Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kyotocabinet-1.2.76/kcmap.h
Examining data/kyotocabinet-1.2.76/kcpolytest.cc
Examining data/kyotocabinet-1.2.76/kcfile.cc
Examining data/kyotocabinet-1.2.76/kcdirmgr.cc
Examining data/kyotocabinet-1.2.76/kcthread.cc
Examining data/kyotocabinet-1.2.76/kcstashdb.h
Examining data/kyotocabinet-1.2.76/kctextdb.cc
Examining data/kyotocabinet-1.2.76/kchashmgr.cc
Examining data/kyotocabinet-1.2.76/kcforestmgr.cc
Examining data/kyotocabinet-1.2.76/kcdirdb.cc
Examining data/kyotocabinet-1.2.76/kcpolydb.cc
Examining data/kyotocabinet-1.2.76/kctextdb.h
Examining data/kyotocabinet-1.2.76/kcstashdb.cc
Examining data/kyotocabinet-1.2.76/example/kcpolyex.cc
Examining data/kyotocabinet-1.2.76/example/kccacheex.cc
Examining data/kyotocabinet-1.2.76/example/kcdirex.cc
Examining data/kyotocabinet-1.2.76/example/kclangcex.c
Examining data/kyotocabinet-1.2.76/example/kctreeex.cc
Examining data/kyotocabinet-1.2.76/example/kcmrex.cc
Examining data/kyotocabinet-1.2.76/example/kchashex.cc
Examining data/kyotocabinet-1.2.76/example/kcgrassex.cc
Examining data/kyotocabinet-1.2.76/example/kcprotoex.cc
Examining data/kyotocabinet-1.2.76/example/kcvisex.cc
Examining data/kyotocabinet-1.2.76/example/kcforestex.cc
Examining data/kyotocabinet-1.2.76/kccachedb.cc
Examining data/kyotocabinet-1.2.76/kcstashtest.cc
Examining data/kyotocabinet-1.2.76/lab/kcdict/kcdictmgr.cc
Examining data/kyotocabinet-1.2.76/kcprotodb.cc
Examining data/kyotocabinet-1.2.76/kcthread.h
Examining data/kyotocabinet-1.2.76/kclangc.cc
Examining data/kyotocabinet-1.2.76/kccompare.h
Examining data/kyotocabinet-1.2.76/kcdb.cc
Examining data/kyotocabinet-1.2.76/kcregex.cc
Examining data/kyotocabinet-1.2.76/kchashtest.cc
Examining data/kyotocabinet-1.2.76/kccachedb.h
Examining data/kyotocabinet-1.2.76/kcpolydb.h
Examining data/kyotocabinet-1.2.76/kcmap.cc
Examining data/kyotocabinet-1.2.76/kcgrasstest.cc
Examining data/kyotocabinet-1.2.76/kcdb.h
Examining data/kyotocabinet-1.2.76/kcregex.h
Examining data/kyotocabinet-1.2.76/kcpolymgr.cc
Examining data/kyotocabinet-1.2.76/kcprototest.cc
Examining data/kyotocabinet-1.2.76/kclangc.h
Examining data/kyotocabinet-1.2.76/kccompare.cc
Examining data/kyotocabinet-1.2.76/kcutiltest.cc
Examining data/kyotocabinet-1.2.76/kctreetest.cc
Examining data/kyotocabinet-1.2.76/kcdirdb.h
Examining data/kyotocabinet-1.2.76/kchashdb.h
Examining data/kyotocabinet-1.2.76/kcforesttest.cc
Examining data/kyotocabinet-1.2.76/kcutilmgr.cc
Examining data/kyotocabinet-1.2.76/kcplantdb.cc
Examining data/kyotocabinet-1.2.76/cmdcommon.h
Examining data/kyotocabinet-1.2.76/kcdbext.cc
Examining data/kyotocabinet-1.2.76/kcplantdb.h
Examining data/kyotocabinet-1.2.76/kchashdb.cc
Examining data/kyotocabinet-1.2.76/kccompress.h
Examining data/kyotocabinet-1.2.76/kcprotodb.h
Examining data/kyotocabinet-1.2.76/kctreemgr.cc
Examining data/kyotocabinet-1.2.76/kccachetest.cc
Examining data/kyotocabinet-1.2.76/kcdirtest.cc
Examining data/kyotocabinet-1.2.76/kccompress.cc
Examining data/kyotocabinet-1.2.76/kcutil.h
Examining data/kyotocabinet-1.2.76/kclangctest.c
Examining data/kyotocabinet-1.2.76/kcfile.h
Examining data/kyotocabinet-1.2.76/kcutil.cc
Examining data/kyotocabinet-1.2.76/myconf.h
Examining data/kyotocabinet-1.2.76/kccommon.h
Examining data/kyotocabinet-1.2.76/kcdbext.h
FINAL RESULTS:
data/kyotocabinet-1.2.76/kccommon.h:70:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/kyotocabinet-1.2.76/kccommon.h:70:19: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/kyotocabinet-1.2.76/kccommon.h:84:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
using ::snprintf;
data/kyotocabinet-1.2.76/kcdirdb.h:1672:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
wp += std::sprintf(wp, "%s\n", KCDDBMAGICEOF);
data/kyotocabinet-1.2.76/kclangctest.c:123:3: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, ap);
data/kyotocabinet-1.2.76/kclangctest.c:140:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, ap);
data/kyotocabinet-1.2.76/kclangctest.c:671:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(copypath, "%s.tmp", corepath);
data/kyotocabinet-1.2.76/kclangctest.c:673:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(snappath, "%s.kcss", corepath);
data/kyotocabinet-1.2.76/kcutil.h:1599:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tsiz = std::sprintf(tbuf, cbuf, va_arg(ap, long long));
data/kyotocabinet-1.2.76/kcutil.h:1601:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tsiz = std::sprintf(tbuf, cbuf, va_arg(ap, long));
data/kyotocabinet-1.2.76/kcutil.h:1603:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tsiz = std::sprintf(tbuf, cbuf, va_arg(ap, int));
data/kyotocabinet-1.2.76/kcutil.h:1612:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tsiz = std::sprintf(tbuf, cbuf, va_arg(ap, unsigned long long));
data/kyotocabinet-1.2.76/kcutil.h:1614:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tsiz = std::sprintf(tbuf, cbuf, va_arg(ap, unsigned long));
data/kyotocabinet-1.2.76/kcutil.h:1616:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
tsiz = std::sprintf(tbuf, cbuf, va_arg(ap, unsigned int));
data/kyotocabinet-1.2.76/kcutil.h:1625:25: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
tsiz = std::snprintf(tbuf, sizeof(tbuf), cbuf, va_arg(ap, long double));
data/kyotocabinet-1.2.76/kcutil.h:1627:25: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
tsiz = std::snprintf(tbuf, sizeof(tbuf), cbuf, va_arg(ap, double));
data/kyotocabinet-1.2.76/kccachetest.cc:48:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* ebuf = kc::getenv("KCRNDSEED");
data/kyotocabinet-1.2.76/kcdirtest.cc:48:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* ebuf = kc::getenv("KCRNDSEED");
data/kyotocabinet-1.2.76/kcfile.cc:1689:8: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (!realpath(path.c_str(), buf)) return "";
data/kyotocabinet-1.2.76/kcforesttest.cc:52:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* ebuf = kc::getenv("KCRNDSEED");
data/kyotocabinet-1.2.76/kcgrasstest.cc:52:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* ebuf = kc::getenv("KCRNDSEED");
data/kyotocabinet-1.2.76/kchashtest.cc:52:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* ebuf = kc::getenv("KCRNDSEED");
data/kyotocabinet-1.2.76/kclangctest.c:68:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/kyotocabinet-1.2.76/kcpolytest.cc:60:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* ebuf = kc::getenv("KCRNDSEED");
data/kyotocabinet-1.2.76/kcprototest.cc:50:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* ebuf = kc::getenv("KCRNDSEED");
data/kyotocabinet-1.2.76/kcstashtest.cc:46:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* ebuf = kc::getenv("KCRNDSEED");
data/kyotocabinet-1.2.76/kcthread.cc:300:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
::InitializeCriticalSection(mutex);
data/kyotocabinet-1.2.76/kcthread.cc:318:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
::InitializeCriticalSection(mutex);
data/kyotocabinet-1.2.76/kcthread.cc:372:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(mutex);
data/kyotocabinet-1.2.76/kcthread.cc:486:7: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
::InitializeCriticalSection(mutexes + i);
data/kyotocabinet-1.2.76/kcthread.cc:541:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(core->mutexes + idx);
data/kyotocabinet-1.2.76/kcthread.cc:578:7: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(core->mutexes + i);
data/kyotocabinet-1.2.76/kcthread.cc:1770:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
::InitializeCriticalSection(&core->mutex);
data/kyotocabinet-1.2.76/kcthread.cc:1815:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&core->mutex);
data/kyotocabinet-1.2.76/kcthread.cc:1821:7: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&core->mutex);
data/kyotocabinet-1.2.76/kcthread.cc:1834:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(mymutex);
data/kyotocabinet-1.2.76/kcthread.cc:1854:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&core->mutex);
data/kyotocabinet-1.2.76/kcthread.cc:1860:9: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&core->mutex);
data/kyotocabinet-1.2.76/kcthread.cc:1865:11: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(mymutex);
data/kyotocabinet-1.2.76/kcthread.cc:1870:7: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&core->mutex);
data/kyotocabinet-1.2.76/kcthread.cc:1883:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(mymutex);
data/kyotocabinet-1.2.76/kcthread.cc:1921:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&core->mutex);
data/kyotocabinet-1.2.76/kcthread.cc:1946:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&core->mutex);
data/kyotocabinet-1.2.76/kctreetest.cc:56:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* ebuf = kc::getenv("KCRNDSEED");
data/kyotocabinet-1.2.76/kcutil.cc:231:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* getenv(const char* name) {
data/kyotocabinet-1.2.76/kcutil.cc:233:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return ::getenv(name);
data/kyotocabinet-1.2.76/kcutil.h:886:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* getenv(const char* name);
data/kyotocabinet-1.2.76/kcutiltest.cc:57:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* ebuf = kc::getenv("KCRNDSEED");
data/kyotocabinet-1.2.76/cmdcommon.h:141:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return kc::atoi(info["mem_rss"].c_str());
data/kyotocabinet-1.2.76/cmdcommon.h:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[kc::NUMBUFSIZ];
data/kyotocabinet-1.2.76/cmdcommon.h:190:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(numbuf, "%02X", *(unsigned char*)buf);
data/kyotocabinet-1.2.76/example/kccacheex.cc:13:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("%", CacheDB::OWRITER | CacheDB::OCREATE)) {
data/kyotocabinet-1.2.76/example/kcdirex.cc:13:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("casket.kcd", DirDB::OWRITER | DirDB::OCREATE)) {
data/kyotocabinet-1.2.76/example/kcforestex.cc:13:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("casket.kcf", ForestDB::OWRITER | ForestDB::OCREATE)) {
data/kyotocabinet-1.2.76/example/kcgrassex.cc:13:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("*", GrassDB::OWRITER | GrassDB::OCREATE)) {
data/kyotocabinet-1.2.76/example/kchashex.cc:13:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("casket.kch", HashDB::OWRITER | HashDB::OCREATE)) {
data/kyotocabinet-1.2.76/example/kcmrex.cc:14:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open()) {
data/kyotocabinet-1.2.76/example/kcpolyex.cc:13:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("casket.kch", PolyDB::OWRITER | PolyDB::OCREATE)) {
data/kyotocabinet-1.2.76/example/kcprotoex.cc:13:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("-", ProtoHashDB::OWRITER | ProtoHashDB::OCREATE)) {
data/kyotocabinet-1.2.76/example/kctreeex.cc:13:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("casket.kct", TreeDB::OWRITER | TreeDB::OCREATE)) {
data/kyotocabinet-1.2.76/example/kcvisex.cc:13:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("casket.kch", PolyDB::OREADER)) {
data/kyotocabinet-1.2.76/kccachedb.h:735:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const std::string& path, uint32_t mode = OWRITER | OCREATE) {
data/kyotocabinet-1.2.76/kccachedb.h:1727:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dbuf + ksiz, vbuf, vsiz);
data/kyotocabinet-1.2.76/kccachedb.h:1766:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dbuf, kbuf, ksiz);
data/kyotocabinet-1.2.76/kccachedb.h:1768:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dbuf + ksiz, vbuf, vsiz);
data/kyotocabinet-1.2.76/kccachedb.h:1921:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachedb.h:1923:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf, dbuf, rksiz);
data/kyotocabinet-1.2.76/kccachedb.h:2045:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opaque_[OPAQUESIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:49:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_randseed = ebuf ? (uint32_t)kc::atoi(ebuf) : (uint32_t)(kc::time() * 1000);
data/kyotocabinet-1.2.76/kccachetest.cc:110:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t type = kc::atoi(status["type"].c_str());
data/kyotocabinet-1.2.76/kccachetest.cc:113:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t rtype = kc::atoi(status["realtype"].c_str());
data/kyotocabinet-1.2.76/kccachetest.cc:117:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t chksum = kc::atoi(status["chksum"].c_str());
data/kyotocabinet-1.2.76/kccachetest.cc:121:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t flags = kc::atoi(status["flags"].c_str());
data/kyotocabinet-1.2.76/kccachetest.cc:126:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["recovered"].c_str()) > 0) oprintf(" (recovered)");
data/kyotocabinet-1.2.76/kccachetest.cc:127:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["reorganized"].c_str()) > 0) oprintf(" (reorganized)");
data/kyotocabinet-1.2.76/kccachetest.cc:129:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t opts = kc::atoi(status["opts"].c_str());
data/kyotocabinet-1.2.76/kccachetest.cc:147:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnum = kc::atoi(status["bnum"].c_str());
data/kyotocabinet-1.2.76/kccachetest.cc:148:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnumused = kc::atoi(status["bnum_used"].c_str());
data/kyotocabinet-1.2.76/kccachetest.cc:149:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t count = kc::atoi(status["count"].c_str());
data/kyotocabinet-1.2.76/kccachetest.cc:158:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t capcnt = kc::atoi(status["capcnt"].c_str());
data/kyotocabinet-1.2.76/kccachetest.cc:160:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t size = kc::atoi(status["size"].c_str());
data/kyotocabinet-1.2.76/kccachetest.cc:162:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t capsiz = kc::atoi(status["capsiz"].c_str());
data/kyotocabinet-1.2.76/kccachetest.cc:411:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("*", kc::CacheDB::OWRITER | kc::CacheDB::OCREATE | kc::CacheDB::OTRUNCATE)) {
data/kyotocabinet-1.2.76/kccachetest.cc:443:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:444:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kccachetest.cc:613:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:614:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kccachetest.cc:685:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:686:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kccachetest.cc:731:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(opaque, "1234567890123456", 16);
data/kyotocabinet-1.2.76/kccachetest.cc:766:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:767:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kccachetest.cc:945:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:946:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kccachetest.cc:948:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:1035:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:1096:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:1111:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:1112:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)myrand(range));
data/kyotocabinet-1.2.76/kccachetest.cc:1242:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:1243:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kccachetest.cc:1422:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("*", omode)) {
data/kyotocabinet-1.2.76/kccachetest.cc:1446:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:1447:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%010lld", (long long)(base + i));
data/kyotocabinet-1.2.76/kccachetest.cc:1458:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%010lld", (long long)myrand(range) + 1);
data/kyotocabinet-1.2.76/kccachetest.cc:1620:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("*", omode)) {
data/kyotocabinet-1.2.76/kccachetest.cc:1660:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:1661:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kccachetest.cc:1830:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:1831:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kccachetest.cc:1843:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:1844:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kccachetest.cc:1856:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:1857:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kccachetest.cc:1915:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kccachetest.cc:1967:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("*", omode)) {
data/kyotocabinet-1.2.76/kccachetest.cc:1971:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!paradb.open("para", omode)) {
data/kyotocabinet-1.2.76/kccachetest.cc:1993:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kccachetest.cc:1994:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kccachetest.cc:2007:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kccachetest.cc:2057:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kccachetest.cc:2155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kccompress.cc:89:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, buf, size);
data/kyotocabinet-1.2.76/kccompress.cc:149:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(zbuf, buf, size);
data/kyotocabinet-1.2.76/kccompress.cc:191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wrkmem[LZO1X_1_MEM_COMPRESS];
data/kyotocabinet-1.2.76/kccompress.cc:210:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, buf, size);
data/kyotocabinet-1.2.76/kccompress.cc:260:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(zbuf, buf, size);
data/kyotocabinet-1.2.76/kccompress.cc:326:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, buf, size);
data/kyotocabinet-1.2.76/kccompress.cc:372:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(zbuf, buf, size);
data/kyotocabinet-1.2.76/kccompress.h:310:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf_, kbuf, ksiz);
data/kyotocabinet-1.2.76/kccompress.h:336:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[NUMBUFSIZ*2];
data/kyotocabinet-1.2.76/kccompress.h:338:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf + sizeof(salt), kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kccompress.h:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[NUMBUFSIZ*2];
data/kyotocabinet-1.2.76/kccompress.h:365:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf, buf, sizeof(uint64_t));
data/kyotocabinet-1.2.76/kccompress.h:366:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf + sizeof(uint64_t), kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kcdb.h:616:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf_, kbuf, ksiz);
data/kyotocabinet-1.2.76/kcdb.h:682:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(vbuf_, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcdb.h:754:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf_, kbuf, ksiz);
data/kyotocabinet-1.2.76/kcdb.h:758:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(vbuf_, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcdb.h:843:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf_, kbuf, ksiz);
data/kyotocabinet-1.2.76/kcdb.h:847:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(vbuf_, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcdb.h:1208:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const std::string& path, uint32_t mode = OWRITER | OCREATE) = 0;
data/kyotocabinet-1.2.76/kcdb.h:1293:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dir.open(path)) {
data/kyotocabinet-1.2.76/kcdb.h:1329:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs.open(dest_.c_str(),
data/kyotocabinet-1.2.76/kcdb.h:1334:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(path.c_str(), std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcdb.h:1340:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IOBUFSIZ];
data/kyotocabinet-1.2.76/kcdb.h:1569:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(nbuf_, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcdb.h:1570:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(nbuf_ + vsiz, vbuf_, vsiz_);
data/kyotocabinet-1.2.76/kcdb.h:1625:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&onum, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcdb.h:1740:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_, &linteg, sizeof(linteg));
data/kyotocabinet-1.2.76/kcdb.h:1742:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_ + sizeof(linteg), &lfract, sizeof(lfract));
data/kyotocabinet-1.2.76/kcdb.h:1766:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_, &linteg, sizeof(linteg));
data/kyotocabinet-1.2.76/kcdb.h:1768:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_ + sizeof(linteg), &lfract, sizeof(lfract));
data/kyotocabinet-1.2.76/kcdb.h:1775:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_[sizeof(int64_t)*2];
data/kyotocabinet-1.2.76/kcdb.h:1920:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(vbuf_, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcdb.h:1998:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(vbuf_, vbuf, max);
data/kyotocabinet-1.2.76/kcdb.h:2077:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(vbuf_, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcdb.h:2293:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack_[NUMBUFSIZ*2];
data/kyotocabinet-1.2.76/kcdb.h:2319:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs.open(dest.c_str(), std::ios_base::out | std::ios_base::binary | std::ios_base::trunc);
data/kyotocabinet-1.2.76/kcdb.h:2345:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IOBUFSIZ];
data/kyotocabinet-1.2.76/kcdb.h:2422:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(src.c_str(), std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcdbext.h:270:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gdb->open("%", GrassDB::OWRITER | GrassDB::OCREATE | GrassDB::OTRUNCATE);
data/kyotocabinet-1.2.76/kcdbext.h:306:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tdb->open(childpath, TreeDB::OWRITER | TreeDB::OCREATE | TreeDB::OTRUNCATE)) {
data/kyotocabinet-1.2.76/kcdbext.h:436:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[NUMBUFSIZ*4];
data/kyotocabinet-1.2.76/kcdbext.h:440:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcdbext.h:913:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const std::string& path = ":",
data/kyotocabinet-1.2.76/kcdbext.h:947:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db_.open(path, mode)) return false;
data/kyotocabinet-1.2.76/kcdbext.h:980:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gdb->open("%", GrassDB::OWRITER | GrassDB::OCREATE | GrassDB::OTRUNCATE);
data/kyotocabinet-1.2.76/kcdbext.h:1011:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tdb->open(childpath, TreeDB::OWRITER | TreeDB::OCREATE | TreeDB::OTRUNCATE)) {
data/kyotocabinet-1.2.76/kcdbext.h:1315:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dvbuf, cvbuf, cvsiz);
data/kyotocabinet-1.2.76/kcdbext.h:1324:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(rbuf, dvbuf, dvsiz);
data/kyotocabinet-1.2.76/kcdbext.h:1325:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(rbuf + dvsiz, cvbuf, cvsiz);
data/kyotocabinet-1.2.76/kcdbext.h:1335:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, dvbuf, dvsiz);
data/kyotocabinet-1.2.76/kcdbext.h:1340:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, cvbuf, cvsiz);
data/kyotocabinet-1.2.76/kcdbext.h:1347:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, rp->buf, rp->size);
data/kyotocabinet-1.2.76/kcdirdb.h:184:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dir_.open(db_->path_)) {
data/kyotocabinet-1.2.76/kcdirdb.h:208:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dir_.open(db_->path_)) {
data/kyotocabinet-1.2.76/kcdirdb.h:428:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kcdirdb.h:468:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kcdirdb.h:605:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const std::string& path, uint32_t mode = OWRITER | OCREATE) {
data/kyotocabinet-1.2.76/kcdirdb.h:641:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file_.open(magicpath, fmode)) {
data/kyotocabinet-1.2.76/kcdirdb.h:682:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file_.open(magicpath, fmode)) {
data/kyotocabinet-1.2.76/kcdirdb.h:692:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file_.open(magicpath, fmode)) {
data/kyotocabinet-1.2.76/kcdirdb.h:727:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dir.open(walpath)) {
data/kyotocabinet-1.2.76/kcdirdb.h:996:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dir.open(path_)) {
data/kyotocabinet-1.2.76/kcdirdb.h:1575:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[NUMBUFSIZ*3];
data/kyotocabinet-1.2.76/kcdirdb.h:1581:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t count = atoi(rp);
data/kyotocabinet-1.2.76/kcdirdb.h:1585:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t size = atoi(rp);
data/kyotocabinet-1.2.76/kcdirdb.h:1606:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dir.open(cpath)) {
data/kyotocabinet-1.2.76/kcdirdb.h:1650:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kcdirdb.h:1664:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[METABUFSIZ];
data/kyotocabinet-1.2.76/kcdirdb.h:1666:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
wp += std::sprintf(wp, "%u\n", libver_);
data/kyotocabinet-1.2.76/kcdirdb.h:1667:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
wp += std::sprintf(wp, "%u\n", librev_);
data/kyotocabinet-1.2.76/kcdirdb.h:1668:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
wp += std::sprintf(wp, "%u\n", fmtver_);
data/kyotocabinet-1.2.76/kcdirdb.h:1669:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
wp += std::sprintf(wp, "%u\n", chksum_);
data/kyotocabinet-1.2.76/kcdirdb.h:1670:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
wp += std::sprintf(wp, "%u\n", type_);
data/kyotocabinet-1.2.76/kcdirdb.h:1671:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
wp += std::sprintf(wp, "%u\n", opts_);
data/kyotocabinet-1.2.76/kcdirdb.h:1699:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
libver_ = atoi(elems[0].c_str());
data/kyotocabinet-1.2.76/kcdirdb.h:1700:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
librev_ = atoi(elems[1].c_str());
data/kyotocabinet-1.2.76/kcdirdb.h:1701:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fmtver_ = atoi(elems[2].c_str());
data/kyotocabinet-1.2.76/kcdirdb.h:1702:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chksum_ = atoi(elems[3].c_str());
data/kyotocabinet-1.2.76/kcdirdb.h:1703:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
type_ = atoi(elems[4].c_str());
data/kyotocabinet-1.2.76/kcdirdb.h:1704:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opts_ = atoi(elems[5].c_str());
data/kyotocabinet-1.2.76/kcdirdb.h:1732:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(opaque_, buf, size);
data/kyotocabinet-1.2.76/kcdirdb.h:1744:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dir.open(cpath)) {
data/kyotocabinet-1.2.76/kcdirdb.h:1846:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, kbuf, ksiz);
data/kyotocabinet-1.2.76/kcdirdb.h:1848:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcdirdb.h:2065:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dir.open(path_)) {
data/kyotocabinet-1.2.76/kcdirdb.h:2116:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dir.open(path_)) {
data/kyotocabinet-1.2.76/kcdirdb.h:2301:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dir.open(walpath_)) {
data/kyotocabinet-1.2.76/kcdirdb.h:2409:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opaque_[OPAQUESIZ];
data/kyotocabinet-1.2.76/kcdirmgr.cc:442:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf, kstr, ksiz);
data/kyotocabinet-1.2.76/kcdirmgr.cc:814:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::DirDB::OWRITER | kc::DirDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:831:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::DirDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:840:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t type = kc::atoi(status["type"].c_str());
data/kyotocabinet-1.2.76/kcdirmgr.cc:843:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t rtype = kc::atoi(status["realtype"].c_str());
data/kyotocabinet-1.2.76/kcdirmgr.cc:847:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t chksum = kc::atoi(status["chksum"].c_str());
data/kyotocabinet-1.2.76/kcdirmgr.cc:851:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t flags = kc::atoi(status["flags"].c_str());
data/kyotocabinet-1.2.76/kcdirmgr.cc:856:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["recovered"].c_str()) > 0) oprintf(" (recovered)");
data/kyotocabinet-1.2.76/kcdirmgr.cc:857:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["reorganized"].c_str()) > 0) oprintf(" (reorganized)");
data/kyotocabinet-1.2.76/kcdirmgr.cc:859:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t opts = kc::atoi(status["opts"].c_str());
data/kyotocabinet-1.2.76/kcdirmgr.cc:877:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t count = kc::atoi(status["count"].c_str());
data/kyotocabinet-1.2.76/kcdirmgr.cc:880:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t size = kc::atoi(status["size"].c_str());
data/kyotocabinet-1.2.76/kcdirmgr.cc:904:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::DirDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:939:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t onum = db.increment(kbuf, ksiz, kc::atoi(vbuf));
data/kyotocabinet-1.2.76/kcdirmgr.cc:971:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::DirDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:994:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:1028:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:1093:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::DirDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:1115:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(file, std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcdirmgr.cc:1124:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::DirDB::OWRITER | kc::DirDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:1179:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::DirDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:1203:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::DirDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:1234:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::DirDB::OWRITER | kc::DirDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:1269:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::DirDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:1291:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::DirDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:1313:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::DirDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:1345:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::DirDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcdirtest.cc:49:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_randseed = ebuf ? (uint32_t)kc::atoi(ebuf) : (uint32_t)(kc::time() * 1000);
data/kyotocabinet-1.2.76/kcdirtest.cc:109:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t type = kc::atoi(status["type"].c_str());
data/kyotocabinet-1.2.76/kcdirtest.cc:112:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t rtype = kc::atoi(status["realtype"].c_str());
data/kyotocabinet-1.2.76/kcdirtest.cc:116:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t chksum = kc::atoi(status["chksum"].c_str());
data/kyotocabinet-1.2.76/kcdirtest.cc:120:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t flags = kc::atoi(status["flags"].c_str());
data/kyotocabinet-1.2.76/kcdirtest.cc:125:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["recovered"].c_str()) > 0) oprintf(" (recovered)");
data/kyotocabinet-1.2.76/kcdirtest.cc:126:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["reorganized"].c_str()) > 0) oprintf(" (reorganized)");
data/kyotocabinet-1.2.76/kcdirtest.cc:128:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t opts = kc::atoi(status["opts"].c_str());
data/kyotocabinet-1.2.76/kcdirtest.cc:146:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t count = kc::atoi(status["count"].c_str());
data/kyotocabinet-1.2.76/kcdirtest.cc:149:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t size = kc::atoi(status["size"].c_str());
data/kyotocabinet-1.2.76/kcdirtest.cc:420:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcdirtest.cc:453:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:454:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcdirtest.cc:624:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:625:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcdirtest.cc:696:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:697:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcdirtest.cc:742:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(opaque, "1234567890123456", 16);
data/kyotocabinet-1.2.76/kcdirtest.cc:778:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:779:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcdirtest.cc:962:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:963:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcdirtest.cc:965:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:1052:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:1113:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:1128:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:1129:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)myrand(range));
data/kyotocabinet-1.2.76/kcdirtest.cc:1263:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:1264:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcdirtest.cc:1440:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcdirtest.cc:1464:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:1465:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%010lld", (long long)(base + i));
data/kyotocabinet-1.2.76/kcdirtest.cc:1476:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%010lld", (long long)myrand(range) + 1);
data/kyotocabinet-1.2.76/kcdirtest.cc:1634:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcdirtest.cc:1674:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:1675:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcdirtest.cc:1844:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:1845:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcdirtest.cc:1857:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:1858:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcdirtest.cc:1870:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:1871:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcdirtest.cc:1925:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kcdirtest.cc:1973:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcdirtest.cc:1978:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!paradb.open(parapath, omode)) {
data/kyotocabinet-1.2.76/kcdirtest.cc:2001:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcdirtest.cc:2002:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcdirtest.cc:2015:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcdirtest.cc:2065:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcdirtest.cc:2164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kcfile.cc:286:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool File::open(const std::string& path, uint32_t mode, int64_t msiz) {
data/kyotocabinet-1.2.76/kcfile.cc:336:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[sizeof(WALMAGICDATA)];
data/kyotocabinet-1.2.76/kcfile.cc:415:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int32_t fd = ::open(path.c_str(), oflags, FILEPERM);
data/kyotocabinet-1.2.76/kcfile.cc:458:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int32_t walfd = ::open(wpath.c_str(), O_RDWR, FILEPERM);
data/kyotocabinet-1.2.76/kcfile.cc:464:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[sizeof(WALMAGICDATA)];
data/kyotocabinet-1.2.76/kcfile.cc:467:51: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int32_t ofd = mode & OWRITER ? fd : ::open(path.c_str(), O_WRONLY, FILEPERM);
data/kyotocabinet-1.2.76/kcfile.cc:676:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, buf, size);
data/kyotocabinet-1.2.76/kcfile.cc:689:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, buf, hsiz);
data/kyotocabinet-1.2.76/kcfile.cc:731:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, buf, size);
data/kyotocabinet-1.2.76/kcfile.cc:744:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, buf, hsiz);
data/kyotocabinet-1.2.76/kcfile.cc:778:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, buf, size);
data/kyotocabinet-1.2.76/kcfile.cc:783:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, buf, hsiz);
data/kyotocabinet-1.2.76/kcfile.cc:799:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, buf, size);
data/kyotocabinet-1.2.76/kcfile.cc:804:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, buf, hsiz);
data/kyotocabinet-1.2.76/kcfile.cc:844:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, buf, size);
data/kyotocabinet-1.2.76/kcfile.cc:857:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, buf, hsiz);
data/kyotocabinet-1.2.76/kcfile.cc:904:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, buf, size);
data/kyotocabinet-1.2.76/kcfile.cc:917:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, buf, hsiz);
data/kyotocabinet-1.2.76/kcfile.cc:965:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, core->map + off, size);
data/kyotocabinet-1.2.76/kcfile.cc:970:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, core->map + off, hsiz);
data/kyotocabinet-1.2.76/kcfile.cc:1004:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, core->map + off, size);
data/kyotocabinet-1.2.76/kcfile.cc:1009:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, core->map + off, hsiz);
data/kyotocabinet-1.2.76/kcfile.cc:1045:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, core->map + off, size);
data/kyotocabinet-1.2.76/kcfile.cc:1050:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, core->map + off, hsiz);
data/kyotocabinet-1.2.76/kcfile.cc:1081:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, core->map + off, size);
data/kyotocabinet-1.2.76/kcfile.cc:1086:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, core->map + off, hsiz);
data/kyotocabinet-1.2.76/kcfile.cc:1316:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wbuf[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kcfile.cc:1318:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, WALMAGICDATA, sizeof(WALMAGICDATA));
data/kyotocabinet-1.2.76/kcfile.cc:1321:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &num, sizeof(num));
data/kyotocabinet-1.2.76/kcfile.cc:1342:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int32_t fd = ::open(wpath.c_str(), O_RDWR | O_CREAT | O_TRUNC, FILEPERM);
data/kyotocabinet-1.2.76/kcfile.cc:1355:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wbuf[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kcfile.cc:1357:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, WALMAGICDATA, sizeof(WALMAGICDATA));
data/kyotocabinet-1.2.76/kcfile.cc:1360:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &num, sizeof(num));
data/kyotocabinet-1.2.76/kcfile.cc:1391:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[IOBUFSIZ];
data/kyotocabinet-1.2.76/kcfile.cc:1431:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbuf[IOBUFSIZ];
data/kyotocabinet-1.2.76/kcfile.cc:1539:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int32_t fd = ::open(path.c_str(), O_RDONLY, FILEPERM);
data/kyotocabinet-1.2.76/kcfile.cc:1605:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int32_t fd = ::open(path.c_str(), O_WRONLY | O_CREAT | O_TRUNC, FILEPERM);
data/kyotocabinet-1.2.76/kcfile.cc:1673:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATHBUFSIZ];
data/kyotocabinet-1.2.76/kcfile.cc:1688:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATHBUFSIZ];
data/kyotocabinet-1.2.76/kcfile.cc:1869:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dir.open(cpath)) {
data/kyotocabinet-1.2.76/kcfile.cc:1900:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATHBUFSIZ];
data/kyotocabinet-1.2.76/kcfile.cc:1915:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATHBUFSIZ];
data/kyotocabinet-1.2.76/kcfile.cc:1991:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool DirStream::open(const std::string& path) {
data/kyotocabinet-1.2.76/kcfile.cc:2126:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[IOBUFSIZ];
data/kyotocabinet-1.2.76/kcfile.cc:2132:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &num, sizeof(num));
data/kyotocabinet-1.2.76/kcfile.cc:2135:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &num, sizeof(num));
data/kyotocabinet-1.2.76/kcfile.cc:2140:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, core->map + off, size);
data/kyotocabinet-1.2.76/kcfile.cc:2144:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, core->map + off, hsiz);
data/kyotocabinet-1.2.76/kcfile.cc:2191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[IOBUFSIZ];
data/kyotocabinet-1.2.76/kcfile.cc:2197:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &num, sizeof(num));
data/kyotocabinet-1.2.76/kcfile.cc:2200:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &num, sizeof(num));
data/kyotocabinet-1.2.76/kcfile.cc:2205:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, core->map + off, size);
data/kyotocabinet-1.2.76/kcfile.cc:2209:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, core->map + off, hsiz);
data/kyotocabinet-1.2.76/kcfile.cc:2260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IOBUFSIZ];
data/kyotocabinet-1.2.76/kcfile.cc:2364:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, rbuf, size);
data/kyotocabinet-1.2.76/kcfile.cc:2368:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, rbuf, hsiz);
data/kyotocabinet-1.2.76/kcfile.cc:2404:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IOBUFSIZ];
data/kyotocabinet-1.2.76/kcfile.cc:2502:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, rbuf, size);
data/kyotocabinet-1.2.76/kcfile.cc:2506:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(core->map + off, rbuf, hsiz);
data/kyotocabinet-1.2.76/kcfile.h:90:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const std::string& path, uint32_t mode = OWRITER | OCREATE, int64_t msiz = 0);
data/kyotocabinet-1.2.76/kcfile.h:362:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const std::string& path);
data/kyotocabinet-1.2.76/kcforestmgr.cc:462:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf, kstr, ksiz);
data/kyotocabinet-1.2.76/kcforestmgr.cc:838:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::ForestDB::OWRITER | kc::ForestDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kcforestmgr.cc:855:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::ForestDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcforestmgr.cc:869:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t type = kc::atoi(status["realtype"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:872:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t chksum = kc::atoi(status["chksum"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:876:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t flags = kc::atoi(status["flags"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:881:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["recovered"].c_str()) > 0) oprintf(" (recovered)");
data/kyotocabinet-1.2.76/kcforestmgr.cc:882:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["reorganized"].c_str()) > 0) oprintf(" (reorganized)");
data/kyotocabinet-1.2.76/kcforestmgr.cc:883:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["trimmed"].c_str()) > 0) oprintf(" (trimmed)");
data/kyotocabinet-1.2.76/kcforestmgr.cc:885:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t opts = kc::atoi(status["opts"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:904:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnum = kc::atoi(status["bnum"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:905:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t count = kc::atoi(status["count"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:906:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t pnum = kc::atoi(status["pnum"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:907:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t lcnt = kc::atoi(status["lcnt"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:908:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t icnt = kc::atoi(status["icnt"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:909:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t tlevel = kc::atoi(status["tree_level"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:910:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t psiz = kc::atoi(status["psiz"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:919:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t pccap = kc::atoi(status["pccap"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:920:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cusage = kc::atoi(status["cusage"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:921:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t culcnt = kc::atoi(status["cusage_lcnt"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:922:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t culsiz = kc::atoi(status["cusage_lsiz"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:923:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cuicnt = kc::atoi(status["cusage_icnt"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:924:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cuisiz = kc::atoi(status["cusage_isiz"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:930:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t size = kc::atoi(status["size"].c_str());
data/kyotocabinet-1.2.76/kcforestmgr.cc:961:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::ForestDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcforestmgr.cc:996:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t onum = db.increment(kbuf, ksiz, kc::atoi(vbuf));
data/kyotocabinet-1.2.76/kcforestmgr.cc:1028:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::ForestDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcforestmgr.cc:1051:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcforestmgr.cc:1085:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcforestmgr.cc:1174:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::ForestDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcforestmgr.cc:1196:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(file, std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcforestmgr.cc:1205:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::ForestDB::OWRITER | kc::ForestDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kcforestmgr.cc:1260:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::ForestDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcforestmgr.cc:1284:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::ForestDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcforestmgr.cc:1315:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::ForestDB::OWRITER | kc::ForestDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kcforestmgr.cc:1350:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::ForestDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcforestmgr.cc:1372:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::ForestDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcforestmgr.cc:1394:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::ForestDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcforestmgr.cc:1426:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::ForestDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcforesttest.cc:53:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_randseed = ebuf ? (uint32_t)kc::atoi(ebuf) : (uint32_t)(kc::time() * 1000);
data/kyotocabinet-1.2.76/kcforesttest.cc:122:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t type = kc::atoi(status["realtype"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:125:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t chksum = kc::atoi(status["chksum"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:129:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t flags = kc::atoi(status["flags"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:134:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["recovered"].c_str()) > 0) oprintf(" (recovered)");
data/kyotocabinet-1.2.76/kcforesttest.cc:135:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["reorganized"].c_str()) > 0) oprintf(" (reorganized)");
data/kyotocabinet-1.2.76/kcforesttest.cc:136:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["trimmed"].c_str()) > 0) oprintf(" (trimmed)");
data/kyotocabinet-1.2.76/kcforesttest.cc:138:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t opts = kc::atoi(status["opts"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:157:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnum = kc::atoi(status["bnum"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:158:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t count = kc::atoi(status["count"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:159:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t pnum = kc::atoi(status["pnum"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:160:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t lcnt = kc::atoi(status["lcnt"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:161:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t icnt = kc::atoi(status["icnt"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:162:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t tlevel = kc::atoi(status["tree_level"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:163:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t psiz = kc::atoi(status["psiz"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:172:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t pccap = kc::atoi(status["pccap"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:173:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cusage = kc::atoi(status["cusage"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:174:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t culcnt = kc::atoi(status["cusage_lcnt"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:175:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t culsiz = kc::atoi(status["cusage_lsiz"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:176:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cuicnt = kc::atoi(status["cusage_icnt"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:177:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cuisiz = kc::atoi(status["cusage_isiz"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:183:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t size = kc::atoi(status["size"].c_str());
data/kyotocabinet-1.2.76/kcforesttest.cc:540:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcforesttest.cc:573:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:574:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcforesttest.cc:744:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:745:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcforesttest.cc:816:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:817:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcforesttest.cc:862:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(opaque, "1234567890123456", 16);
data/kyotocabinet-1.2.76/kcforesttest.cc:898:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:899:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcforesttest.cc:1082:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:1083:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcforesttest.cc:1085:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:1172:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:1233:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:1248:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:1249:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)myrand(range));
data/kyotocabinet-1.2.76/kcforesttest.cc:1381:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:1382:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcforesttest.cc:1564:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcforesttest.cc:1588:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:1589:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%010lld", (long long)(base + i));
data/kyotocabinet-1.2.76/kcforesttest.cc:1600:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%010lld", (long long)myrand(range) + 1);
data/kyotocabinet-1.2.76/kcforesttest.cc:1764:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcforesttest.cc:1804:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:1805:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcforesttest.cc:1987:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:1988:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcforesttest.cc:2000:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:2001:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcforesttest.cc:2013:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:2014:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcforesttest.cc:2068:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kcforesttest.cc:2122:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcforesttest.cc:2127:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!paradb.open(parapath, omode)) {
data/kyotocabinet-1.2.76/kcforesttest.cc:2150:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcforesttest.cc:2151:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcforesttest.cc:2164:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcforesttest.cc:2214:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcforesttest.cc:2313:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kcgrasstest.cc:53:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_randseed = ebuf ? (uint32_t)kc::atoi(ebuf) : (uint32_t)(kc::time() * 1000);
data/kyotocabinet-1.2.76/kcgrasstest.cc:119:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t type = kc::atoi(status["type"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:122:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t chksum = kc::atoi(status["chksum"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:126:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t flags = kc::atoi(status["flags"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:131:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["recovered"].c_str()) > 0) oprintf(" (recovered)");
data/kyotocabinet-1.2.76/kcgrasstest.cc:132:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["reorganized"].c_str()) > 0) oprintf(" (reorganized)");
data/kyotocabinet-1.2.76/kcgrasstest.cc:133:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["trimmed"].c_str()) > 0) oprintf(" (trimmed)");
data/kyotocabinet-1.2.76/kcgrasstest.cc:135:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t opts = kc::atoi(status["opts"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:154:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnum = kc::atoi(status["bnum"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:155:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnumused = kc::atoi(status["bnum_used"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:156:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t count = kc::atoi(status["count"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:157:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t pnum = kc::atoi(status["pnum"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:158:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t lcnt = kc::atoi(status["lcnt"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:159:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t icnt = kc::atoi(status["icnt"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:160:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t tlevel = kc::atoi(status["tree_level"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:161:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t psiz = kc::atoi(status["psiz"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:171:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t pccap = kc::atoi(status["pccap"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:172:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cusage = kc::atoi(status["cusage"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:173:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t culcnt = kc::atoi(status["cusage_lcnt"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:174:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t culsiz = kc::atoi(status["cusage_lsiz"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:175:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cuicnt = kc::atoi(status["cusage_icnt"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:176:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cuisiz = kc::atoi(status["cusage_isiz"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:182:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t size = kc::atoi(status["size"].c_str());
data/kyotocabinet-1.2.76/kcgrasstest.cc:462:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("%", kc::GrassDB::OWRITER | kc::GrassDB::OCREATE | kc::GrassDB::OTRUNCATE)) {
data/kyotocabinet-1.2.76/kcgrasstest.cc:494:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcgrasstest.cc:495:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcgrasstest.cc:664:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcgrasstest.cc:665:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcgrasstest.cc:736:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcgrasstest.cc:737:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcgrasstest.cc:782:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(opaque, "1234567890123456", 16);
data/kyotocabinet-1.2.76/kcgrasstest.cc:817:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcgrasstest.cc:818:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcgrasstest.cc:996:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcgrasstest.cc:997:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcgrasstest.cc:999:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcgrasstest.cc:1086:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcgrasstest.cc:1147:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcgrasstest.cc:1162:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcgrasstest.cc:1163:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)myrand(range));
data/kyotocabinet-1.2.76/kcgrasstest.cc:1293:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcgrasstest.cc:1294:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcgrasstest.cc:1475:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("%", omode)) {
data/kyotocabinet-1.2.76/kcgrasstest.cc:1499:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcgrasstest.cc:1500:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%010lld", (long long)(base + i));
data/kyotocabinet-1.2.76/kcgrasstest.cc:1511:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%010lld", (long long)myrand(range) + 1);
data/kyotocabinet-1.2.76/kcgrasstest.cc:1675:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("%", omode)) {
data/kyotocabinet-1.2.76/kcgrasstest.cc:1715:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcgrasstest.cc:1716:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcgrasstest.cc:1926:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kcgrasstest.cc:1980:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("%", omode)) {
data/kyotocabinet-1.2.76/kcgrasstest.cc:1984:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!paradb.open("para", omode)) {
data/kyotocabinet-1.2.76/kcgrasstest.cc:2006:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcgrasstest.cc:2007:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcgrasstest.cc:2020:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcgrasstest.cc:2070:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcgrasstest.cc:2168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kchashdb.h:184:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashdb.h:317:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashdb.h:422:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashdb.h:799:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const std::string& path, uint32_t mode = OWRITER | OCREATE) {
data/kyotocabinet-1.2.76/kchashdb.h:823:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file_.open(path, fmode, msiz_)) {
data/kyotocabinet-1.2.76/kchashdb.h:879:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file_.open(path, fmode, msiz_)) {
data/kyotocabinet-1.2.76/kchashdb.h:1845:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashdb.h:2151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashdb.h:2299:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashdb.h:2444:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashdb.h:2567:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[HEADSIZ];
data/kyotocabinet-1.2.76/kchashdb.h:2569:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head, KCHDBMAGICDATA, sizeof(KCHDBMAGICDATA));
data/kyotocabinet-1.2.76/kchashdb.h:2570:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head + MOFFLIBVER, &libver_, sizeof(libver_));
data/kyotocabinet-1.2.76/kchashdb.h:2571:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head + MOFFLIBREV, &librev_, sizeof(librev_));
data/kyotocabinet-1.2.76/kchashdb.h:2572:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head + MOFFFMTVER, &fmtver_, sizeof(fmtver_));
data/kyotocabinet-1.2.76/kchashdb.h:2573:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head + MOFFCHKSUM, &chksum_, sizeof(chksum_));
data/kyotocabinet-1.2.76/kchashdb.h:2574:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head + MOFFTYPE, &type_, sizeof(type_));
data/kyotocabinet-1.2.76/kchashdb.h:2575:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head + MOFFAPOW, &apow_, sizeof(apow_));
data/kyotocabinet-1.2.76/kchashdb.h:2576:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head + MOFFFPOW, &fpow_, sizeof(fpow_));
data/kyotocabinet-1.2.76/kchashdb.h:2577:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head + MOFFOPTS, &opts_, sizeof(opts_));
data/kyotocabinet-1.2.76/kchashdb.h:2579:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head + MOFFBNUM, &num, sizeof(num));
data/kyotocabinet-1.2.76/kchashdb.h:2581:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head + MOFFFLAGS, &flags_, sizeof(flags_));
data/kyotocabinet-1.2.76/kchashdb.h:2583:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head + MOFFCOUNT, &num, sizeof(num));
data/kyotocabinet-1.2.76/kchashdb.h:2585:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head + MOFFSIZE, &num, sizeof(num));
data/kyotocabinet-1.2.76/kchashdb.h:2586:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head + MOFFOPAQUE, opaque_, sizeof(opaque_));
data/kyotocabinet-1.2.76/kchashdb.h:2602:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[hsiz];
data/kyotocabinet-1.2.76/kchashdb.h:2605:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head, &num, sizeof(num));
data/kyotocabinet-1.2.76/kchashdb.h:2607:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(head + MOFFSIZE - MOFFCOUNT, &num, sizeof(num));
data/kyotocabinet-1.2.76/kchashdb.h:2634:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[HEADSIZ];
data/kyotocabinet-1.2.76/kchashdb.h:2716:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (db.open(npath, OWRITER | OCREATE | OTRUNCATE)) {
data/kyotocabinet-1.2.76/kchashdb.h:2753:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ], nbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashdb.h:2851:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dest == &file_ || dest->open(path, File::OWRITER | File::ONOLOCK, 0)) {
data/kyotocabinet-1.2.76/kchashdb.h:2916:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(uint64_t)];
data/kyotocabinet-1.2.76/kchashdb.h:2931:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(uint64_t)];
data/kyotocabinet-1.2.76/kchashdb.h:2948:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(uint64_t)];
data/kyotocabinet-1.2.76/kchashdb.h:3147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[IOBUFSIZ];
data/kyotocabinet-1.2.76/kchashdb.h:3151:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &snum, sizeof(snum));
data/kyotocabinet-1.2.76/kchashdb.h:3162:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, rec->kbuf, rec->ksiz);
data/kyotocabinet-1.2.76/kchashdb.h:3164:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, rec->vbuf, rec->vsiz);
data/kyotocabinet-1.2.76/kchashdb.h:3199:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashdb.h:3272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashdb.h:3444:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[2];
data/kyotocabinet-1.2.76/kchashdb.h:3817:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opaque_[HEADSIZ-MOFFOPAQUE];
data/kyotocabinet-1.2.76/kchashmgr.cc:465:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf, kstr, ksiz);
data/kyotocabinet-1.2.76/kchashmgr.cc:872:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::HashDB::OWRITER | kc::HashDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:889:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::HashDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:900:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t type = kc::atoi(status["type"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:903:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t rtype = kc::atoi(status["realtype"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:907:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t chksum = kc::atoi(status["chksum"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:911:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t flags = kc::atoi(status["flags"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:916:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["recovered"].c_str()) > 0) oprintf(" (recovered)");
data/kyotocabinet-1.2.76/kchashmgr.cc:917:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["reorganized"].c_str()) > 0) oprintf(" (reorganized)");
data/kyotocabinet-1.2.76/kchashmgr.cc:918:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["trimmed"].c_str()) > 0) oprintf(" (trimmed)");
data/kyotocabinet-1.2.76/kchashmgr.cc:920:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t apow = kc::atoi(status["apow"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:922:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t fpow = kc::atoi(status["fpow"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:924:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t fbpused = kc::atoi(status["fbpnum_used"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:925:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t frgcnt = kc::atoi(status["frgcnt"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:928:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t opts = kc::atoi(status["opts"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:946:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnum = kc::atoi(status["bnum"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:947:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnumused = kc::atoi(status["bnum_used"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:948:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t count = kc::atoi(status["count"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:958:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t size = kc::atoi(status["size"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:959:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t msiz = kc::atoi(status["msiz"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:960:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t realsize = kc::atoi(status["realsize"].c_str());
data/kyotocabinet-1.2.76/kchashmgr.cc:993:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::HashDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:1028:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t onum = db.increment(kbuf, ksiz, kc::atoi(vbuf));
data/kyotocabinet-1.2.76/kchashmgr.cc:1060:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::HashDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:1083:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:1117:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:1182:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::HashDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:1204:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(file, std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kchashmgr.cc:1213:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::HashDB::OWRITER | kc::HashDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:1268:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::HashDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:1292:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::HashDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:1323:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::HashDB::OWRITER | kc::HashDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:1357:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::HashDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:1379:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::HashDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:1401:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::HashDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:1423:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::HashDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:1455:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::HashDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kchashtest.cc:53:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_randseed = ebuf ? (uint32_t)kc::atoi(ebuf) : (uint32_t)(kc::time() * 1000);
data/kyotocabinet-1.2.76/kchashtest.cc:119:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t type = kc::atoi(status["type"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:122:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t rtype = kc::atoi(status["realtype"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:126:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t chksum = kc::atoi(status["chksum"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:130:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t flags = kc::atoi(status["flags"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:135:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["recovered"].c_str()) > 0) oprintf(" (recovered)");
data/kyotocabinet-1.2.76/kchashtest.cc:136:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["reorganized"].c_str()) > 0) oprintf(" (reorganized)");
data/kyotocabinet-1.2.76/kchashtest.cc:137:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["trimmed"].c_str()) > 0) oprintf(" (trimmed)");
data/kyotocabinet-1.2.76/kchashtest.cc:139:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t apow = kc::atoi(status["apow"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:141:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t fpow = kc::atoi(status["fpow"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:143:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t fbpused = kc::atoi(status["fbpnum_used"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:144:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t frgcnt = kc::atoi(status["frgcnt"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:147:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t opts = kc::atoi(status["opts"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:165:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnum = kc::atoi(status["bnum"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:166:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnumused = kc::atoi(status["bnum_used"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:167:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t count = kc::atoi(status["count"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:177:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t size = kc::atoi(status["size"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:178:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t msiz = kc::atoi(status["msiz"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:179:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t realsize = kc::atoi(status["realsize"].c_str());
data/kyotocabinet-1.2.76/kchashtest.cc:559:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kchashtest.cc:592:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:593:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kchashtest.cc:763:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:764:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kchashtest.cc:835:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:836:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kchashtest.cc:881:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(opaque, "1234567890123456", 16);
data/kyotocabinet-1.2.76/kchashtest.cc:917:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:918:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kchashtest.cc:1101:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:1102:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kchashtest.cc:1104:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:1191:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:1252:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:1267:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:1268:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)myrand(range));
data/kyotocabinet-1.2.76/kchashtest.cc:1404:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:1405:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kchashtest.cc:1588:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kchashtest.cc:1612:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:1613:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%010lld", (long long)(base + i));
data/kyotocabinet-1.2.76/kchashtest.cc:1624:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%010lld", (long long)myrand(range) + 1);
data/kyotocabinet-1.2.76/kchashtest.cc:1789:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kchashtest.cc:1829:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:1830:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kchashtest.cc:1999:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:2000:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kchashtest.cc:2012:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:2013:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kchashtest.cc:2025:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:2026:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kchashtest.cc:2087:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kchashtest.cc:2142:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kchashtest.cc:2147:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!paradb.open(parapath, omode)) {
data/kyotocabinet-1.2.76/kchashtest.cc:2170:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kchashtest.cc:2171:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kchashtest.cc:2184:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kchashtest.cc:2234:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kchashtest.cc:2333:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kclangc.cc:70:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return kyotocabinet::atoi(str);
data/kyotocabinet-1.2.76/kclangc.cc:205:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return pdb->open(path, mode);
data/kyotocabinet-1.2.76/kclangc.cc:524:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf, it->first.data(), ksiz);
data/kyotocabinet-1.2.76/kclangc.cc:528:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(vbuf, it->second.data(), vsiz);
data/kyotocabinet-1.2.76/kclangc.cc:684:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(pbuf, path.c_str(), psiz + 1);
data/kyotocabinet-1.2.76/kclangc.cc:707:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(sbuf, sstr.c_str(), ssiz + 1);
data/kyotocabinet-1.2.76/kclangc.cc:726:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf, it->data(), ksiz);
data/kyotocabinet-1.2.76/kclangc.cc:749:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf, it->data(), ksiz);
data/kyotocabinet-1.2.76/kclangc.cc:773:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf, it->data(), ksiz);
data/kyotocabinet-1.2.76/kclangc.cc:1011:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return idb->open(path, mode);
data/kyotocabinet-1.2.76/kclangc.cc:1166:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(pbuf, path.c_str(), psiz + 1);
data/kyotocabinet-1.2.76/kclangc.cc:1189:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(sbuf, sstr.c_str(), ssiz + 1);
data/kyotocabinet-1.2.76/kclangctest.c:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kclangctest.c:404:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ], *vbuf, wbuf[RECBUFSIZ], *corepath, *copypath, *snappath;
data/kyotocabinet-1.2.76/kclangctest.c:430:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:455:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:481:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:506:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:538:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:610:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)myrand(rnum));
data/kyotocabinet-1.2.76/kclangctest.c:676:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(copypath, "kclangctest.tmp");
data/kyotocabinet-1.2.76/kclangctest.c:678:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(snappath, "kclangctest.kcss");
data/kyotocabinet-1.2.76/kclangctest.c:725:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:762:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ], *vbuf;
data/kyotocabinet-1.2.76/kclangctest.c:782:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:799:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:817:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:834:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:868:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:902:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kclangctest.c:915:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:929:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:944:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:958:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:984:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)myrand(rnum));
data/kyotocabinet-1.2.76/kclangctest.c:1055:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = sprintf(kbuf, "%08ld", (long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kclangctest.c:1078:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kclangctest.c:1089:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size = sprintf(buf, "%08ld", (long)i);
data/kyotocabinet-1.2.76/kcmap.h:711:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(nbuf, rbuf, rsiz);
data/kyotocabinet-1.2.76/kcmap.h:1095:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcmap.h:1112:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcmap.h:1122:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, ovbuf, ovsiz);
data/kyotocabinet-1.2.76/kcmap.h:1124:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, nvbuf, nvsiz);
data/kyotocabinet-1.2.76/kcmap.h:1138:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kcmap.h:1141:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, vbuf_, vsiz_);
data/kyotocabinet-1.2.76/kcmap.h:1267:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, buf, size);
data/kyotocabinet-1.2.76/kcmap.h:1291:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, buf, size);
data/kyotocabinet-1.2.76/kcmap.h:1316:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, buf, size);
data/kyotocabinet-1.2.76/kcplantdb.h:390:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf_, kbuf, ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:467:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rstack[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:473:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(rbuf + sizeof(*rec), kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kcplantdb.h:476:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lstack[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:506:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(rbuf + sizeof(*rec), kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kcplantdb.h:526:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(lbuf + sizeof(*link), kbuf, ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:558:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf + rec->ksiz, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcplantdb.h:566:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(lbuf + sizeof(*link), kbuf, ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:646:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lstack[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:652:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(lbuf + sizeof(*link), kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kcplantdb.h:675:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(lbuf + sizeof(*link), kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kcplantdb.h:683:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rstack[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:689:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(rbuf + sizeof(*rec), kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kcplantdb.h:704:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(rbuf + sizeof(*rec), kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kcplantdb.h:748:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf + rec->ksiz, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcplantdb.h:824:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lstack[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:830:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(lbuf + sizeof(*link), kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kcplantdb.h:839:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rstack[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:845:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(rbuf + sizeof(*rec), kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kcplantdb.h:873:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rstack[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:879:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(rbuf + sizeof(*rec), kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kcplantdb.h:924:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lstack[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:930:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(lbuf + sizeof(*link), kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kcplantdb.h:939:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rstack[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:945:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(rbuf + sizeof(*rec), kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kcplantdb.h:977:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack_[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:1060:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lstack[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:1066:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(lbuf + sizeof(*link), kbuf, ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:1076:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rstack[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:1082:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(rbuf + sizeof(*rec), kbuf, ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:1167:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lstack[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:1173:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(lbuf + sizeof(*link), kbuf, ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:1183:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rstack[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:1189:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(rbuf + sizeof(*rec), kbuf, ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:1271:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf, dbuf, rec->ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:1292:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lstack[KCPDRECBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:1298:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(lbuf + sizeof(*link), dbuf, rec->ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:1491:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const std::string& path, uint32_t mode = OWRITER | OCREATE) {
data/kyotocabinet-1.2.76/kcplantdb.h:1516:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db_.open(path, mode)) return false;
data/kyotocabinet-1.2.76/kcplantdb.h:1528:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db_.open(path, tmode)) return false;
data/kyotocabinet-1.2.76/kcplantdb.h:1533:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db_.open(path, mode)) return false;
data/kyotocabinet-1.2.76/kcplantdb.h:2570:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:2586:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, dbuf, rec->ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:2588:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, dbuf + rec->ksiz, rec->vsiz);
data/kyotocabinet-1.2.76/kcplantdb.h:2625:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:2667:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dbuf, vbuf, rksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:2670:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dbuf + rksiz, vbuf, rvsiz);
data/kyotocabinet-1.2.76/kcplantdb.h:2755:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf + rec->ksiz, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcplantdb.h:2774:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dbuf, kbuf, ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:2775:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dbuf + ksiz, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcplantdb.h:2948:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:2963:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, dbuf, link->ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:2985:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:3020:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dbuf, vbuf, rksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:3106:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf, dbuf, ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:3136:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf, dbuf, ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:3206:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dbuf, kbuf, ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:3282:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[HEADSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:3298:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &num, sizeof(num));
data/kyotocabinet-1.2.76/kcplantdb.h:3301:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &num, sizeof(num));
data/kyotocabinet-1.2.76/kcplantdb.h:3304:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &num, sizeof(num));
data/kyotocabinet-1.2.76/kcplantdb.h:3307:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &num, sizeof(num));
data/kyotocabinet-1.2.76/kcplantdb.h:3310:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &num, sizeof(num));
data/kyotocabinet-1.2.76/kcplantdb.h:3313:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &num, sizeof(num));
data/kyotocabinet-1.2.76/kcplantdb.h:3316:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &num, sizeof(num));
data/kyotocabinet-1.2.76/kcplantdb.h:3319:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, &num, sizeof(num));
data/kyotocabinet-1.2.76/kcplantdb.h:3321:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, "\x0a\x42\x6f\x6f\x66\x79\x21\x0a", sizeof(num));
data/kyotocabinet-1.2.76/kcplantdb.h:3334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[HEADSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:3550:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tkbuf[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kcplantdb.h:3551:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(tkbuf, kbuf, ksiz);
data/kyotocabinet-1.2.76/kcplantdb.h:3638:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tdb.open(npath, OWRITER | OCREATE | OTRUNCATE)) {
data/kyotocabinet-1.2.76/kcplantdb.h:3686:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db_.open(path, mode)) err = true;
data/kyotocabinet-1.2.76/kcplantdb.h:3698:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db_.open(path, mode)) err = true;
data/kyotocabinet-1.2.76/kcplantdb.h:3712:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!err && udb.open(npath, OREADER)) {
data/kyotocabinet-1.2.76/kcplantdb.h:3718:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db_.open(path, tmode)) err = true;
data/kyotocabinet-1.2.76/kcplantdb.h:3734:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db_.open(path, mode)) err = true;
data/kyotocabinet-1.2.76/kcpolydb.h:438:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const std::string& path = ":", uint32_t mode = OWRITER | OCREATE) {
data/kyotocabinet-1.2.76/kcpolydb.h:443:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return db_->open(path, mode);
data/kyotocabinet-1.2.76/kcpolydb.h:634:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs->open(logname.c_str(),
data/kyotocabinet-1.2.76/kcpolydb.h:636:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!*ofs) ofs->open(logname.c_str(), std::ios_base::out | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcpolydb.h:658:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs->open(mtrgname.c_str(),
data/kyotocabinet-1.2.76/kcpolydb.h:660:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!*ofs) ofs->open(mtrgname.c_str(), std::ios_base::out | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcpolydb.h:910:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db->open(fpath, mode)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:455:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf, kstr, ksiz);
data/kyotocabinet-1.2.76/kcpolymgr.cc:865:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::PolyDB::OWRITER | kc::PolyDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:882:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::PolyDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:917:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::PolyDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:952:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t onum = db.increment(kbuf, ksiz, kc::atoi(vbuf));
data/kyotocabinet-1.2.76/kcpolymgr.cc:984:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::PolyDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:1007:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:1041:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:1198:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::PolyDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:1220:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(file, std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcpolymgr.cc:1229:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::PolyDB::OWRITER | kc::PolyDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:1284:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::PolyDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:1308:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::PolyDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:1339:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::PolyDB::OWRITER | kc::PolyDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:1374:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::PolyDB::OWRITER | kc::PolyDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:1386:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (srcdb->open(srcpath, kc::PolyDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:1424:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::PolyDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:1446:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::PolyDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:1468:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::PolyDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcpolymgr.cc:1500:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::PolyDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kcpolytest.cc:61:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_randseed = ebuf ? (uint32_t)kc::atoi(ebuf) : (uint32_t)(kc::time() * 1000);
data/kyotocabinet-1.2.76/kcpolytest.cc:577:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcpolytest.cc:610:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:611:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcpolytest.cc:781:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:782:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcpolytest.cc:853:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:854:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcpolytest.cc:924:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:925:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcpolytest.cc:1108:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:1109:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcpolytest.cc:1111:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:1198:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:1259:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:1274:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:1275:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)myrand(range));
data/kyotocabinet-1.2.76/kcpolytest.cc:1406:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:1407:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcpolytest.cc:1582:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode)) {
data/kyotocabinet-1.2.76/kcpolytest.cc:1606:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:1607:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%010lld", (long long)(base + i));
data/kyotocabinet-1.2.76/kcpolytest.cc:1618:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%010lld", (long long)myrand(range) + 1);
data/kyotocabinet-1.2.76/kcpolytest.cc:1750:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcpolytest.cc:1794:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:1795:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcpolytest.cc:1998:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:1999:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcpolytest.cc:2011:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:2012:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcpolytest.cc:2024:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:2025:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcpolytest.cc:2077:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kcpolytest.cc:2124:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcpolytest.cc:2129:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!paradb.open(parapath, omode)) {
data/kyotocabinet-1.2.76/kcpolytest.cc:2152:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:2153:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcpolytest.cc:2166:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcpolytest.cc:2249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kcpolytest.cc:2344:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcpolytest.cc:2405:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:2406:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kcpolytest.cc:2407:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:2408:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t vsiz = std::sprintf(vbuf, "%lld", (long long)(rnd ? myrand(pnum) + 1 : i % pnum));
data/kyotocabinet-1.2.76/kcpolytest.cc:2455:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kcpolytest.cc:2484:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:2485:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcpolytest.cc:2547:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:2548:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcpolytest.cc:2646:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:2647:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcpolytest.cc:2717:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:2718:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcpolytest.cc:2777:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
db->open(path, kc::BasicDB::OWRITER | kc::BasicDB::OCREATE | kc::BasicDB::OTRUNCATE);
data/kyotocabinet-1.2.76/kcpolytest.cc:2781:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:2782:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)i);
data/kyotocabinet-1.2.76/kcpolytest.cc:2793:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:2794:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)i + 1);
data/kyotocabinet-1.2.76/kcpolytest.cc:2802:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:2803:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)i);
data/kyotocabinet-1.2.76/kcpolytest.cc:2882:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:2883:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t vsiz = std::sprintf(vbuf, "kyoto:%d", i);
data/kyotocabinet-1.2.76/kcpolytest.cc:2942:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:2943:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)i);
data/kyotocabinet-1.2.76/kcpolytest.cc:2984:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!srcdb.open(dpath, kc::PolyDB::OREADER)) {
data/kyotocabinet-1.2.76/kcpolytest.cc:3039:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcpolytest.cc:3040:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)i);
data/kyotocabinet-1.2.76/kcpolytest.cc:3079:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!pdb->open(path, kc::PolyDB::OREADER)) {
data/kyotocabinet-1.2.76/kcprotodb.h:750:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const std::string& path, uint32_t mode = OWRITER | OCREATE) {
data/kyotocabinet-1.2.76/kcprotodb.h:1275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opaque_[OPAQUESIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:51:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_randseed = ebuf ? (uint32_t)kc::atoi(ebuf) : (uint32_t)(kc::time() * 1000);
data/kyotocabinet-1.2.76/kcprototest.cc:107:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t type = kc::atoi(status["type"].c_str());
data/kyotocabinet-1.2.76/kcprototest.cc:110:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t rtype = kc::atoi(status["realtype"].c_str());
data/kyotocabinet-1.2.76/kcprototest.cc:127:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t count = kc::atoi(status["count"].c_str());
data/kyotocabinet-1.2.76/kcprototest.cc:130:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t size = kc::atoi(status["size"].c_str());
data/kyotocabinet-1.2.76/kcprototest.cc:333:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("-", kc::BasicDB::OWRITER | kc::BasicDB::OCREATE | kc::BasicDB::OTRUNCATE)) {
data/kyotocabinet-1.2.76/kcprototest.cc:365:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:366:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcprototest.cc:535:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:536:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcprototest.cc:607:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:608:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcprototest.cc:653:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(opaque, "1234567890123456", 16);
data/kyotocabinet-1.2.76/kcprototest.cc:688:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:689:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcprototest.cc:867:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:868:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcprototest.cc:870:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:957:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:1018:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:1033:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:1034:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)myrand(range));
data/kyotocabinet-1.2.76/kcprototest.cc:1164:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:1165:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcprototest.cc:1337:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("-", omode)) {
data/kyotocabinet-1.2.76/kcprototest.cc:1361:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:1362:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%010lld", (long long)(base + i));
data/kyotocabinet-1.2.76/kcprototest.cc:1373:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%010lld", (long long)myrand(range) + 1);
data/kyotocabinet-1.2.76/kcprototest.cc:1527:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("-", omode)) {
data/kyotocabinet-1.2.76/kcprototest.cc:1567:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:1568:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcprototest.cc:1746:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:1747:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcprototest.cc:1759:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:1760:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcprototest.cc:1772:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:1773:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcprototest.cc:1827:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kcprototest.cc:1869:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open("-", omode)) {
data/kyotocabinet-1.2.76/kcprototest.cc:1873:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!paradb.open("para", omode)) {
data/kyotocabinet-1.2.76/kcprototest.cc:1895:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcprototest.cc:1896:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcprototest.cc:1909:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcprototest.cc:1959:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcprototest.cc:2057:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kcstashdb.h:640:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const std::string& path, uint32_t mode = OWRITER | OCREATE) {
data/kyotocabinet-1.2.76/kcstashdb.h:1146:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, vbuf, vsiz);
data/kyotocabinet-1.2.76/kcstashdb.h:1157:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, kbuf_, ksiz_);
data/kyotocabinet-1.2.76/kcstashdb.h:1160:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(wp, vbuf_, vsiz_);
data/kyotocabinet-1.2.76/kcstashdb.h:1460:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opaque_[OPAQUESIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:47:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_randseed = ebuf ? (uint32_t)kc::atoi(ebuf) : (uint32_t)(kc::time() * 1000);
data/kyotocabinet-1.2.76/kcstashtest.cc:105:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t type = kc::atoi(status["type"].c_str());
data/kyotocabinet-1.2.76/kcstashtest.cc:108:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t rtype = kc::atoi(status["realtype"].c_str());
data/kyotocabinet-1.2.76/kcstashtest.cc:124:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnum = kc::atoi(status["bnum"].c_str());
data/kyotocabinet-1.2.76/kcstashtest.cc:125:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnumused = kc::atoi(status["bnum_used"].c_str());
data/kyotocabinet-1.2.76/kcstashtest.cc:126:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t count = kc::atoi(status["count"].c_str());
data/kyotocabinet-1.2.76/kcstashtest.cc:133:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t size = kc::atoi(status["size"].c_str());
data/kyotocabinet-1.2.76/kcstashtest.cc:335:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(":", kc::StashDB::OWRITER | kc::StashDB::OCREATE | kc::StashDB::OTRUNCATE)) {
data/kyotocabinet-1.2.76/kcstashtest.cc:367:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:368:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcstashtest.cc:537:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:538:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcstashtest.cc:609:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:610:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcstashtest.cc:655:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(opaque, "1234567890123456", 16);
data/kyotocabinet-1.2.76/kcstashtest.cc:690:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:691:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcstashtest.cc:869:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:870:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcstashtest.cc:872:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:959:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:1020:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:1035:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:1036:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)myrand(range));
data/kyotocabinet-1.2.76/kcstashtest.cc:1166:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:1167:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kcstashtest.cc:1342:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(":", omode)) {
data/kyotocabinet-1.2.76/kcstashtest.cc:1366:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:1367:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%010lld", (long long)(base + i));
data/kyotocabinet-1.2.76/kcstashtest.cc:1378:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%010lld", (long long)myrand(range) + 1);
data/kyotocabinet-1.2.76/kcstashtest.cc:1535:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(":", omode)) {
data/kyotocabinet-1.2.76/kcstashtest.cc:1575:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:1576:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcstashtest.cc:1745:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:1746:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcstashtest.cc:1758:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:1759:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcstashtest.cc:1771:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:1772:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcstashtest.cc:1826:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kcstashtest.cc:1873:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(":", omode)) {
data/kyotocabinet-1.2.76/kcstashtest.cc:1877:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!paradb.open("para", omode)) {
data/kyotocabinet-1.2.76/kcstashtest.cc:1899:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcstashtest.cc:1900:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcstashtest.cc:1913:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcstashtest.cc:1963:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kcstashtest.cc:2061:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kctextdb.h:247:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kctextdb.h:253:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[IOBUFSIZ];
data/kyotocabinet-1.2.76/kctextdb.h:256:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(rbuf, vbuf, vsiz);
data/kyotocabinet-1.2.76/kctextdb.h:278:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[IOBUFSIZ];
data/kyotocabinet-1.2.76/kctextdb.h:504:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const std::string& path, uint32_t mode = OWRITER | OCREATE) {
data/kyotocabinet-1.2.76/kctextdb.h:526:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file_.open(path, fmode, 0)) {
data/kyotocabinet-1.2.76/kctextdb.h:908:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[IOBUFSIZ];
data/kyotocabinet-1.2.76/kctextdb.h:910:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(rbuf, vbuf, vsiz);
data/kyotocabinet-1.2.76/kctextdb.h:940:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[IOBUFSIZ*4];
data/kyotocabinet-1.2.76/kctextdb.h:953:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kctextdb.h:965:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstack[IOBUFSIZ];
data/kyotocabinet-1.2.76/kctextdb.h:968:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(trbuf, vbuf, vsiz);
data/kyotocabinet-1.2.76/kctextdb.h:1022:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[IOBUFSIZ];
data/kyotocabinet-1.2.76/kctextdb.h:1073:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack[IOBUFSIZ*4];
data/kyotocabinet-1.2.76/kctextdb.h:1086:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kctreemgr.cc:479:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(kbuf, kstr, ksiz);
data/kyotocabinet-1.2.76/kctreemgr.cc:888:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OWRITER | kc::TreeDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:905:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:921:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t type = kc::atoi(status["realtype"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:924:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t chksum = kc::atoi(status["chksum"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:928:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t flags = kc::atoi(status["flags"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:933:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["recovered"].c_str()) > 0) oprintf(" (recovered)");
data/kyotocabinet-1.2.76/kctreemgr.cc:934:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["reorganized"].c_str()) > 0) oprintf(" (reorganized)");
data/kyotocabinet-1.2.76/kctreemgr.cc:935:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["trimmed"].c_str()) > 0) oprintf(" (trimmed)");
data/kyotocabinet-1.2.76/kctreemgr.cc:937:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t apow = kc::atoi(status["apow"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:939:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t fpow = kc::atoi(status["fpow"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:941:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t fbpused = kc::atoi(status["fbpnum_used"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:942:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t frgcnt = kc::atoi(status["frgcnt"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:945:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t opts = kc::atoi(status["opts"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:964:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnum = kc::atoi(status["bnum"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:965:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnumused = kc::atoi(status["bnum_used"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:966:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t count = kc::atoi(status["count"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:967:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t pnum = kc::atoi(status["pnum"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:968:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t lcnt = kc::atoi(status["lcnt"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:969:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t icnt = kc::atoi(status["icnt"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:970:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t tlevel = kc::atoi(status["tree_level"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:971:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t psiz = kc::atoi(status["psiz"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:981:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t pccap = kc::atoi(status["pccap"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:982:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cusage = kc::atoi(status["cusage"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:983:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t culcnt = kc::atoi(status["cusage_lcnt"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:984:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t culsiz = kc::atoi(status["cusage_lsiz"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:985:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cuicnt = kc::atoi(status["cusage_icnt"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:986:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cuisiz = kc::atoi(status["cusage_isiz"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:992:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t size = kc::atoi(status["size"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:993:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t msiz = kc::atoi(status["msiz"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:994:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t realsize = kc::atoi(status["realsize"].c_str());
data/kyotocabinet-1.2.76/kctreemgr.cc:1027:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:1062:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t onum = db.increment(kbuf, ksiz, kc::atoi(vbuf));
data/kyotocabinet-1.2.76/kctreemgr.cc:1094:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:1117:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:1151:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:1240:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:1262:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(file, std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kctreemgr.cc:1271:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OWRITER | kc::TreeDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:1326:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:1350:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:1381:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OWRITER | kc::TreeDB::OCREATE | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:1415:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:1437:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:1459:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OWRITER | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:1481:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kctreemgr.cc:1513:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OREADER | oflags)) {
data/kyotocabinet-1.2.76/kctreetest.cc:57:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_randseed = ebuf ? (uint32_t)kc::atoi(ebuf) : (uint32_t)(kc::time() * 1000);
data/kyotocabinet-1.2.76/kctreetest.cc:129:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t type = kc::atoi(status["type"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:132:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t chksum = kc::atoi(status["chksum"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:136:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t flags = kc::atoi(status["flags"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:141:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["recovered"].c_str()) > 0) oprintf(" (recovered)");
data/kyotocabinet-1.2.76/kctreetest.cc:142:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["reorganized"].c_str()) > 0) oprintf(" (reorganized)");
data/kyotocabinet-1.2.76/kctreetest.cc:143:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (kc::atoi(status["trimmed"].c_str()) > 0) oprintf(" (trimmed)");
data/kyotocabinet-1.2.76/kctreetest.cc:145:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t apow = kc::atoi(status["apow"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:147:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t fpow = kc::atoi(status["fpow"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:149:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t fbpused = kc::atoi(status["fbpnum_used"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:150:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t frgcnt = kc::atoi(status["frgcnt"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:153:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t opts = kc::atoi(status["opts"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:172:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnum = kc::atoi(status["bnum"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:173:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t bnumused = kc::atoi(status["bnum_used"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:174:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t count = kc::atoi(status["count"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:175:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t pnum = kc::atoi(status["pnum"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:176:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t lcnt = kc::atoi(status["lcnt"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:177:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t icnt = kc::atoi(status["icnt"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:178:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t tlevel = kc::atoi(status["tree_level"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:179:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t psiz = kc::atoi(status["psiz"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:189:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t pccap = kc::atoi(status["pccap"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:190:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cusage = kc::atoi(status["cusage"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:191:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t culcnt = kc::atoi(status["cusage_lcnt"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:192:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t culsiz = kc::atoi(status["cusage_lsiz"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:193:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cuicnt = kc::atoi(status["cusage_icnt"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:194:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t cuisiz = kc::atoi(status["cusage_isiz"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:200:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t size = kc::atoi(status["size"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:201:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t msiz = kc::atoi(status["msiz"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:202:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t realsize = kc::atoi(status["realsize"].c_str());
data/kyotocabinet-1.2.76/kctreetest.cc:648:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kctreetest.cc:681:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:682:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kctreetest.cc:852:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:853:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kctreetest.cc:924:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:925:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kctreetest.cc:970:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(opaque, "1234567890123456", 16);
data/kyotocabinet-1.2.76/kctreetest.cc:1006:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:1007:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kctreetest.cc:1190:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:1191:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kctreetest.cc:1193:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:1280:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:1341:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf_[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:1356:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:1357:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)myrand(range));
data/kyotocabinet-1.2.76/kctreetest.cc:1493:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:1494:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld",
data/kyotocabinet-1.2.76/kctreetest.cc:1683:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kctreetest.cc:1707:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:1708:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%010lld", (long long)(base + i));
data/kyotocabinet-1.2.76/kctreetest.cc:1719:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%010lld", (long long)myrand(range) + 1);
data/kyotocabinet-1.2.76/kctreetest.cc:1890:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kctreetest.cc:1930:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:1931:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kctreetest.cc:2113:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:2114:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kctreetest.cc:2126:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:2127:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kctreetest.cc:2139:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:2140:38: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t jsiz = std::sprintf(jbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kctreetest.cc:2201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kctreetest.cc:2262:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, omode | oflags)) {
data/kyotocabinet-1.2.76/kctreetest.cc:2267:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!paradb.open(parapath, omode)) {
data/kyotocabinet-1.2.76/kctreetest.cc:2290:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kctreetest.cc:2291:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kctreetest.cc:2304:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kctreetest.cc:2354:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(range) + 1));
data/kyotocabinet-1.2.76/kctreetest.cc:2453:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kcutil.cc:258:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open("/proc/self/status", std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcutil.cc:284:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open("/proc/meminfo", std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcutil.h:141:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t atoi(const char* str);
data/kyotocabinet-1.2.76/kcutil.h:912:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inline int64_t atoi(const char* str) {
data/kyotocabinet-1.2.76/kcutil.h:1089:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num *= std::pow((long double)10, (long double)atoi(str));
data/kyotocabinet-1.2.76/kcutil.h:1222:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, (const char*)&num + sizeof(num) - width, width);
data/kyotocabinet-1.2.76/kcutil.h:1232:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&num, buf, width);
data/kyotocabinet-1.2.76/kcutil.h:1573:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kcutil.h:1596:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[NUMBUFSIZ*4];
data/kyotocabinet-1.2.76/kcutil.h:1609:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[NUMBUFSIZ*4];
data/kyotocabinet-1.2.76/kcutil.h:1622:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[NUMBUFSIZ*4];
data/kyotocabinet-1.2.76/kcutil.h:1637:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[NUMBUFSIZ*4];
data/kyotocabinet-1.2.76/kcutil.h:1638:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t tsiz = std::sprintf(tbuf, "%p", va_arg(ap, void*));
data/kyotocabinet-1.2.76/kcutil.h:1908:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[NUMBUFSIZ];
data/kyotocabinet-1.2.76/kcutil.h:1952:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[NUMBUFSIZ*2];
data/kyotocabinet-1.2.76/kcutil.h:2370:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(obuf, ptr, size);
data/kyotocabinet-1.2.76/kcutilmgr.cc:315:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(file, std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcutilmgr.cc:391:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(file, std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcutilmgr.cc:484:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(file, std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcutilmgr.cc:518:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(file, std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcutilmgr.cc:631:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(file, std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcutilmgr.cc:659:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[kc::NUMBUFSIZ];
data/kyotocabinet-1.2.76/kcutilmgr.cc:684:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(file, std::ios_base::in | std::ios_base::binary);
data/kyotocabinet-1.2.76/kcutiltest.cc:58:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_randseed = ebuf ? (uint32_t)kc::atoi(ebuf) : (uint32_t)(kc::time() * 1000);
data/kyotocabinet-1.2.76/kcutiltest.cc:1257:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:1258:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08d", (int)(i % thnum_));
data/kyotocabinet-1.2.76/kcutiltest.cc:1290:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:1291:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08d", (int)i);
data/kyotocabinet-1.2.76/kcutiltest.cc:1393:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(path, kc::File::OWRITER | kc::File::OCREATE | kc::File::OTRUNCATE, msiz)) {
data/kyotocabinet-1.2.76/kcutiltest.cc:1419:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:1429:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:1430:30: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t rsiz = std::sprintf(rbuf, "[%048lld]", (long long)num);
data/kyotocabinet-1.2.76/kcutiltest.cc:1490:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:1529:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:1557:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:1558:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t rsiz = std::sprintf(rbuf, "[%048lld]", (long long)num);
data/kyotocabinet-1.2.76/kcutiltest.cc:1616:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:1694:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:1695:28: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t rsiz = std::sprintf(rbuf, "[%048lld]", (long long)num);
data/kyotocabinet-1.2.76/kcutiltest.cc:1759:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:1797:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:1850:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t roff = kc::atoi(key);
data/kyotocabinet-1.2.76/kcutiltest.cc:1851:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int32_t rsiz = kc::atoi(std::strchr(key, ':') + 1);
data/kyotocabinet-1.2.76/kcutiltest.cc:1852:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:1956:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dir.open(cwdpath)) {
data/kyotocabinet-1.2.76/kcutiltest.cc:1989:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:1990:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(kbuf, "%08lld", (long long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kcutiltest.cc:2005:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:2006:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(kbuf, "%08lld", (long long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kcutiltest.cc:2056:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:2057:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(kbuf, "%08lld", (long long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kcutiltest.cc:2082:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:2083:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(kbuf, "%08lld", (long long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kcutiltest.cc:2102:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:2103:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(kbuf, "%08lld", (long long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kcutiltest.cc:2198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:2199:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kcutiltest.cc:2214:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:2215:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kcutiltest.cc:2235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:2236:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kcutiltest.cc:2297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:2298:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%08lld", (long long)(rnd ? myrand(rnum) + 1 : i));
data/kyotocabinet-1.2.76/kcutiltest.cc:2316:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kcutiltest.cc:2319:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:2320:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t ksiz = std::sprintf(kbuf, "%lld", (long long)(myrand(rnum) + 1));
data/kyotocabinet-1.2.76/kcutiltest.cc:2374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:2375:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t size = std::sprintf(buf, "%08lld", (long long)i);
data/kyotocabinet-1.2.76/kcutiltest.cc:2428:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[RECBUFSIZL];
data/kyotocabinet-1.2.76/kcutiltest.cc:2508:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fbuf[sizeof(num64)];
data/kyotocabinet-1.2.76/kcutiltest.cc:2517:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ubuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:2552:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[kc::NUMBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:2602:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:2603:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(kbuf, "%lld", (long long)myrand(rnum));
data/kyotocabinet-1.2.76/kcutiltest.cc:2604:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vbuf[RECBUFSIZ];
data/kyotocabinet-1.2.76/kcutiltest.cc:2605:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(vbuf, "%lld", (long long)myrand(rnum));
data/kyotocabinet-1.2.76/kcutiltest.cc:2691:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 0: kc::atoi(obuf); break;
data/kyotocabinet-1.2.76/lab/kcdict/kcdictmgr.cc:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utfstack[2048];
data/kyotocabinet-1.2.76/lab/kcdict/kcdictmgr.cc:813:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!srcdb.open(srcpath, kc::TextDB::OREADER)) {
data/kyotocabinet-1.2.76/lab/kcdict/kcdictmgr.cc:835:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!destdb.open(path, kc::TreeDB::OWRITER | kc::TreeDB::OCREATE | kc::TreeDB::OTRUNCATE)) {
data/kyotocabinet-1.2.76/lab/kcdict/kcdictmgr.cc:878:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int64_t rank = kc::atoi(fields[0].c_str());
data/kyotocabinet-1.2.76/lab/kcdict/kcdictmgr.cc:960:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TreeDB::OREADER)) {
data/kyotocabinet-1.2.76/lab/kcdict/kcdictmgr.cc:1383:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open(path, kc::TextDB::OREADER)) {
data/kyotocabinet-1.2.76/kcdb.h:1300:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (!err && dir.read(&name)) {
data/kyotocabinet-1.2.76/kcdb.h:1343:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t n = ifs.read(buf, sizeof(buf)).gcount();
data/kyotocabinet-1.2.76/kcdb.h:2346:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
src->read(buf, sizeof(KCDBSSMAGICDATA));
data/kyotocabinet-1.2.76/kcdb.h:2382:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
src->read(rbuf, ksiz + vsiz);
data/kyotocabinet-1.2.76/kcdirdb.h:135:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!dir_.read(&name_)) {
data/kyotocabinet-1.2.76/kcdirdb.h:143:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!dir_.read(&name_)) {
data/kyotocabinet-1.2.76/kcdirdb.h:157:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!dir_.read(&name_)) {
data/kyotocabinet-1.2.76/kcdirdb.h:190:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!dir_.read(&name_)) {
data/kyotocabinet-1.2.76/kcdirdb.h:214:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!dir_.read(&name_)) {
data/kyotocabinet-1.2.76/kcdirdb.h:302:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!dir_.read(&name_)) {
data/kyotocabinet-1.2.76/kcdirdb.h:729:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (dir.read(&name)) {
data/kyotocabinet-1.2.76/kcdirdb.h:998:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (dir.read(&name)) {
data/kyotocabinet-1.2.76/kcdirdb.h:1578:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!file_.read(0, buf, len)) return false;
data/kyotocabinet-1.2.76/kcdirdb.h:1589:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (std::strlen(rp) < sizeof(KCDDBMAGICEOF) - 1 ||
data/kyotocabinet-1.2.76/kcdirdb.h:1612:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (dir.read(&name)) {
data/kyotocabinet-1.2.76/kcdirdb.h:1652:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hash += hashmurmur(name, std::strlen(name));
data/kyotocabinet-1.2.76/kcdirdb.h:1750:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (dir.read(&name)) {
data/kyotocabinet-1.2.76/kcdirdb.h:1918:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!cur->dir_.read(&cur->name_)) {
data/kyotocabinet-1.2.76/kcdirdb.h:2072:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (dir.read(&name)) {
data/kyotocabinet-1.2.76/kcdirdb.h:2149:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!dir->read(&name)) {
data/kyotocabinet-1.2.76/kcdirdb.h:2303:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (dir.read(&name)) {
data/kyotocabinet-1.2.76/kcdirmgr.cc:273:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcdirmgr.cc:275:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsiz = std::strlen(vstr);
data/kyotocabinet-1.2.76/kcdirmgr.cc:323:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcdirmgr.cc:379:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcdirmgr.cc:440:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcdirmgr.cc:663:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcdirmgr.cc:665:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsiz = std::strlen(vstr);
data/kyotocabinet-1.2.76/kcdirmgr.cc:714:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcdirmgr.cc:764:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcfile.cc:951:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool File::read(int64_t off, void* buf, size_t size) {
data/kyotocabinet-1.2.76/kcfile.cc:1550:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rsiz = ::read(fd, wp, limit - (wp - buf))) > 0) {
data/kyotocabinet-1.2.76/kcfile.cc:1871:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (dir.read(&ccname)) {
data/kyotocabinet-1.2.76/kcfile.cc:2050:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool DirStream::read(std::string* path) {
data/kyotocabinet-1.2.76/kcfile.cc:2614:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rb = ::read(fd, buf, size);
data/kyotocabinet-1.2.76/kcfile.h:150:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(int64_t off, void* buf, size_t size);
data/kyotocabinet-1.2.76/kcfile.h:155:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(int64_t off, std::string* buf, size_t size) {
data/kyotocabinet-1.2.76/kcfile.h:158:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read(off, tbuf, size)) {
data/kyotocabinet-1.2.76/kcfile.h:373:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::string* path);
data/kyotocabinet-1.2.76/kcforestmgr.cc:290:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcforestmgr.cc:292:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsiz = std::strlen(vstr);
data/kyotocabinet-1.2.76/kcforestmgr.cc:340:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcforestmgr.cc:396:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcforestmgr.cc:460:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcforestmgr.cc:683:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcforestmgr.cc:685:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsiz = std::strlen(vstr);
data/kyotocabinet-1.2.76/kcforestmgr.cc:734:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcforestmgr.cc:784:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kchashdb.h:2639:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!file_.read(0, head, sizeof(head))) {
data/kyotocabinet-1.2.76/kchashdb.h:2681:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!file_.read(MOFFFLAGS, &flags, sizeof(flags))) {
data/kyotocabinet-1.2.76/kchashdb.h:3464:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!file_.read(HEADSIZ, rbuf, size)) {
data/kyotocabinet-1.2.76/kchashmgr.cc:296:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kchashmgr.cc:298:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsiz = std::strlen(vstr);
data/kyotocabinet-1.2.76/kchashmgr.cc:346:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kchashmgr.cc:402:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kchashmgr.cc:463:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kchashmgr.cc:717:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kchashmgr.cc:719:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsiz = std::strlen(vstr);
data/kyotocabinet-1.2.76/kchashmgr.cc:768:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kchashmgr.cc:818:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kclangctest.c:668:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psiz = strlen(corepath);
data/kyotocabinet-1.2.76/kcpolymgr.cc:276:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcpolymgr.cc:278:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsiz = std::strlen(vstr);
data/kyotocabinet-1.2.76/kcpolymgr.cc:326:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcpolymgr.cc:382:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcpolymgr.cc:453:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcpolymgr.cc:715:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcpolymgr.cc:717:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsiz = std::strlen(vstr);
data/kyotocabinet-1.2.76/kcpolymgr.cc:766:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcpolymgr.cc:816:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kctreemgr.cc:307:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kctreemgr.cc:309:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsiz = std::strlen(vstr);
data/kyotocabinet-1.2.76/kctreemgr.cc:357:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kctreemgr.cc:413:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kctreemgr.cc:477:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kctreemgr.cc:731:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kctreemgr.cc:733:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vsiz = std::strlen(vstr);
data/kyotocabinet-1.2.76/kctreemgr.cc:782:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kctreemgr.cc:832:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ksiz = std::strlen(kstr);
data/kyotocabinet-1.2.76/kcutil.h:2021:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* zbuf = new char[std::strlen(str)+1];
data/kyotocabinet-1.2.76/kcutil.h:2096:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t zsiz = std::strlen(str);
data/kyotocabinet-1.2.76/kcutil.h:2178:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t zsiz = std::strlen(str);
data/kyotocabinet-1.2.76/kcutil.h:2273:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = std::strlen(str);
data/kyotocabinet-1.2.76/kcutil.h:2462:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = std::strlen(str);
data/kyotocabinet-1.2.76/kcutil.h:2672:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = std::strlen(str);
data/kyotocabinet-1.2.76/kcutil.h:2673:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t klen = std::strlen(key);
data/kyotocabinet-1.2.76/kcutil.h:2686:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = std::strlen(str);
data/kyotocabinet-1.2.76/kcutil.h:2687:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t klen = std::strlen(key);
data/kyotocabinet-1.2.76/kcutilmgr.cc:501:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
kc::arccipher(ostr.data(), ostr.size(), key, std::strlen(key), cbuf);
data/kyotocabinet-1.2.76/kcutiltest.cc:1491:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!file_->read(off, rbuf, FILEIOUNIT) && off + (int64_t)FILEIOUNIT < size) {
data/kyotocabinet-1.2.76/kcutiltest.cc:1762:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (file.read(roff, rbuf, rsiz)) {
data/kyotocabinet-1.2.76/kcutiltest.cc:1853:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (file.read(roff, rbuf, rsiz)) {
data/kyotocabinet-1.2.76/kcutiltest.cc:1961:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (dir.read(&cpath)) {
data/kyotocabinet-1.2.76/kcutiltest.cc:2659:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nsiz = std::strlen(name);
data/kyotocabinet-1.2.76/lab/kcdict/kcdictmgr.cc:970:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
normalizequery(query, std::strlen(query), &nquery);
data/kyotocabinet-1.2.76/lab/kcdict/kcdictmgr.cc:1388:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
normalizequery(query, std::strlen(query), &nquery);
ANALYSIS SUMMARY:
Hits = 1274
Lines analyzed = 75041 in approximately 2.98 seconds (25222 lines/second)
Physical Source Lines of Code (SLOC) = 60825
Hits@level = [0] 12 [1] 96 [2] 1130 [3] 32 [4] 16 [5] 0
Hits@level+ = [0+] 1286 [1+] 1274 [2+] 1178 [3+] 48 [4+] 16 [5+] 0
Hits/KSLOC@level+ = [0+] 21.1426 [1+] 20.9453 [2+] 19.367 [3+] 0.789149 [4+] 0.26305 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.