb/pb/decoder.c:527:55: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (read < bytes && memcmp(&data, &expected, read) == 0) {
data/upb-0.0.0~git200730/upb/table.c:37:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return upb_strdup2(s, strlen(s), a);
data/upb-0.0.0~git200730/upb/table.int.h:292:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return upb_strtable_insert2(t, key, strlen(key), val);
data/upb-0.0.0~git200730/upb/table.int.h:304:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return upb_strtable_lookup2(t, key, strlen(key), v);
data/upb-0.0.0~git200730/upb/table.int.h:321:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return upb_strtable_remove2(t, key, strlen(key), v);
data/upb-0.0.0~git200730/upb/text_encode.c:37:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txtenc_putbytes(e, str, strlen(str));
data/upb-0.0.0~git200730/upb/upb.c:29:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(status->msg, msg, UPB_STATUS_MAX_MESSAGE - 1);
data/upb-0.0.0~git200730/upb/upb.c:51:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(status->msg);
data/upb-0.0.0~git200730/upb/upb.h:55:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return upb_strview_make(data, strlen(data));
ANALYSIS SUMMARY:
Hits = 208
Lines analyzed = 31868 in approximately 0.80 seconds (39746 lines/second)
Physical Source Lines of Code (SLOC) = 23890
Hits@level = [0] 74 [1] 69 [2] 119 [3] 1 [4] 19 [5] 0
Hits@level+ = [0+] 282 [1+] 208 [2+] 139 [3+] 20 [4+] 19 [5+] 0
Hits/KSLOC@level+ = [0+] 11.8041 [1+] 8.70657 [2+] 5.81833 [3+] 0.83717 [4+] 0.795312 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.