Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/midl.h
Examining data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/lmdb.h
Examining data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/midl.c
Examining data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c
Examining data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/lmdbgo.c
Examining data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/lmdbgo.h
FINAL RESULTS:
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4785:4: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
SetSecurityDescriptorDacl(&mdb_null_sd, TRUE, 0, FALSE);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4785:4: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
SetSecurityDescriptorDacl(&mdb_null_sd, TRUE, 0, FALSE);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4102:23: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
# define mdb_name_cpy wcscpy
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4107:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
# define mdb_name_cpy strcpy /**< Copy name (#mdb_nchar_t string) */
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4146:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname->mn_val, path);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4798:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(env->me_txns->mti_rmname, "Global\\MDBr%s", encbuf);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4799:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(env->me_txns->mti_wmname, "Global\\MDBw%s", encbuf);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4825:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(env->me_txns->mti_rmname, "/MDBr%s", encbuf);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4826:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(env->me_txns->mti_wmname, "/MDBw%s", encbuf);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:10035:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, txnid == (txnid_t)-1 ?
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:579:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define DKBUF char kbuf[DKBUF_MAXKEYSIZE*2+1]
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:700:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[(sizeof(MDB_rxbody)+CACHELINE-1) & ~(CACHELINE-1)];
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:725:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtb_rmname[MNAME_LEN];
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:754:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[(sizeof(MDB_txbody)+CACHELINE-1) & ~(CACHELINE-1)];
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:758:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mt2_wmname[MNAME_LEN];
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:764:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[(MNAME_LEN+CACHELINE-1) & ~(CACHELINE-1)];
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:912:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mn_data[1]; /**< key and data are appended here */
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:1054:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mm_pad[PAGEHDRSZ];
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:1476:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MSGSIZE+PADSIZE], *ptr = buf;
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:1530:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[400];
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:1531:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.100s:%d: Assertion '%.200s' failed in %.40s()",
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:1575:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf(ptr, "%02x", *c++);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:1577:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.*s", key->mv_size, key->mv_data);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:1585:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *const tp[2][2] = {{"", ": DB"}, {": sub-page", ": sub-DB"}};
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:2328:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, (lower + PAGEBASE + (Align-1)) & -Align);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:2329:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((pgno_t *)((char *)dst+upper), (pgno_t *)((char *)src+upper),
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:2332:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, psize - unused);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:2372:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np, mp, num * env->me_psize);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:2766:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(txn->mt_dbiseqs, env->me_dbiseqs, env->me_maxdbs * sizeof(unsigned int));
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:2770:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(txn->mt_dbs, meta->mm_dbs, CORE_DBS * sizeof(MDB_db));
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:2879:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(txn->mt_dbs, parent->mt_dbs, txn->mt_numdbs * sizeof(MDB_db));
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:2890:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(env->me_pghead, ntxn->mnt_pgstate.mf_pghead, size);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:3146:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.mv_data, free_pgs, data.mv_size);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:3460:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parent->mt_dbs, txn->mt_dbs, txn->mt_numdbs * sizeof(MDB_db));
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4247:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fname->mn_val, which & MDB_O_MASK, mode);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4322:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+7);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4326:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+7);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4331:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+2);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4335:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+4);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4339:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+4);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4780:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encbuf[11];
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4811:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encbuf[11];
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:5579:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&flags, ((char *) data.mv_data + offsetof(MDB_db, md_flags)),
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:5586:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mc->mc_db, data.mv_data, sizeof(MDB_db));
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:6633:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, key->mv_data, ksize);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:6694:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
dkey.mv_data = memcpy(fp+1, olddata.mv_data, olddata.mv_size);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:6775:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(METADATA(mp), METADATA(fp), NUMKEYS(fp) * fp->mp_pad);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:6777:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)mp + mp->mp_upper + PAGEBASE, (char *)fp + fp->mp_upper + PAGEBASE,
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:6844:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((size_t *)((char *)np + off),
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:6848:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np, omp, sz); /* Copy beginning of page */
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:6855:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(METADATA(omp), data->mv_data, data->mv_size);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:6869:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(olddata.mv_data, data->mv_data, data->mv_size);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:6871:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEKEY(leaf), key->mv_data, key->mv_size);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:6972:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(db, &mc->mc_xcursor->mx_db, sizeof(MDB_db));
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:6994:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
data[0].mv_data = (char *)data[0].mv_data + data[0].mv_size;
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:7054:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(db, &mc->mc_xcursor->mx_db, sizeof(MDB_db));
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:7247:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, key->mv_data, ksize);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:7307:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEKEY(node), key->mv_data, key->mv_size);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:7313:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndata, data->mv_data, sizeof(pgno_t));
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:7317:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndata, data->mv_data, data->mv_size);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:7319:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndata, &ofp->mp_pgno, sizeof(pgno_t));
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:7324:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndata, data->mv_data, data->mv_size);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:7483:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mx->mx_db, NODEDATA(node), sizeof(MDB_db));
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:7714:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf2[DKBUF_MAXKEYSIZE*2+1];
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:7760:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEKEY(node), key->mv_data, key->mv_size);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:8634:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp->mp_ptrs, split, rsize);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:8637:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ins, newkey->mv_data, ksize);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:8642:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp->mp_ptrs, split, x * ksize);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:8644:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ins, newkey->mv_data, ksize);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:8645:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ins+ksize, split + x * ksize, rsize - x * ksize);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:8841:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEPTR(mp, nkeys-1), NODEPTR(copy, nkeys-1),
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:8980:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mc_wbuf[2];
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:8981:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mc_over[2];
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:9158:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEDATA(ni), &my->mc_next_pgno, sizeof(pgno_t));
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:9169:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mo, omp, my->mc_env->me_psize);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:9198:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEDATA(ni), &db, sizeof(db));
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:9771:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&txn->mt_dbs[slot], data.mv_data, sizeof(MDB_db));
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:10022:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:10217:10: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
need = MultiByteToWideChar(CP_UTF8, 0, src, -1, result, need);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/midl.c:179:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ids[ids[0]+1], &app[1], app[0] * sizeof(MDB_ID));
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/midl.h:67:34: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MDB_IDL_CPY( dst, src ) (memcpy( dst, src, MDB_IDL_SIZEOF( src ) ))
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:4141:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname->mn_len = strlen(path);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:9282:18: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
my.mc_wbuf[0] = memalign(env->me_os_psize, MDB_WBUF*2);
data/golang-github-bmatsuo-lmdb-go-1.8.0+git20170215.a14b5a3/lmdb/mdb.c:9702:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
ANALYSIS SUMMARY:
Hits = 84
Lines analyzed = 12507 in approximately 0.40 seconds (31074 lines/second)
Physical Source Lines of Code (SLOC) = 8247
Hits@level = [0] 14 [1] 3 [2] 71 [3] 0 [4] 8 [5] 2
Hits@level+ = [0+] 98 [1+] 84 [2+] 81 [3+] 10 [4+] 10 [5+] 2
Hits/KSLOC@level+ = [0+] 11.8831 [1+] 10.1855 [2+] 9.82175 [3+] 1.21256 [4+] 1.21256 [5+] 0.242512
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.