Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libdbd-pg-perl-3.14.2/types.c
Examining data/libdbd-pg-perl-3.14.2/quote.h
Examining data/libdbd-pg-perl-3.14.2/types.h
Examining data/libdbd-pg-perl-3.14.2/dbdimp.c
Examining data/libdbd-pg-perl-3.14.2/dbdimp.h
Examining data/libdbd-pg-perl-3.14.2/dbivport.h
Examining data/libdbd-pg-perl-3.14.2/Pg.h
Examining data/libdbd-pg-perl-3.14.2/quote.c
FINAL RESULTS:
data/libdbd-pg-perl-3.14.2/dbdimp.c:2363:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statement, currseg->segment);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3414:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statement, currseg->segment);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3416:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statement, currseg->ph->quoted);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3487:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(statement, currseg->segment);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3997:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "rollback to %s", SvPV_nolen(sp));
data/libdbd-pg-perl-3.14.2/dbdimp.c:4017:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stmt, "DEALLOCATE %s", imp_sth->prepare_name);
data/libdbd-pg-perl-3.14.2/dbdimp.c:4652:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(action, "savepoint %s", savepoint);
data/libdbd-pg-perl-3.14.2/dbdimp.c:4686:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(action, "rollback to %s", savepoint);
data/libdbd-pg-perl-3.14.2/dbdimp.c:4720:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(action, "release %s", savepoint);
data/libdbd-pg-perl-3.14.2/quote.c:299:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result,string);
data/libdbd-pg-perl-3.14.2/quote.c:347:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result,string);
data/libdbd-pg-perl-3.14.2/quote.c:392:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result,string);
data/libdbd-pg-perl-3.14.2/dbdimp.c:154:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(conn_str, " user='");
data/libdbd-pg-perl-3.14.2/dbdimp.c:167:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(conn_str, " password='");
data/libdbd-pg-perl-3.14.2/dbdimp.c:1332:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[128];
data/libdbd-pg-perl-3.14.2/dbdimp.c:1333:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(statement, "SELECT attnotnull FROM pg_catalog.pg_attribute WHERE attrelid=%d AND attnum=%d", x, y);
data/libdbd-pg-perl-3.14.2/dbdimp.c:1751:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *placeholder_string[PLACEHOLDER_TYPE_COUNT] = {
data/libdbd-pg-perl-3.14.2/dbdimp.c:2138:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
newseg->placeholder = atoi(statement-(currpos-sectionstop-1));
data/libdbd-pg-perl-3.14.2/dbdimp.c:2330:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imp_sth->prepare_name,"dbdpg_%c%d_%x",
data/libdbd-pg-perl-3.14.2/dbdimp.c:2365:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(statement, '\0'), "$%d", currseg->placeholder);
data/libdbd-pg-perl-3.14.2/dbdimp.c:2493:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
phnum = atoi(name);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3142:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rows = atol(cmdStatus + rows);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3145:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rows = atol(cmdStatus + 5);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3150:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rows = atol(cmdStatus + 7);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3489:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strchr(statement, '\0'), "$%d", currseg->placeholder);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3685:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = atol(cmdStatus + ret);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3689:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = atol(cmdStatus + 5);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3695:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = atol(cmdStatus + 7);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3838:38: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sv_setiv(sv, atol((char *)value));
data/libdbd-pg-perl-3.14.2/dbdimp.c:3965:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempsqlstate[6];
data/libdbd-pg-perl-3.14.2/dbdimp.c:5319:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rows = atol(cmdStatus + rows);
data/libdbd-pg-perl-3.14.2/dbdimp.c:5322:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rows = atol(cmdStatus + 5);
data/libdbd-pg-perl-3.14.2/dbdimp.c:5327:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rows = atol(cmdStatus + 7);
data/libdbd-pg-perl-3.14.2/dbdimp.c:5444:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/libdbd-pg-perl-3.14.2/dbdimp.c:5557:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/libdbd-pg-perl-3.14.2/dbdimp.c:5644:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/libdbd-pg-perl-3.14.2/dbdimp.c:5734:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char statement[200];
data/libdbd-pg-perl-3.14.2/dbdimp.c:5735:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(statement,
data/libdbd-pg-perl-3.14.2/quote.c:232:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf((char *)result, "\\\\%03o", (unsigned char)*string++);
data/libdbd-pg-perl-3.14.2/quote.c:555:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[64];
data/libdbd-pg-perl-3.14.2/dbdimp.c:131:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
connect_string_size = strlen(dbname);
data/libdbd-pg-perl-3.14.2/dbdimp.c:133:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
connect_string_size += strlen("user='' ") + 2*strlen(uid);
data/libdbd-pg-perl-3.14.2/dbdimp.c:133:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
connect_string_size += strlen("user='' ") + 2*strlen(uid);
data/libdbd-pg-perl-3.14.2/dbdimp.c:135:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
connect_string_size += strlen("password='' ") + 2*strlen(pwd);
data/libdbd-pg-perl-3.14.2/dbdimp.c:135:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
connect_string_size += strlen("password='' ") + 2*strlen(pwd);
data/libdbd-pg-perl-3.14.2/dbdimp.c:164:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(conn_str, "'");
data/libdbd-pg-perl-3.14.2/dbdimp.c:177:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(conn_str, "'");
data/libdbd-pg-perl-3.14.2/dbdimp.c:202:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(imp_dbh->sqlstate, "25P01", 6); /* "NO ACTIVE SQL TRANSACTION" */
data/libdbd-pg-perl-3.14.2/dbdimp.c:209:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(imp_dbh->sqlstate, "08006", 6); /* "CONNECTION FAILURE" */
data/libdbd-pg-perl-3.14.2/dbdimp.c:241:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(imp_dbh->sqlstate, "08001", 6); /* sqlclient_unable_to_establish_sqlconnection */
data/libdbd-pg-perl-3.14.2/dbdimp.c:303:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
error_len = strlen(error_msg);
data/libdbd-pg-perl-3.14.2/dbdimp.c:417:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(imp_dbh->sqlstate, sqlstate, 6);
data/libdbd-pg-perl-3.14.2/dbdimp.c:476:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(imp_dbh->sqlstate, sqlstate, 5);
data/libdbd-pg-perl-3.14.2/dbdimp.c:1800:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
imp_sth->totalsize = strlen(statement);
data/libdbd-pg-perl-3.14.2/dbdimp.c:1973:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dollarstring, statement-dollaroffset, dollaroffset);
data/libdbd-pg-perl-3.14.2/dbdimp.c:2046:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Renew(original_statement, strlen(statement-currpos)+1, char);
data/libdbd-pg-perl-3.14.2/dbdimp.c:2047:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Copy(statement-currpos, original_statement, strlen(statement-currpos)+1, char);
data/libdbd-pg-perl-3.14.2/dbdimp.c:2150:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(thisph->fooname) > phsectionsize ? strlen(thisph->fooname) : phsectionsize)) {
data/libdbd-pg-perl-3.14.2/dbdimp.c:2150:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(thisph->fooname) > phsectionsize ? strlen(thisph->fooname) : phsectionsize)) {
data/libdbd-pg-perl-3.14.2/dbdimp.c:2299:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Copy(original_statement, statement-currpos, strlen(original_statement)+1, char);
data/libdbd-pg-perl-3.14.2/dbdimp.c:2853:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
New(0, string, strlen((char *)input), char); /* Freed at end of this function */
data/libdbd-pg-perl-3.14.2/dbdimp.c:3003:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
STRLEN len = strlen(client_encoding);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3335:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(currph->quoted, "DEFAULT", 8);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3340:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(currph->quoted, "CURRENT_TIMESTAMP", 18);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3345:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(currph->quoted, "NULL", 5);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3998:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tempsqlstate, imp_dbh->sqlstate, strlen(imp_dbh->sqlstate)+1);
data/libdbd-pg-perl-3.14.2/dbdimp.c:3998:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(tempsqlstate, imp_dbh->sqlstate, strlen(imp_dbh->sqlstate)+1);
data/libdbd-pg-perl-3.14.2/dbdimp.c:4015:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
New(0, stmt, strlen("DEALLOCATE ") + strlen(imp_sth->prepare_name) + 1, char); /* freed below */
data/libdbd-pg-perl-3.14.2/dbdimp.c:4015:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
New(0, stmt, strlen("DEALLOCATE ") + strlen(imp_sth->prepare_name) + 1, char); /* freed below */
data/libdbd-pg-perl-3.14.2/dbdimp.c:4034:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(imp_dbh->sqlstate, tempsqlstate, strlen(tempsqlstate)+1);
data/libdbd-pg-perl-3.14.2/dbdimp.c:4034:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(imp_dbh->sqlstate, tempsqlstate, strlen(tempsqlstate)+1);
data/libdbd-pg-perl-3.14.2/dbdimp.c:4178:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copystatus = PQputCopyData(imp_dbh->conn, buffer, (int)strlen(buffer));
data/libdbd-pg-perl-3.14.2/dbdimp.c:4651:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
New(0, action, strlen(savepoint) + 11, char); /* freed below */
data/libdbd-pg-perl-3.14.2/dbdimp.c:4685:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
New(0, action, strlen(savepoint) + 13, char);
data/libdbd-pg-perl-3.14.2/dbdimp.c:4719:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
New(0, action, strlen(savepoint) + 9, char);
data/libdbd-pg-perl-3.14.2/quote.c:42:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(result,string,len);
data/libdbd-pg-perl-3.14.2/quote.c:271:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(result,"TRUE\0",5);
data/libdbd-pg-perl-3.14.2/quote.c:285:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(result,"FALSE\0",6);
data/libdbd-pg-perl-3.14.2/quote.c:419:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*retlen = strlen(string);
data/libdbd-pg-perl-3.14.2/quote.c:425:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*retlen = strlen(string);
data/libdbd-pg-perl-3.14.2/quote.c:545:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*retlen = strlen(string);
data/libdbd-pg-perl-3.14.2/quote.c:557:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keyword_len = (int)strlen(string);
ANALYSIS SUMMARY:
Hits = 82
Lines analyzed = 8485 in approximately 0.37 seconds (22970 lines/second)
Physical Source Lines of Code (SLOC) = 6168
Hits@level = [0] 14 [1] 42 [2] 28 [3] 0 [4] 12 [5] 0
Hits@level+ = [0+] 96 [1+] 82 [2+] 40 [3+] 12 [4+] 12 [5+] 0
Hits/KSLOC@level+ = [0+] 15.5642 [1+] 13.2944 [2+] 6.48508 [3+] 1.94553 [4+] 1.94553 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.