Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/genders-1.22/src/libcommon/fd.h
Examining data/genders-1.22/src/libcommon/hash.h
Examining data/genders-1.22/src/libcommon/hostlist.h
Examining data/genders-1.22/src/libcommon/list.h
Examining data/genders-1.22/src/libcommon/thread.h
Examining data/genders-1.22/src/libcommon/fd.c
Examining data/genders-1.22/src/libcommon/hash.c
Examining data/genders-1.22/src/libcommon/hostlist.c
Examining data/genders-1.22/src/libcommon/list.c
Examining data/genders-1.22/src/libcommon/thread.c
Examining data/genders-1.22/src/libgenders/genders.h
Examining data/genders-1.22/src/libgenders/genders_api.h
Examining data/genders-1.22/src/libgenders/genders_constants.h
Examining data/genders-1.22/src/libgenders/genders_parsing.h
Examining data/genders-1.22/src/libgenders/genders_util.h
Examining data/genders-1.22/src/libgenders/genders.c
Examining data/genders-1.22/src/libgenders/genders_parsing.c
Examining data/genders-1.22/src/libgenders/genders_query_parse.c
Examining data/genders-1.22/src/libgenders/genders_query.tab.c
Examining data/genders-1.22/src/libgenders/genders_util.c
Examining data/genders-1.22/src/nodeattr/nodeattr.c
Examining data/genders-1.22/src/extensions/cplusplus/gendersplusplus.hpp
Examining data/genders-1.22/src/extensions/cplusplus/gendersplusplus.cpp
Examining data/genders-1.22/src/extensions/java/src/Gendersjni.h
Examining data/genders-1.22/src/extensions/java/src/Gendersjni.c
Examining data/genders-1.22/src/extensions/python/libgendersmodule.c
Examining data/genders-1.22/src/testsuite/libgenders/genders_test_corner_case.h
Examining data/genders-1.22/src/testsuite/libgenders/genders_test_database.h
Examining data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.h
Examining data/genders-1.22/src/testsuite/libgenders/genders_test_query_tests.h
Examining data/genders-1.22/src/testsuite/libgenders/genders_testlib.h
Examining data/genders-1.22/src/testsuite/libgenders/genders_test.c
Examining data/genders-1.22/src/testsuite/libgenders/genders_test_corner_case.c
Examining data/genders-1.22/src/testsuite/libgenders/genders_test_corner_case_tests.c
Examining data/genders-1.22/src/testsuite/libgenders/genders_test_database.c
Examining data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c
Examining data/genders-1.22/src/testsuite/libgenders/genders_test_query_tests.c
Examining data/genders-1.22/src/testsuite/libgenders/genders_testlib.c
Examining data/genders-1.22/contrib/php/genders.c
Examining data/genders-1.22/contrib/php/php_genders.h
FINAL RESULTS:
data/genders-1.22/src/extensions/python/libgendersmodule.c:245:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(stringbuf, itemlist[i]);
data/genders-1.22/src/libcommon/hostlist.c:343:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(buf, 1024, msg, ap);
data/genders-1.22/src/libcommon/hostlist.c:2300:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, i->hr->prefix);
data/genders-1.22/src/libcommon/hostlist.c:2301:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, suffix);
data/genders-1.22/src/libgenders/genders.c:615:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(node, handle->nodename);
data/genders-1.22/src/libgenders/genders.c:874:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(val, valptr);
data/genders-1.22/src/libgenders/genders_query.tab.c:1287:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/genders-1.22/src/libgenders/genders_util.c:159:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(list[index], str);
data/genders-1.22/src/nodeattr/nodeattr.c:482:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(myvallist[val_count], val);
data/genders-1.22/src/nodeattr/nodeattr.c:1354:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(node, nodes[0]);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:387:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expected_string_buf, expected_string);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:428:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expected_string_buf, msg);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:430:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(expected_string_buf, expected_string);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2305:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "\"%s\"", genders_query_parse_error_tests[i]);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2354:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(querybuf, databases[i]->data->attrval_nodes[j].attr);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2359:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(querybuf, databases[i]->data->attrval_nodes[j].val);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2412:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(querybuf, databases[i]->data->attr_with_val);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2414:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(querybuf, GENDERS_DATABASE_INVALID_VAL);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2422:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "%s: \"%s\"",
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2476:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "%s: \"%s\"",
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2536:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "\"%s\"", genders_query_parse_error_tests[i]);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2579:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(querybuf, databases[i]->data->attrval_nodes[j].attr);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2584:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(querybuf, databases[i]->data->attrval_nodes[j].val);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2594:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "%s: \"%s\"",
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2617:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "%s: \"%s\"",
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2636:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(querybuf2, databases[i]->data->attr_with_val);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2638:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(querybuf2, GENDERS_DATABASE_INVALID_VAL);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2645:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "%s: \"%s\"",
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2699:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msgbuf, "%s: \"%s\"",
data/genders-1.22/src/testsuite/libgenders/genders_testlib.c:56:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, buffer, ap);
data/genders-1.22/src/nodeattr/nodeattr.c:51:32: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define GETOPT(ac,av,opt,lopt) getopt_long(ac,av,opt,lopt,NULL)
data/genders-1.22/src/nodeattr/nodeattr.c:53:32: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
#define GETOPT(ac,av,opt,lopt) getopt(ac,av,opt)
data/genders-1.22/src/testsuite/libgenders/genders_test.c:68:15: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "hvacf")) != -1)
data/genders-1.22/src/libcommon/hostlist.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/genders-1.22/src/libcommon/hostlist.c:523:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hn->prefix, hostname, idx + 1);
data/genders-1.22/src/libcommon/hostlist.c:1221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[256] = "";
data/genders-1.22/src/libcommon/hostlist.c:1266:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prefix, tok, (size_t) pos * sizeof(char));
data/genders-1.22/src/libcommon/hostlist.c:1445:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[4096];
data/genders-1.22/src/libcommon/hostlist.c:1470:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_tok[1024];
data/genders-1.22/src/libcommon/hostlist.c:1697:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXHOSTRANGELEN + 1];
data/genders-1.22/src/libcommon/hostlist.c:1730:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/genders-1.22/src/libcommon/hostlist.c:1801:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXHOSTNAMELEN + 16];
data/genders-1.22/src/libcommon/hostlist.c:2278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[16];
data/genders-1.22/src/libcommon/hostlist.c:2309:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXHOSTRANGELEN + 1];
data/genders-1.22/src/libcommon/hostlist.c:2580:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/genders-1.22/src/libcommon/hostlist.c:2621:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024000];
data/genders-1.22/src/libgenders/genders.c:1596:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(handlecopy->nodename, handle->nodename, GENDERS_MAXHOSTNAMELEN+1);
data/genders-1.22/src/libgenders/genders_api.h:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nodename[GENDERS_MAXHOSTNAMELEN+1]; /* local hostname */
data/genders-1.22/src/libgenders/genders_parsing.c:677:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[GENDERS_BUFLEN];
data/genders-1.22/src/libgenders/genders_parsing.c:682:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(filename, O_RDONLY)) < 0)
data/genders-1.22/src/libgenders/genders_query.tab.c:307:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(yyout = fopen(_PATH_DEVNULL, "r+")))
data/genders-1.22/src/libgenders/genders_query.tab.c:392:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[GENDERS_BUFLEN];
data/genders-1.22/src/libgenders/genders_query.tab.c:1587:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/genders-1.22/src/libgenders/genders_query.tab.c:1604:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/genders-1.22/src/libgenders/genders_query.tab.c:1794:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/genders-1.22/src/nodeattr/nodeattr.c:992:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostrange[HOSTLIST_BUFLEN + 1];
data/genders-1.22/src/testsuite/libgenders/genders_test_corner_case.c:357:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dev_null = open(_PATH_DEVNULL, O_APPEND)) < 0)
data/genders-1.22/src/testsuite/libgenders/genders_test_corner_case.c:568:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXHOSTNAMELEN+1];
data/genders-1.22/src/testsuite/libgenders/genders_test_corner_case.c:1034:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAXHOSTNAMELEN+1];
data/genders-1.22/src/testsuite/libgenders/genders_test_corner_case.c:1654:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dev_null = open(_PATH_DEVNULL, O_APPEND)) < 0)
data/genders-1.22/src/testsuite/libgenders/genders_test_database.h:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *nodes[GENDERS_DATABASE_MAXNODES];
data/genders-1.22/src/testsuite/libgenders/genders_test_database.h:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *attrs[GENDERS_DATABASE_MAXATTRS];
data/genders-1.22/src/testsuite/libgenders/genders_test_database.h:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *vals[GENDERS_DATABASE_MAXVALS];
data/genders-1.22/src/testsuite/libgenders/genders_test_database.h:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *attrs[GENDERS_DATABASE_MAXATTRS];
data/genders-1.22/src/testsuite/libgenders/genders_test_database.h:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *vals_string[GENDERS_DATABASE_MAXVALS];
data/genders-1.22/src/testsuite/libgenders/genders_test_database.h:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *vals_input[GENDERS_DATABASE_MAXVALS];
data/genders-1.22/src/testsuite/libgenders/genders_test_database.h:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *nodes[GENDERS_DATABASE_MAXNODES];
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:364:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected_string_buf[GENDERS_ERR_BUFLEN];
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:365:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string_buf[GENDERS_ERR_BUFLEN];
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:405:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expected_string_buf[GENDERS_ERR_BUFLEN];
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:406:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string_buf[GENDERS_ERR_BUFLEN];
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:429:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(expected_string_buf, ": ");
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:851:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAXHOSTNAMELEN+1];
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:1376:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nodenamebuf[MAXHOSTNAMELEN+1];
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:1389:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testbuf[MAXHOSTNAMELEN+1];
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[GENDERS_ERR_BUFLEN];
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2346:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char querybuf[GENDERS_QUERY_BUFLEN];
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2409:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char querybuf[GENDERS_QUERY_BUFLEN];
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2513:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[GENDERS_ERR_BUFLEN];
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2571:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char querybuf[GENDERS_QUERY_BUFLEN];
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2633:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char querybuf2[GENDERS_QUERY_BUFLEN];
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2739:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dev_null = open(_PATH_DEVNULL, O_APPEND)) < 0)
data/genders-1.22/src/testsuite/libgenders/genders_test_query_tests.h:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *nodes[GENDERS_QUERY_MAXNODES];
data/genders-1.22/src/testsuite/libgenders/genders_testlib.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[GENDERS_ERR_BUFLEN];
data/genders-1.22/src/extensions/python/libgendersmodule.c:247:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(stringbuf, ",");
data/genders-1.22/src/extensions/python/libgendersmodule.c:467:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret && strlen(valbuf)) {
data/genders-1.22/src/libcommon/fd.c:65:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((nread = read (fd, p, nleft)) < 0) {
data/genders-1.22/src/libcommon/fd.c:114:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rc = read (fd, &c, 1)) == 1) {
data/genders-1.22/src/libcommon/hostlist.c:475:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int idx = strlen(hostname) - 1;
data/genders-1.22/src/libcommon/hostlist.c:507:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (idx == strlen(hostname) - 1) {
data/genders-1.22/src/libcommon/hostlist.c:562:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (int) strlen(hn->suffix);
data/genders-1.22/src/libcommon/hostlist.c:798:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(hr->prefix) + hr->width + 16;
data/genders-1.22/src/libcommon/hostlist.c:821:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(hr->prefix) + hr->width + 16;
data/genders-1.22/src/libcommon/hostlist.c:1231:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (str == NULL || strlen(str) == 0)
data/genders-1.22/src/libcommon/hostlist.c:1247:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen(tok) - 1;
data/genders-1.22/src/libcommon/hostlist.c:1259:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen(tok) - 1;
data/genders-1.22/src/libcommon/hostlist.c:1296:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pos != strlen(prefix) ||
data/genders-1.22/src/libcommon/hostlist.c:1393:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
range->width = strlen(str);
data/genders-1.22/src/libcommon/hostlist.c:1481:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cur_tok, tok, 1024);
data/genders-1.22/src/libcommon/hostlist.c:2295:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (i->hr->prefix) + strlen (suffix) + 1;
data/genders-1.22/src/libcommon/hostlist.c:2295:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (i->hr->prefix) + strlen (suffix) + 1;
data/genders-1.22/src/libgenders/genders.c:226:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
handle->maxnodelen = GENDERS_MAX(strlen(handle->nodename), handle->maxnodelen);
data/genders-1.22/src/libgenders/genders.c:609:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(handle->nodename) + 1) > len)
data/genders-1.22/src/libgenders/genders.c:637:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (attr && !strlen(attr))
data/genders-1.22/src/libgenders/genders.c:640:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (val && !strlen(val))
data/genders-1.22/src/libgenders/genders.c:737:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!node || !strlen(node))
data/genders-1.22/src/libgenders/genders.c:835:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| !strlen(attr)
data/genders-1.22/src/libgenders/genders.c:842:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!node || !strlen(node))
data/genders-1.22/src/libgenders/genders.c:869:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(valptr) + 1) > len)
data/genders-1.22/src/libgenders/genders.c:897:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!attr || !strlen(attr))
data/genders-1.22/src/libgenders/genders.c:903:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!node || !strlen(node))
data/genders-1.22/src/libgenders/genders.c:906:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (val && !strlen(val))
data/genders-1.22/src/libgenders/genders.c:936:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!node || !strlen(node))
data/genders-1.22/src/libgenders/genders.c:959:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!attr || !strlen(attr))
data/genders-1.22/src/libgenders/genders.c:989:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| !strlen(attr)
data/genders-1.22/src/libgenders/genders.c:991:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| !strlen(val))
data/genders-1.22/src/libgenders/genders.c:1055:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!attr || !strlen(attr))
data/genders-1.22/src/libgenders/genders_parsing.c:417:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = line + strlen(line);
data/genders-1.22/src/libgenders/genders_parsing.c:496:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(attr))
data/genders-1.22/src/libgenders/genders_parsing.c:507:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (val && !strlen(val))
data/genders-1.22/src/libgenders/genders_parsing.c:538:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*maxattrlen) = GENDERS_MAX(strlen(attr), (*maxattrlen));
data/genders-1.22/src/libgenders/genders_parsing.c:543:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_n_subst_vallen = strlen(val);
data/genders-1.22/src/libgenders/genders_parsing.c:545:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*maxvallen) = GENDERS_MAX(strlen(val), (*maxvallen));
data/genders-1.22/src/libgenders/genders_parsing.c:586:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(node) > GENDERS_MAXHOSTNAMELEN)
data/genders-1.22/src/libgenders/genders_parsing.c:621:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*maxnodelen) = GENDERS_MAX(strlen(node), (*maxnodelen));
data/genders-1.22/src/libgenders/genders_parsing.c:622:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_maxnodelen = GENDERS_MAX(strlen(node), line_maxnodelen);
data/genders-1.22/src/libgenders/genders_parsing.c:679:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!filename || !strlen(filename))
data/genders-1.22/src/libgenders/genders_query.tab.c:289:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fds[1], query, strlen(query)) < 0)
data/genders-1.22/src/libgenders/genders_query.tab.c:647:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!query || !strlen(query))
data/genders-1.22/src/libgenders/genders_query.tab.c:694:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!query || !strlen(query))
data/genders-1.22/src/libgenders/genders_query.tab.c:700:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!node || !strlen(node))
data/genders-1.22/src/libgenders/genders_query.tab.c:1468:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/genders-1.22/src/libgenders/genders_query_parse.c:604:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/genders-1.22/src/libgenders/genders_query_parse.c:1568:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes(yystr,strlen(yystr) );
data/genders-1.22/src/libgenders/genders_util.c:195:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(av->val) - 2 + strlen(n->name)) >
data/genders-1.22/src/libgenders/genders_util.c:195:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(av->val) - 2 + strlen(n->name)) >
data/genders-1.22/src/nodeattr/nodeattr.c:387:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 0)
data/genders-1.22/src/nodeattr/nodeattr.c:410:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val) > 0)
data/genders-1.22/src/nodeattr/nodeattr.c:467:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ret && strlen(val)) {
data/genders-1.22/src/nodeattr/nodeattr.c:517:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (node && strlen(vals[i]) > 0)
data/genders-1.22/src/nodeattr/nodeattr.c:696:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(vals[j])) {
data/genders-1.22/src/nodeattr/nodeattr.c:698:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dvalbuf)) {
data/genders-1.22/src/nodeattr/nodeattr.c:713:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dvalbuf)) {
data/genders-1.22/src/nodeattr/nodeattr.c:753:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dvals[j])) {
data/genders-1.22/src/nodeattr/nodeattr.c:840:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int tmp = strlen(nodes[i]);
data/genders-1.22/src/nodeattr/nodeattr.c:870:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int numspace = maxnodenamelen - strlen(node);
data/genders-1.22/src/nodeattr/nodeattr.c:880:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(vals[j]))
data/genders-1.22/src/nodeattr/nodeattr.c:940:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attrlen = strlen(attr);
data/genders-1.22/src/nodeattr/nodeattr.c:941:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vallen = strlen(val);
data/genders-1.22/src/nodeattr/nodeattr.c:1046:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(al->hostrange);
data/genders-1.22/src/nodeattr/nodeattr.c:1059:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(al1->hostrange) < strlen(al2->hostrange))
data/genders-1.22/src/nodeattr/nodeattr.c:1059:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(al1->hostrange) < strlen(al2->hostrange))
data/genders-1.22/src/nodeattr/nodeattr.c:1061:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(al1->hostrange) > strlen(al2->hostrange))
data/genders-1.22/src/nodeattr/nodeattr.c:1061:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(al1->hostrange) > strlen(al2->hostrange))
data/genders-1.22/src/nodeattr/nodeattr.c:1079:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numspace = maxhostrangelen - strlen(al->hostrange);
data/genders-1.22/src/testsuite/libgenders/genders_test_corner_case.c:580:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) > tests[3].expected_return_value)
data/genders-1.22/src/testsuite/libgenders/genders_test_corner_case.c:581:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tests[3].expected_return_value = strlen(buffer);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:382:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((len = read(fds[0], string_buf, GENDERS_ERR_BUFLEN)) < 0)
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:388:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(expected_string_buf, "\n");
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:423:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((len = read(fds[0], string_buf, GENDERS_ERR_BUFLEN)) < 0)
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:431:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(expected_string_buf, "\n");
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:863:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hostnamelen = strlen(buffer);
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2351:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(databases[i]->data->attrval_nodes[j].attr))
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2356:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(databases[i]->data->attrval_nodes[j].val))
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2358:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(querybuf, "=");
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2413:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(querybuf, "=");
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2576:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(databases[i]->data->attrval_nodes[j].attr))
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2581:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(databases[i]->data->attrval_nodes[j].val))
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2583:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(querybuf, "=");
data/genders-1.22/src/testsuite/libgenders/genders_test_functionality.c:2637:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(querybuf2, "=");
ANALYSIS SUMMARY:
Hits = 170
Lines analyzed = 30886 in approximately 0.80 seconds (38756 lines/second)
Physical Source Lines of Code (SLOC) = 22877
Hits@level = [0] 147 [1] 86 [2] 51 [3] 3 [4] 30 [5] 0
Hits@level+ = [0+] 317 [1+] 170 [2+] 84 [3+] 33 [4+] 30 [5+] 0
Hits/KSLOC@level+ = [0+] 13.8567 [1+] 7.43104 [2+] 3.67181 [3+] 1.4425 [4+] 1.31136 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.