Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/librdkafka-1.5.0/examples/consumer.c Examining data/librdkafka-1.5.0/examples/idempotent_producer.c Examining data/librdkafka-1.5.0/examples/kafkatest_verifiable_client.cpp Examining data/librdkafka-1.5.0/examples/producer.c Examining data/librdkafka-1.5.0/examples/producer.cpp Examining data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.c Examining data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.cpp Examining data/librdkafka-1.5.0/examples/rdkafka_consume_batch.cpp Examining data/librdkafka-1.5.0/examples/rdkafka_example.c Examining data/librdkafka-1.5.0/examples/rdkafka_example.cpp Examining data/librdkafka-1.5.0/examples/rdkafka_performance.c Examining data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c Examining data/librdkafka-1.5.0/examples/transactions.c Examining data/librdkafka-1.5.0/examples/win_ssl_cert_store.cpp Examining data/librdkafka-1.5.0/mklove/modules/configure.cc Examining data/librdkafka-1.5.0/mklove/modules/configure.cxx Examining data/librdkafka-1.5.0/packaging/cmake/try_compile/atomic_32_test.c Examining data/librdkafka-1.5.0/packaging/cmake/try_compile/atomic_64_test.c Examining data/librdkafka-1.5.0/packaging/cmake/try_compile/c11threads_test.c Examining data/librdkafka-1.5.0/packaging/cmake/try_compile/crc32c_hw_test.c Examining data/librdkafka-1.5.0/packaging/cmake/try_compile/dlopen_test.c Examining data/librdkafka-1.5.0/packaging/cmake/try_compile/libsasl2_test.c Examining data/librdkafka-1.5.0/packaging/cmake/try_compile/pthread_setname_darwin_test.c Examining data/librdkafka-1.5.0/packaging/cmake/try_compile/pthread_setname_gnu_test.c Examining data/librdkafka-1.5.0/packaging/cmake/try_compile/regex_test.c Examining data/librdkafka-1.5.0/packaging/cmake/try_compile/strndup_test.c Examining data/librdkafka-1.5.0/packaging/cmake/try_compile/sync_32_test.c Examining data/librdkafka-1.5.0/packaging/cmake/try_compile/sync_64_test.c Examining data/librdkafka-1.5.0/packaging/cp/check_features.c Examining data/librdkafka-1.5.0/packaging/rpm/tests/test.c Examining data/librdkafka-1.5.0/packaging/rpm/tests/test.cpp Examining data/librdkafka-1.5.0/src-cpp/ConfImpl.cpp Examining data/librdkafka-1.5.0/src-cpp/ConsumerImpl.cpp Examining data/librdkafka-1.5.0/src-cpp/HandleImpl.cpp Examining data/librdkafka-1.5.0/src-cpp/HeadersImpl.cpp Examining data/librdkafka-1.5.0/src-cpp/KafkaConsumerImpl.cpp Examining data/librdkafka-1.5.0/src-cpp/MessageImpl.cpp Examining data/librdkafka-1.5.0/src-cpp/MetadataImpl.cpp Examining data/librdkafka-1.5.0/src-cpp/ProducerImpl.cpp Examining data/librdkafka-1.5.0/src-cpp/QueueImpl.cpp Examining data/librdkafka-1.5.0/src-cpp/RdKafka.cpp Examining data/librdkafka-1.5.0/src-cpp/TopicImpl.cpp Examining data/librdkafka-1.5.0/src-cpp/TopicPartitionImpl.cpp Examining data/librdkafka-1.5.0/src-cpp/rdkafkacpp.h Examining data/librdkafka-1.5.0/src-cpp/rdkafkacpp_int.h Examining data/librdkafka-1.5.0/src/crc32c.c Examining data/librdkafka-1.5.0/src/crc32c.h Examining data/librdkafka-1.5.0/src/lz4.c Examining data/librdkafka-1.5.0/src/lz4.h Examining data/librdkafka-1.5.0/src/lz4frame.c Examining data/librdkafka-1.5.0/src/lz4frame.h Examining data/librdkafka-1.5.0/src/lz4frame_static.h Examining data/librdkafka-1.5.0/src/lz4hc.c Examining data/librdkafka-1.5.0/src/lz4hc.h Examining data/librdkafka-1.5.0/src/queue.h Examining data/librdkafka-1.5.0/src/rd.h Examining data/librdkafka-1.5.0/src/rdaddr.c Examining data/librdkafka-1.5.0/src/rdaddr.h Examining data/librdkafka-1.5.0/src/rdatomic.h Examining data/librdkafka-1.5.0/src/rdavg.h Examining data/librdkafka-1.5.0/src/rdavl.c Examining data/librdkafka-1.5.0/src/rdavl.h Examining data/librdkafka-1.5.0/src/rdbuf.c Examining data/librdkafka-1.5.0/src/rdbuf.h Examining data/librdkafka-1.5.0/src/rdcrc32.c Examining data/librdkafka-1.5.0/src/rdcrc32.h Examining data/librdkafka-1.5.0/src/rddl.c Examining data/librdkafka-1.5.0/src/rddl.h Examining data/librdkafka-1.5.0/src/rdendian.h Examining data/librdkafka-1.5.0/src/rdfloat.h Examining data/librdkafka-1.5.0/src/rdfnv1a.c Examining data/librdkafka-1.5.0/src/rdfnv1a.h Examining data/librdkafka-1.5.0/src/rdgz.c Examining data/librdkafka-1.5.0/src/rdgz.h Examining data/librdkafka-1.5.0/src/rdhdrhistogram.c Examining data/librdkafka-1.5.0/src/rdhdrhistogram.h Examining data/librdkafka-1.5.0/src/rdinterval.h Examining data/librdkafka-1.5.0/src/rdkafka.c Examining data/librdkafka-1.5.0/src/rdkafka.h Examining data/librdkafka-1.5.0/src/rdkafka_admin.c Examining data/librdkafka-1.5.0/src/rdkafka_admin.h Examining data/librdkafka-1.5.0/src/rdkafka_assignor.c Examining data/librdkafka-1.5.0/src/rdkafka_assignor.h Examining data/librdkafka-1.5.0/src/rdkafka_aux.c Examining data/librdkafka-1.5.0/src/rdkafka_aux.h Examining data/librdkafka-1.5.0/src/rdkafka_background.c Examining data/librdkafka-1.5.0/src/rdkafka_broker.c Examining data/librdkafka-1.5.0/src/rdkafka_broker.h Examining data/librdkafka-1.5.0/src/rdkafka_buf.c Examining data/librdkafka-1.5.0/src/rdkafka_buf.h Examining data/librdkafka-1.5.0/src/rdkafka_cert.c Examining data/librdkafka-1.5.0/src/rdkafka_cert.h Examining data/librdkafka-1.5.0/src/rdkafka_cgrp.c Examining data/librdkafka-1.5.0/src/rdkafka_cgrp.h Examining data/librdkafka-1.5.0/src/rdkafka_conf.c Examining data/librdkafka-1.5.0/src/rdkafka_conf.h Examining data/librdkafka-1.5.0/src/rdkafka_confval.h Examining data/librdkafka-1.5.0/src/rdkafka_coord.c Examining data/librdkafka-1.5.0/src/rdkafka_coord.h Examining data/librdkafka-1.5.0/src/rdkafka_error.c Examining data/librdkafka-1.5.0/src/rdkafka_error.h Examining data/librdkafka-1.5.0/src/rdkafka_event.c Examining data/librdkafka-1.5.0/src/rdkafka_event.h Examining data/librdkafka-1.5.0/src/rdkafka_feature.c Examining data/librdkafka-1.5.0/src/rdkafka_feature.h Examining data/librdkafka-1.5.0/src/rdkafka_header.c Examining data/librdkafka-1.5.0/src/rdkafka_header.h Examining data/librdkafka-1.5.0/src/rdkafka_idempotence.c Examining data/librdkafka-1.5.0/src/rdkafka_idempotence.h Examining data/librdkafka-1.5.0/src/rdkafka_int.h Examining data/librdkafka-1.5.0/src/rdkafka_interceptor.c Examining data/librdkafka-1.5.0/src/rdkafka_interceptor.h Examining data/librdkafka-1.5.0/src/rdkafka_lz4.c Examining data/librdkafka-1.5.0/src/rdkafka_lz4.h Examining data/librdkafka-1.5.0/src/rdkafka_metadata.c Examining data/librdkafka-1.5.0/src/rdkafka_metadata.h Examining data/librdkafka-1.5.0/src/rdkafka_metadata_cache.c Examining data/librdkafka-1.5.0/src/rdkafka_mock.c Examining data/librdkafka-1.5.0/src/rdkafka_mock.h Examining data/librdkafka-1.5.0/src/rdkafka_mock_cgrp.c Examining data/librdkafka-1.5.0/src/rdkafka_mock_handlers.c Examining data/librdkafka-1.5.0/src/rdkafka_mock_int.h Examining data/librdkafka-1.5.0/src/rdkafka_msg.c Examining data/librdkafka-1.5.0/src/rdkafka_msg.h Examining data/librdkafka-1.5.0/src/rdkafka_msgbatch.h Examining data/librdkafka-1.5.0/src/rdkafka_msgset.h Examining data/librdkafka-1.5.0/src/rdkafka_msgset_reader.c Examining data/librdkafka-1.5.0/src/rdkafka_msgset_writer.c Examining data/librdkafka-1.5.0/src/rdkafka_offset.c Examining data/librdkafka-1.5.0/src/rdkafka_offset.h Examining data/librdkafka-1.5.0/src/rdkafka_op.c Examining data/librdkafka-1.5.0/src/rdkafka_op.h Examining data/librdkafka-1.5.0/src/rdkafka_partition.c Examining data/librdkafka-1.5.0/src/rdkafka_partition.h Examining data/librdkafka-1.5.0/src/rdkafka_pattern.c Examining data/librdkafka-1.5.0/src/rdkafka_pattern.h Examining data/librdkafka-1.5.0/src/rdkafka_plugin.c Examining data/librdkafka-1.5.0/src/rdkafka_plugin.h Examining data/librdkafka-1.5.0/src/rdkafka_proto.h Examining data/librdkafka-1.5.0/src/rdkafka_queue.c Examining data/librdkafka-1.5.0/src/rdkafka_queue.h Examining data/librdkafka-1.5.0/src/rdkafka_range_assignor.c Examining data/librdkafka-1.5.0/src/rdkafka_request.c Examining data/librdkafka-1.5.0/src/rdkafka_request.h Examining data/librdkafka-1.5.0/src/rdkafka_roundrobin_assignor.c Examining data/librdkafka-1.5.0/src/rdkafka_sasl.c Examining data/librdkafka-1.5.0/src/rdkafka_sasl.h Examining data/librdkafka-1.5.0/src/rdkafka_sasl_cyrus.c Examining data/librdkafka-1.5.0/src/rdkafka_sasl_int.h Examining data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c Examining data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.h Examining data/librdkafka-1.5.0/src/rdkafka_sasl_plain.c Examining data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c Examining data/librdkafka-1.5.0/src/rdkafka_sasl_win32.c Examining data/librdkafka-1.5.0/src/rdkafka_ssl.c Examining data/librdkafka-1.5.0/src/rdkafka_ssl.h Examining data/librdkafka-1.5.0/src/rdkafka_subscription.c Examining data/librdkafka-1.5.0/src/rdkafka_timer.c Examining data/librdkafka-1.5.0/src/rdkafka_timer.h Examining data/librdkafka-1.5.0/src/rdkafka_topic.c Examining data/librdkafka-1.5.0/src/rdkafka_topic.h Examining data/librdkafka-1.5.0/src/rdkafka_transport.c Examining data/librdkafka-1.5.0/src/rdkafka_transport.h Examining data/librdkafka-1.5.0/src/rdkafka_transport_int.h Examining data/librdkafka-1.5.0/src/rdkafka_txnmgr.c Examining data/librdkafka-1.5.0/src/rdkafka_txnmgr.h Examining data/librdkafka-1.5.0/src/rdkafka_zstd.c Examining data/librdkafka-1.5.0/src/rdkafka_zstd.h Examining data/librdkafka-1.5.0/src/rdlist.c Examining data/librdkafka-1.5.0/src/rdlist.h Examining data/librdkafka-1.5.0/src/rdlog.c Examining data/librdkafka-1.5.0/src/rdlog.h Examining data/librdkafka-1.5.0/src/rdmurmur2.c Examining data/librdkafka-1.5.0/src/rdmurmur2.h Examining data/librdkafka-1.5.0/src/rdports.c Examining data/librdkafka-1.5.0/src/rdports.h Examining data/librdkafka-1.5.0/src/rdposix.h Examining data/librdkafka-1.5.0/src/rdrand.c Examining data/librdkafka-1.5.0/src/rdrand.h Examining data/librdkafka-1.5.0/src/rdregex.c Examining data/librdkafka-1.5.0/src/rdregex.h Examining data/librdkafka-1.5.0/src/rdsignal.h Examining data/librdkafka-1.5.0/src/rdstring.c Examining data/librdkafka-1.5.0/src/rdstring.h Examining data/librdkafka-1.5.0/src/rdsysqueue.h Examining data/librdkafka-1.5.0/src/rdtime.h Examining data/librdkafka-1.5.0/src/rdtypes.h Examining data/librdkafka-1.5.0/src/rdunittest.c Examining data/librdkafka-1.5.0/src/rdunittest.h Examining data/librdkafka-1.5.0/src/rdvarint.c Examining data/librdkafka-1.5.0/src/rdvarint.h Examining data/librdkafka-1.5.0/src/rdwin32.h Examining data/librdkafka-1.5.0/src/rdxxhash.c Examining data/librdkafka-1.5.0/src/rdxxhash.h Examining data/librdkafka-1.5.0/src/regexp.c Examining data/librdkafka-1.5.0/src/regexp.h Examining data/librdkafka-1.5.0/src/snappy.c Examining data/librdkafka-1.5.0/src/snappy.h Examining data/librdkafka-1.5.0/src/snappy_compat.h Examining data/librdkafka-1.5.0/src/tinycthread.c Examining data/librdkafka-1.5.0/src/tinycthread.h Examining data/librdkafka-1.5.0/src/tinycthread_extra.c Examining data/librdkafka-1.5.0/src/tinycthread_extra.h Examining data/librdkafka-1.5.0/src/win32_config.h Examining data/librdkafka-1.5.0/tests/0000-unittests.c Examining data/librdkafka-1.5.0/tests/0001-multiobj.c Examining data/librdkafka-1.5.0/tests/0002-unkpart.c Examining data/librdkafka-1.5.0/tests/0003-msgmaxsize.c Examining data/librdkafka-1.5.0/tests/0004-conf.c Examining data/librdkafka-1.5.0/tests/0005-order.c Examining data/librdkafka-1.5.0/tests/0006-symbols.c Examining data/librdkafka-1.5.0/tests/0007-autotopic.c Examining data/librdkafka-1.5.0/tests/0008-reqacks.c Examining data/librdkafka-1.5.0/tests/0009-mock_cluster.c Examining data/librdkafka-1.5.0/tests/0011-produce_batch.c Examining data/librdkafka-1.5.0/tests/0012-produce_consume.c Examining data/librdkafka-1.5.0/tests/0013-null-msgs.c Examining data/librdkafka-1.5.0/tests/0014-reconsume-191.c Examining data/librdkafka-1.5.0/tests/0015-offset_seeks.c Examining data/librdkafka-1.5.0/tests/0016-client_swname.c Examining data/librdkafka-1.5.0/tests/0017-compression.c Examining data/librdkafka-1.5.0/tests/0018-cgrp_term.c Examining data/librdkafka-1.5.0/tests/0019-list_groups.c Examining data/librdkafka-1.5.0/tests/0020-destroy_hang.c Examining data/librdkafka-1.5.0/tests/0021-rkt_destroy.c Examining data/librdkafka-1.5.0/tests/0022-consume_batch.c Examining data/librdkafka-1.5.0/tests/0025-timers.c Examining data/librdkafka-1.5.0/tests/0026-consume_pause.c Examining data/librdkafka-1.5.0/tests/0028-long_topicnames.c Examining data/librdkafka-1.5.0/tests/0029-assign_offset.c Examining data/librdkafka-1.5.0/tests/0030-offset_commit.c Examining data/librdkafka-1.5.0/tests/0031-get_offsets.c Examining data/librdkafka-1.5.0/tests/0033-regex_subscribe.c Examining data/librdkafka-1.5.0/tests/0034-offset_reset.c Examining data/librdkafka-1.5.0/tests/0035-api_version.c Examining data/librdkafka-1.5.0/tests/0036-partial_fetch.c Examining data/librdkafka-1.5.0/tests/0037-destroy_hang_local.c Examining data/librdkafka-1.5.0/tests/0038-performance.c Examining data/librdkafka-1.5.0/tests/0039-event.c Examining data/librdkafka-1.5.0/tests/0040-io_event.c Examining data/librdkafka-1.5.0/tests/0041-fetch_max_bytes.c Examining data/librdkafka-1.5.0/tests/0042-many_topics.c Examining data/librdkafka-1.5.0/tests/0043-no_connection.c Examining data/librdkafka-1.5.0/tests/0044-partition_cnt.c Examining data/librdkafka-1.5.0/tests/0045-subscribe_update.c Examining data/librdkafka-1.5.0/tests/0046-rkt_cache.c Examining data/librdkafka-1.5.0/tests/0047-partial_buf_tmout.c Examining data/librdkafka-1.5.0/tests/0048-partitioner.c Examining data/librdkafka-1.5.0/tests/0049-consume_conn_close.c Examining data/librdkafka-1.5.0/tests/0050-subscribe_adds.c Examining data/librdkafka-1.5.0/tests/0051-assign_adds.c Examining data/librdkafka-1.5.0/tests/0052-msg_timestamps.c Examining data/librdkafka-1.5.0/tests/0053-stats_cb.cpp Examining data/librdkafka-1.5.0/tests/0054-offset_time.cpp Examining data/librdkafka-1.5.0/tests/0055-producer_latency.c Examining data/librdkafka-1.5.0/tests/0056-balanced_group_mt.c Examining data/librdkafka-1.5.0/tests/0057-invalid_topic.cpp Examining data/librdkafka-1.5.0/tests/0058-log.cpp Examining data/librdkafka-1.5.0/tests/0059-bsearch.cpp Examining data/librdkafka-1.5.0/tests/0060-op_prio.cpp Examining data/librdkafka-1.5.0/tests/0061-consumer_lag.cpp Examining data/librdkafka-1.5.0/tests/0062-stats_event.c Examining data/librdkafka-1.5.0/tests/0063-clusterid.cpp Examining data/librdkafka-1.5.0/tests/0064-interceptors.c Examining data/librdkafka-1.5.0/tests/0065-yield.cpp Examining data/librdkafka-1.5.0/tests/0066-plugins.cpp Examining data/librdkafka-1.5.0/tests/0067-empty_topic.cpp Examining data/librdkafka-1.5.0/tests/0068-produce_timeout.c Examining data/librdkafka-1.5.0/tests/0069-consumer_add_parts.c Examining data/librdkafka-1.5.0/tests/0070-null_empty.cpp Examining data/librdkafka-1.5.0/tests/0072-headers_ut.c Examining data/librdkafka-1.5.0/tests/0073-headers.c Examining data/librdkafka-1.5.0/tests/0074-producev.c Examining data/librdkafka-1.5.0/tests/0075-retry.c Examining data/librdkafka-1.5.0/tests/0076-produce_retry.c Examining data/librdkafka-1.5.0/tests/0077-compaction.c Examining data/librdkafka-1.5.0/tests/0078-c_from_cpp.cpp Examining data/librdkafka-1.5.0/tests/0079-fork.c Examining data/librdkafka-1.5.0/tests/0080-admin_ut.c Examining data/librdkafka-1.5.0/tests/0081-admin.c Examining data/librdkafka-1.5.0/tests/0082-fetch_max_bytes.cpp Examining data/librdkafka-1.5.0/tests/0083-cb_event.c Examining data/librdkafka-1.5.0/tests/0084-destroy_flags.c Examining data/librdkafka-1.5.0/tests/0085-headers.cpp Examining data/librdkafka-1.5.0/tests/0086-purge.c Examining data/librdkafka-1.5.0/tests/0088-produce_metadata_timeout.c Examining data/librdkafka-1.5.0/tests/0089-max_poll_interval.c Examining data/librdkafka-1.5.0/tests/0090-idempotence.c Examining data/librdkafka-1.5.0/tests/0091-max_poll_interval_timeout.c Examining data/librdkafka-1.5.0/tests/0092-mixed_msgver.c Examining data/librdkafka-1.5.0/tests/0093-holb.c Examining data/librdkafka-1.5.0/tests/0094-idempotence_msg_timeout.c Examining data/librdkafka-1.5.0/tests/0095-all_brokers_down.cpp Examining data/librdkafka-1.5.0/tests/0097-ssl_verify.cpp Examining data/librdkafka-1.5.0/tests/0098-consumer-txn.cpp Examining data/librdkafka-1.5.0/tests/0099-commit_metadata.c Examining data/librdkafka-1.5.0/tests/0100-thread_interceptors.cpp Examining data/librdkafka-1.5.0/tests/0101-fetch-from-follower.cpp Examining data/librdkafka-1.5.0/tests/0102-static_group_rebalance.c Examining data/librdkafka-1.5.0/tests/0103-transactions.c Examining data/librdkafka-1.5.0/tests/0104-fetch_from_follower_mock.c Examining data/librdkafka-1.5.0/tests/0105-transactions_mock.c Examining data/librdkafka-1.5.0/tests/0106-cgrp_sess_timeout.c Examining data/librdkafka-1.5.0/tests/0107-topic_recreate.c Examining data/librdkafka-1.5.0/tests/0109-auto_create_topics.cpp Examining data/librdkafka-1.5.0/tests/0110-batch_size.cpp Examining data/librdkafka-1.5.0/tests/0111-delay_create_topics.cpp Examining data/librdkafka-1.5.0/tests/0112-assign_unknown_part.c Examining data/librdkafka-1.5.0/tests/1000-unktopic.c Examining data/librdkafka-1.5.0/tests/8000-idle.cpp Examining data/librdkafka-1.5.0/tests/interceptor_test/interceptor_test.c Examining data/librdkafka-1.5.0/tests/interceptor_test/interceptor_test.h Examining data/librdkafka-1.5.0/tests/plugin_test/plugin_test.c Examining data/librdkafka-1.5.0/tests/rusage.c Examining data/librdkafka-1.5.0/tests/sockem.c Examining data/librdkafka-1.5.0/tests/sockem.h Examining data/librdkafka-1.5.0/tests/sockem_ctrl.c Examining data/librdkafka-1.5.0/tests/sockem_ctrl.h Examining data/librdkafka-1.5.0/tests/test.c Examining data/librdkafka-1.5.0/tests/test.h Examining data/librdkafka-1.5.0/tests/testcpp.cpp Examining data/librdkafka-1.5.0/tests/testcpp.h Examining data/librdkafka-1.5.0/tests/testshared.h Examining data/librdkafka-1.5.0/tests/xxxx-assign_partition.c Examining data/librdkafka-1.5.0/tests/xxxx-metadata.cpp Examining data/librdkafka-1.5.0/win32/wingetopt.c Examining data/librdkafka-1.5.0/win32/wingetopt.h Examining data/librdkafka-1.5.0/win32/wintime.h FINAL RESULTS: data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.c:182:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fp, "%s %s [%"PRId32"] offset %"PRId64, data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.c:557:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf("Topic \"%s\" partition %"PRId32, data/librdkafka-1.5.0/examples/rdkafka_example.c:267:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf("%s%"PRId32, data/librdkafka-1.5.0/examples/rdkafka_example.c:273:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf("%s%"PRId32, data/librdkafka-1.5.0/examples/rdkafka_performance.c:205:21: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(rkmessage->payload, "LATENCY:%"SCNd64, data/librdkafka-1.5.0/examples/rdkafka_performance.c:313:21: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. sscanf(rkmessage->payload, "LATENCY:%"SCNd64, data/librdkafka-1.5.0/examples/rdkafka_performance.c:1268:42: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!(stats_fp = popen(stats_cmd, data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:214:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf("%s%"PRId32, data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:220:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf("%s%"PRId32, data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:247:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "/brokers/ids/%s", brokerlist.data[i]); data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:265:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(brokerptr, "%s:%d", host, port); data/librdkafka-1.5.0/examples/transactions.c:87:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/librdkafka-1.5.0/src/lz4.c:231:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __FILE__ ": "); \ data/librdkafka-1.5.0/src/lz4.c:232:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/librdkafka-1.5.0/src/lz4frame.c:118:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __FILE__ ": "); \ data/librdkafka-1.5.0/src/lz4frame.c:119:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/librdkafka-1.5.0/src/rdaddr.c:125:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ssvc, svct); data/librdkafka-1.5.0/src/rdkafka.c:3820:33: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fp, " %"PRId32, rktp->rktp_partition); data/librdkafka-1.5.0/src/rdkafka_int.h:822:69: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. const char *fac, const char *fmt, ...) RD_FORMAT(printf, data/librdkafka-1.5.0/src/rdkafka_int.h:891:64: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. const char *fmt, ...) RD_FORMAT(printf, 4, 5); data/librdkafka-1.5.0/src/rdkafka_sasl_cyrus.c:226:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. r = system(cmd); data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:815:39: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. scope_curr += sprintf(scope_curr, "%s", ",\""); data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:816:31: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. scope_curr += sprintf(scope_curr, "%s\"", data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:819:39: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. scope_curr += sprintf(scope_curr, "%s", "]"); data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:250:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(errstr, sizeof(errstr), fmt, ap); data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:304:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(errstr, sizeof(errstr), fmt, ap); data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:2604:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, ap); data/librdkafka-1.5.0/src/rdposix.h:85:27: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define rd_snprintf(...) snprintf(__VA_ARGS__) data/librdkafka-1.5.0/src/rdposix.h:86:27: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define rd_vsnprintf(...) vsnprintf(__VA_ARGS__) data/librdkafka-1.5.0/src/rdunittest.h:47:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, \ data/librdkafka-1.5.0/src/rdunittest.h:58:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/librdkafka-1.5.0/src/rdunittest.h:79:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, \ data/librdkafka-1.5.0/src/rdunittest.h:83:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/librdkafka-1.5.0/src/rdunittest.h:110:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/librdkafka-1.5.0/src/rdunittest.h:121:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/librdkafka-1.5.0/src/regexp.c:782:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(node->ng ? "NgRep(%d,%d," : "Rep(%d,%d,", node->m, node->n); data/librdkafka-1.5.0/src/regexp.c:823:16: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. case I_CHAR: printf(inst->c >= 32 && inst->c < 127 ? "char '%c'\n" : "char U+%04X\n", inst->c); break; data/librdkafka-1.5.0/tests/0016-client_swname.c:58:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. r = system(cmd); data/librdkafka-1.5.0/tests/0075-retry.c:76:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(_C_CYA "## %s: sockem: " data/librdkafka-1.5.0/tests/0075-retry.c:88:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(_C_CYA "## %s: " data/librdkafka-1.5.0/tests/0076-produce_retry.c:189:17: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(_C_CYA "%s:%d: shutting down socket %d (%s)\n" _C_CLR, data/librdkafka-1.5.0/tests/0076-produce_retry.c:201:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(_C_CYA "%s:%d: " data/librdkafka-1.5.0/tests/sockem_ctrl.c:73:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(_C_CYA "## %s: " data/librdkafka-1.5.0/tests/test.c:1292:12: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. sql_fp = popen(test_sql_cmd, "w"); data/librdkafka-1.5.0/tests/test.c:1379:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(_C_RED " %s" _C_CLR, test->failstr); data/librdkafka-1.5.0/tests/test.c:1381:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(_C_CYA " %s" _C_CLR, test->failstr); data/librdkafka-1.5.0/tests/test.c:3963:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. r = system(cmd); data/librdkafka-1.5.0/tests/test.c:4007:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. r = system(cmd); data/librdkafka-1.5.0/tests/test.c:4479:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. r = system("make -s java"); data/librdkafka-1.5.0/tests/test.c:4613:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, ap); data/librdkafka-1.5.0/tests/test.h:60:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. #define sscanf(...) sscanf_s(__VA_ARGS__) data/librdkafka-1.5.0/tests/test.h:177:25: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define TEST_SAY0(...) fprintf(stderr, __VA_ARGS__) data/librdkafka-1.5.0/tests/test.h:185:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/librdkafka-1.5.0/tests/test.h:560:49: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. char *tsprintf (const char *fmt, ...) RD_FORMAT(printf, 1, 2); data/librdkafka-1.5.0/tests/testshared.h:89:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. RD_FORMAT(printf, 6, 7); data/librdkafka-1.5.0/tests/testshared.h:95:19: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. RD_FORMAT(printf, 6, 7); data/librdkafka-1.5.0/tests/testshared.h:128:16: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/librdkafka-1.5.0/win32/wingetopt.c:121:11: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void)vfprintf(stderr,fmt,ap); data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.c:308:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "g:b:qd:eX:ADO")) != -1) { data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.cpp:241:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "g:b:z:qd:eX:AM:qv")) != -1) { data/librdkafka-1.5.0/examples/rdkafka_consume_batch.cpp:150:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "g:B:T::b:X:")) != -1) { data/librdkafka-1.5.0/examples/rdkafka_example.c:320:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "PCLt:p:b:z:qd:o:eX:As:H:")) != -1) { data/librdkafka-1.5.0/examples/rdkafka_example.cpp:287:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "PCLt:p:b:z:qd:o:eX:AM:f:")) != -1) { data/librdkafka-1.5.0/examples/rdkafka_performance.c:864:3: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. getopt(argc, argv, data/librdkafka-1.5.0/examples/rdkafka_performance.c:1198:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(seed); data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:345:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "PCLt:p:k:z:qd:o:eX:A")) != -1) { data/librdkafka-1.5.0/examples/win_ssl_cert_store.cpp:277:23: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "b:d:X:s:p:")) != -1) { data/librdkafka-1.5.0/src/rdkafka.c:161:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned int)(tv.tv_usec / 1000)); data/librdkafka-1.5.0/src/rdposix.h:164:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tmp = getenv(env); data/librdkafka-1.5.0/src/tinycthread.c:69:5: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&(mtx->mHandle.cs)); data/librdkafka-1.5.0/src/tinycthread.c:115:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&(mtx->mHandle.cs)); data/librdkafka-1.5.0/src/tinycthread.c:299:3: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&cond->mWaitersCountLock); data/librdkafka-1.5.0/src/tinycthread.c:345:3: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&cond->mWaitersCountLock); data/librdkafka-1.5.0/src/tinycthread.c:370:3: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&cond->mWaitersCountLock); data/librdkafka-1.5.0/src/tinycthread.c:395:3: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&cond->mWaitersCountLock); data/librdkafka-1.5.0/src/tinycthread.c:408:3: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&cond->mWaitersCountLock); data/librdkafka-1.5.0/src/tinycthread.c:906:11: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&(flag->lock)); data/librdkafka-1.5.0/src/tinycthread.c:907:11: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&(flag->lock)); data/librdkafka-1.5.0/src/tinycthread.c:918:9: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&(flag->lock)); data/librdkafka-1.5.0/tests/sockem.c:193:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. sockem_conf_str = getenv("SOCKEM_CONF"); data/librdkafka-1.5.0/tests/test.c:656:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(seed); data/librdkafka-1.5.0/win32/wingetopt.c:349:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. posixly_correct = (getenv("POSIXLY_CORRECT") != NULL); data/librdkafka-1.5.0/win32/wingetopt.c:525:1: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. getopt(int nargc, char * const *nargv, const char *options) data/librdkafka-1.5.0/win32/wingetopt.c:545:1: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. getopt_long(int nargc, char * const *nargv, const char *options, data/librdkafka-1.5.0/win32/wingetopt.h:29:12: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt(int nargc, char * const *nargv, const char *options); data/librdkafka-1.5.0/win32/wingetopt.h:77:12: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt_long(int nargc, char * const *nargv, const char *options, data/librdkafka-1.5.0/examples/consumer.c:76:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; /* librdkafka API error reporting buffer */ data/librdkafka-1.5.0/examples/idempotent_producer.c:118:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/examples/idempotent_producer.c:159:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; /* librdkafka API error reporting buffer */ data/librdkafka-1.5.0/examples/idempotent_producer.c:236:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/librdkafka-1.5.0/examples/kafkatest_verifiable_client.cpp:156:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/librdkafka-1.5.0/examples/kafkatest_verifiable_client.cpp:648:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[128]; data/librdkafka-1.5.0/examples/kafkatest_verifiable_client.cpp:683:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). state.maxMessages = atoi(val); data/librdkafka-1.5.0/examples/kafkatest_verifiable_client.cpp:685:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). throughput = atoi(val); data/librdkafka-1.5.0/examples/kafkatest_verifiable_client.cpp:730:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). create_time = (int64_t)atoi(val); data/librdkafka-1.5.0/examples/producer.c:86:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; /* librdkafka API error reporting buffer */ data/librdkafka-1.5.0/examples/producer.c:87:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; /* Message value temporary buffer */ data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.c:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexen[16*3+1]; data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.c:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char charen[16+1]; data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.c:85:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. hof += sprintf(hexen+hof, "%02x ", p[i] & 0xff); data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.c:86:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. cof += sprintf(charen+cof, "%c", data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.c:283:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.c:286:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[16]; data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.c:537:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). partition = atoi(t+1); data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.cpp:83:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/librdkafka-1.5.0/examples/rdkafka_consume_batch.cpp:160:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). batch_size = atoi(optarg); data/librdkafka-1.5.0/examples/rdkafka_consume_batch.cpp:164:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). batch_tmout = atoi(optarg); data/librdkafka-1.5.0/examples/rdkafka_example.c:74:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexen[16*3+1]; data/librdkafka-1.5.0/examples/rdkafka_example.c:75:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char charen[16+1]; data/librdkafka-1.5.0/examples/rdkafka_example.c:82:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. hof += sprintf(hexen+hof, "%02x ", p[i] & 0xff); data/librdkafka-1.5.0/examples/rdkafka_example.c:83:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. cof += sprintf(charen+cof, "%c", data/librdkafka-1.5.0/examples/rdkafka_example.c:297:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/examples/rdkafka_example.c:300:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[16]; data/librdkafka-1.5.0/examples/rdkafka_example.c:331:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). partition = atoi(optarg); data/librdkafka-1.5.0/examples/rdkafka_example.c:430:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest[512]; data/librdkafka-1.5.0/examples/rdkafka_example.c:582:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/librdkafka-1.5.0/examples/rdkafka_example.cpp:307:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). partition = std::atoi(optarg); data/librdkafka-1.5.0/examples/rdkafka_performance.c:134:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/examples/rdkafka_performance.c:466:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extra[512]; data/librdkafka-1.5.0/examples/rdkafka_performance.c:673:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/librdkafka-1.5.0/examples/rdkafka_performance.c:675:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/examples/rdkafka_performance.c:677:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fp = fopen(path, "r"))) { data/librdkafka-1.5.0/examples/rdkafka_performance.c:803:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/examples/rdkafka_performance.c:817:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[128]; data/librdkafka-1.5.0/examples/rdkafka_performance.c:887:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). partitions[partition_cnt-1] = atoi(optarg); data/librdkafka-1.5.0/examples/rdkafka_performance.c:894:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). msgsize = atoi(optarg); data/librdkafka-1.5.0/examples/rdkafka_performance.c:900:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). msgcnt = atoi(optarg); data/librdkafka-1.5.0/examples/rdkafka_performance.c:906:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dispintvl = atoi(optarg); data/librdkafka-1.5.0/examples/rdkafka_performance.c:916:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). exit_after = atoi(optarg); data/librdkafka-1.5.0/examples/rdkafka_performance.c:919:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seed = atoi(optarg); data/librdkafka-1.5.0/examples/rdkafka_performance.c:932:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). batch_size = atoi(optarg); data/librdkafka-1.5.0/examples/rdkafka_performance.c:1092:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(latency_fp = fopen(optarg, "w"))) { data/librdkafka-1.5.0/examples/rdkafka_performance.c:1329:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sbuf+rof, msgpattern, xlen); data/librdkafka-1.5.0/examples/rdkafka_performance.c:1397:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbuf, sbuf, msgsize); data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexen[16*3+1]; data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char charen[16+1]; data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:86:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. hof += sprintf(hexen+hof, "%02x ", p[i] & 0xff); data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:87:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. cof += sprintf(charen+cof, "%c", data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:246:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[255], cfg[1024]; data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:285:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char brokers[1024]; data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:324:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char brokers[1024]; data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:331:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:356:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). partition = atoi(optarg); data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:558:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/librdkafka-1.5.0/examples/transactions.c:153:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[256]; data/librdkafka-1.5.0/examples/transactions.c:155:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char transactional_id[256]; data/librdkafka-1.5.0/examples/transactions.c:438:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[256]; data/librdkafka-1.5.0/examples/transactions.c:528:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[64]; data/librdkafka-1.5.0/examples/win_ssl_cert_store.cpp:221:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subject[256] = "n/a"; data/librdkafka-1.5.0/examples/win_ssl_cert_store.cpp:222:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char issuer[256] = "n/a"; data/librdkafka-1.5.0/packaging/cp/check_features.c:7:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/librdkafka-1.5.0/packaging/cp/check_features.c:11:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/packaging/rpm/tests/test.c:8:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char features[256]; data/librdkafka-1.5.0/packaging/rpm/tests/test.c:10:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src-cpp/ConfImpl.cpp:41:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[512]; data/librdkafka-1.5.0/src-cpp/ConsumerImpl.cpp:40:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[512]; data/librdkafka-1.5.0/src-cpp/HandleImpl.cpp:71:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src-cpp/HandleImpl.cpp:171:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(errstr, errbuf.c_str(), errlen); data/librdkafka-1.5.0/src-cpp/KafkaConsumerImpl.cpp:38:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[512]; data/librdkafka-1.5.0/src-cpp/ProducerImpl.cpp:54:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[512]; data/librdkafka-1.5.0/src-cpp/rdkafkacpp.h:1986:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, (const char *)value, value_size); data/librdkafka-1.5.0/src-cpp/rdkafkacpp_int.h:685:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[512]; data/librdkafka-1.5.0/src-cpp/rdkafkacpp_int.h:945:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[512]; data/librdkafka-1.5.0/src-cpp/rdkafkacpp_int.h:959:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[512]; data/librdkafka-1.5.0/src-cpp/rdkafkacpp_int.h:961:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char **extensions_copy = new const char *[extensions.size()]; data/librdkafka-1.5.0/src/lz4.c:325:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(memPtr, &value, sizeof(value)); data/librdkafka-1.5.0/src/lz4.c:330:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(memPtr, &value, sizeof(value)); data/librdkafka-1.5.0/src/lz4.c:365:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. do { memcpy(d,s,8); d+=8; s+=8; } while (d<e); data/librdkafka-1.5.0/src/lz4.c:396:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr+4, srcPtr, 4); data/librdkafka-1.5.0/src/lz4.c:400:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr, srcPtr, 8); data/librdkafka-1.5.0/src/lz4.c:418:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. do { memcpy(d,s,16); memcpy(d+16,s+16,16); d+=32; s+=32; } while (d<e); data/librdkafka-1.5.0/src/lz4.c:418:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. do { memcpy(d,s,16); memcpy(d+16,s+16,16); d+=32; s+=32; } while (d<e); data/librdkafka-1.5.0/src/lz4.c:437:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v, srcPtr, 2); data/librdkafka-1.5.0/src/lz4.c:438:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v[2], srcPtr, 2); data/librdkafka-1.5.0/src/lz4.c:439:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v[4], &v[0], 4); data/librdkafka-1.5.0/src/lz4.c:442:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v, srcPtr, 4); data/librdkafka-1.5.0/src/lz4.c:443:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v[4], srcPtr, 4); data/librdkafka-1.5.0/src/lz4.c:450:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr, v, 8); data/librdkafka-1.5.0/src/lz4.c:453:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr, v, 8); data/librdkafka-1.5.0/src/lz4.c:1165:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, anchor, lastRun); data/librdkafka-1.5.0/src/lz4.c:1541:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(streamPtr, streamPtr->dictCtx, sizeof(LZ4_stream_t)); data/librdkafka-1.5.0/src/lz4.c:1749:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, ip, 16); data/librdkafka-1.5.0/src/lz4.c:1753:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, ip, 8); data/librdkafka-1.5.0/src/lz4.c:1754:39: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (length > 8) { memcpy(op+8, ip+8, 8); } data/librdkafka-1.5.0/src/lz4.c:1790:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, match, 8); data/librdkafka-1.5.0/src/lz4.c:1791:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op+8, match+8, 8); data/librdkafka-1.5.0/src/lz4.c:1792:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op+16, match+16, 2); data/librdkafka-1.5.0/src/lz4.c:1815:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, dictEnd - copySize, copySize); data/librdkafka-1.5.0/src/lz4.c:1822:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, lowPrefix, restSize); data/librdkafka-1.5.0/src/lz4.c:1863:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, ip, endOnInput ? 16 : 8); data/librdkafka-1.5.0/src/lz4.c:1878:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op + 0, match + 0, 8); data/librdkafka-1.5.0/src/lz4.c:1879:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op + 8, match + 8, 8); data/librdkafka-1.5.0/src/lz4.c:1880:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op +16, match +16, 2); data/librdkafka-1.5.0/src/lz4.c:1993:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, dictEnd - copySize, copySize); data/librdkafka-1.5.0/src/lz4.c:2000:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, lowPrefix, restSize); data/librdkafka-1.5.0/src/lz4.c:2019:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, match, mlen); data/librdkafka-1.5.0/src/lz4.c:2033:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op+4, match, 4); data/librdkafka-1.5.0/src/lz4.c:2036:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, match, 8); data/librdkafka-1.5.0/src/lz4.c:2051:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, match, 8); data/librdkafka-1.5.0/src/lz4frame.c:507:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cdict->dictContent, dictStart, dictSize); data/librdkafka-1.5.0/src/lz4frame.c:752:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cSizePtr+BHSize, src, srcSize); data/librdkafka-1.5.0/src/lz4frame.c:850:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cctxPtr->tmpIn + cctxPtr->tmpInSize, srcBuffer, srcSize); data/librdkafka-1.5.0/src/lz4frame.c:857:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cctxPtr->tmpIn + cctxPtr->tmpInSize, srcBuffer, sizeToCopy); data/librdkafka-1.5.0/src/lz4frame.c:916:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cctxPtr->tmpIn, srcPtr, sizeToCopy); data/librdkafka-1.5.0/src/lz4frame.c:1159:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->header, srcPtr, srcSize); data/librdkafka-1.5.0/src/lz4frame.c:1323:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer + preserveSize - copySize, oldDictEnd - copySize, copySize); data/librdkafka-1.5.0/src/lz4frame.c:1333:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer, dctx->dict + dctx->dictSize - preserveSize, preserveSize); data/librdkafka-1.5.0/src/lz4frame.c:1336:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer + dctx->dictSize, dstPtr, dstSize); data/librdkafka-1.5.0/src/lz4frame.c:1344:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer, dctx->dict + dctx->dictSize - preserveSize, preserveSize); data/librdkafka-1.5.0/src/lz4frame.c:1345:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer + preserveSize, dstPtr, dstSize); data/librdkafka-1.5.0/src/lz4frame.c:1415:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->header + dctx->tmpInSize, srcPtr, sizeToCopy); data/librdkafka-1.5.0/src/lz4frame.c:1470:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpIn + dctx->tmpInSize, srcPtr, sizeToCopy); data/librdkafka-1.5.0/src/lz4frame.c:1513:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr, srcPtr, sizeToCopy); data/librdkafka-1.5.0/src/lz4frame.c:1553:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->header + dctx->tmpInSize, srcPtr, sizeToCopy); data/librdkafka-1.5.0/src/lz4frame.c:1590:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpIn + dctx->tmpInSize, srcPtr, sizeToCopy); data/librdkafka-1.5.0/src/lz4frame.c:1652:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer, dctx->dict + dctx->dictSize - 64 KB, 64 KB); data/librdkafka-1.5.0/src/lz4frame.c:1688:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr, dctx->tmpOut + dctx->tmpOutStart, sizeToCopy); data/librdkafka-1.5.0/src/lz4frame.c:1729:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpIn + dctx->tmpInSize, srcPtr, sizeToCopy); data/librdkafka-1.5.0/src/lz4frame.c:1771:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->header + dctx->tmpInSize, srcPtr, sizeToCopy); data/librdkafka-1.5.0/src/lz4frame.c:1820:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer + preserveSize - copySize, oldDictEnd - copySize, copySize); data/librdkafka-1.5.0/src/lz4frame.c:1829:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer, oldDictEnd - newDictSize, newDictSize); data/librdkafka-1.5.0/src/lz4hc.c:732:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, anchor, lastRunSize); data/librdkafka-1.5.0/src/lz4hc.c:854:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx, ctx->dictCtx, sizeof(LZ4HC_CCtx_internal)); data/librdkafka-1.5.0/src/lz4hc.c:1524:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, anchor, lastRunSize); data/librdkafka-1.5.0/src/rd.h:150:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n, s, len); data/librdkafka-1.5.0/src/rd.h:169:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_dst, _src, _srclen); \ data/librdkafka-1.5.0/src/rd.h:238:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, size); data/librdkafka-1.5.0/src/rdaddr.c:41:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[32][INET6_ADDRSTRLEN + 16]; data/librdkafka-1.5.0/src/rdaddr.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portstr[32]; data/librdkafka-1.5.0/src/rdaddr.c:97:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char snode[256]; data/librdkafka-1.5.0/src/rdaddr.c:98:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ssvc[64]; data/librdkafka-1.5.0/src/rdaddr.c:135:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(snode, nodesvc, nodelen); data/librdkafka-1.5.0/src/rdaddr.c:203:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rsal->rsal_addr[rsal->rsal_cnt++], data/librdkafka-1.5.0/src/rdbuf.c:461:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, psrc, wlen); data/librdkafka-1.5.0/src/rdbuf.c:522:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seg->seg_p+relof, payload, wlen); data/librdkafka-1.5.0/src/rdbuf.c:837:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, p, rlen); data/librdkafka-1.5.0/src/rdbuf.c:1208:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ones[1024]; data/librdkafka-1.5.0/src/rdbuf.c:1209:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char twos[1024]; data/librdkafka-1.5.0/src/rdbuf.c:1210:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char threes[1024]; data/librdkafka-1.5.0/src/rdbuf.c:1211:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fiftyfives[100]; /* 0x55 indicates "untouched" memory */ data/librdkafka-1.5.0/src/rdbuf.c:1212:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024*3]; data/librdkafka-1.5.0/src/rdbuf.c:1283:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/librdkafka-1.5.0/src/rdbuf.c:1353:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ones[1024]; data/librdkafka-1.5.0/src/rdbuf.c:1354:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char twos[1024]; data/librdkafka-1.5.0/src/rdbuf.c:1355:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char threes[1024]; data/librdkafka-1.5.0/src/rdbuf.c:1356:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fiftyfives[100]; /* 0x55 indicates "untouched" memory */ data/librdkafka-1.5.0/src/rdbuf.c:1357:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024*3]; data/librdkafka-1.5.0/src/rddl.c:63:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/librdkafka-1.5.0/src/rddl.c:137:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extpath, path, pathlen); data/librdkafka-1.5.0/src/rddl.c:138:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(extpath+pathlen, solib_ext, strlen(solib_ext) + 1); data/librdkafka-1.5.0/src/rdgz.c:54:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/librdkafka-1.5.0/src/rdkafka.c:101:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char RD_TLS rd_kafka_thread_name[64] = "app"; data/librdkafka-1.5.0/src/rdkafka.c:118:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char RD_TLS rd_kafka_thread_sysname[16] = "app"; data/librdkafka-1.5.0/src/rdkafka.c:266:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/librdkafka-1.5.0/src/rdkafka.c:692:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[32]; data/librdkafka-1.5.0/src/rdkafka.c:707:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[32]; data/librdkafka-1.5.0/src/rdkafka.c:789:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/librdkafka-1.5.0/src/rdkafka.c:970:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags_str[256]; data/librdkafka-1.5.0/src/rdkafka.c:1980:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char builtin_features[128]; data/librdkafka-1.5.0/src/rdkafka.c:4086:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[64]; data/librdkafka-1.5.0/src/rdkafka.c:4097:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[128]; data/librdkafka-1.5.0/src/rdkafka.h:1069:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _pad[64]; /**< Padding size for future-proofness */ data/librdkafka-1.5.0/src/rdkafka_admin.c:279:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/librdkafka-1.5.0/src/rdkafka_admin.c:650:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_admin.c:1358:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(del_topic->topic, topic, tsize); data/librdkafka-1.5.0/src/rdkafka_admin.c:1588:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newps->topic, topic, tsize); data/librdkafka-1.5.0/src/rdkafka_admin.c:2050:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(config->name, resname, namesz + 1); data/librdkafka-1.5.0/src/rdkafka_admin.c:2385:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[256]; data/librdkafka-1.5.0/src/rdkafka_admin.c:2689:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[256]; data/librdkafka-1.5.0/src/rdkafka_admin.h:132:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1]; /**< The topic name is allocated along with data/librdkafka-1.5.0/src/rdkafka_admin.h:165:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1]; /**< The topic name is allocated along with data/librdkafka-1.5.0/src/rdkafka_admin.h:221:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1]; /**< The name is allocated along with data/librdkafka-1.5.0/src/rdkafka_assignor.c:575:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *topics[12]; data/librdkafka-1.5.0/src/rdkafka_assignor.c:582:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *partitions[12]; /* "topic:part" */ data/librdkafka-1.5.0/src/rdkafka_assignor.c:811:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *)tests[i].topics[it].name; data/librdkafka-1.5.0/src/rdkafka_assignor.c:852:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[256]; data/librdkafka-1.5.0/src/rdkafka_assignor.c:899:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char part[64]; data/librdkafka-1.5.0/src/rdkafka_aux.c:73:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(terr->topic, topic, tlen); data/librdkafka-1.5.0/src/rdkafka_aux.c:78:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(terr->errstr, errstr, elen); data/librdkafka-1.5.0/src/rdkafka_aux.h:50:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1]; /**< topic followed by errstr */ data/librdkafka-1.5.0/src/rdkafka_broker.c:370:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_broker.c:371:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extra[128]; data/librdkafka-1.5.0/src/rdkafka_broker.c:752:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char holbstr[128]; data/librdkafka-1.5.0/src/rdkafka_broker.c:864:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rttinfo[32]; data/librdkafka-1.5.0/src/rdkafka_broker.c:888:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; data/librdkafka-1.5.0/src/rdkafka_broker.c:1761:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512] = "Protocol parse failure"; data/librdkafka-1.5.0/src/rdkafka_broker.c:2032:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_broker.c:2033:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodename[RD_KAFKA_NODENAME_SIZE]; data/librdkafka-1.5.0/src/rdkafka_broker.c:2220:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sasl_errstr[512]; data/librdkafka-1.5.0/src/rdkafka_broker.c:2917:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char brokername[RD_KAFKA_NODENAME_SIZE]; data/librdkafka-1.5.0/src/rdkafka_broker.c:4563:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[128]; data/librdkafka-1.5.0/src/rdkafka_broker.c:5544:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodename[RD_KAFKA_NODENAME_SIZE]; data/librdkafka-1.5.0/src/rdkafka_broker.c:5545:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char brokername[RD_KAFKA_NODENAME_SIZE]; data/librdkafka-1.5.0/src/rdkafka_broker.c:5655:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodename[RD_KAFKA_NODENAME_SIZE]; data/librdkafka-1.5.0/src/rdkafka_broker.c:5774:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *port = atoi(t+1); data/librdkafka-1.5.0/src/rdkafka_broker.c:5870:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodename[RD_KAFKA_NODENAME_SIZE]; data/librdkafka-1.5.0/src/rdkafka_broker.c:5956:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[4][RD_KAFKA_NODENAME_SIZE]; data/librdkafka-1.5.0/src/rdkafka_broker.h:218:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rkb_name[RD_KAFKA_NODENAME_SIZE]; /* Displ name */ data/librdkafka-1.5.0/src/rdkafka_broker.h:219:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rkb_nodename[RD_KAFKA_NODENAME_SIZE]; /* host:port*/ data/librdkafka-1.5.0/src/rdkafka_broker.h:316:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; /**< Last error string */ data/librdkafka-1.5.0/src/rdkafka_buf.h:129:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, buf, size); data/librdkafka-1.5.0/src/rdkafka_buf.h:189:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __tmpstr[256]; \ data/librdkafka-1.5.0/src/rdkafka_buf.h:975:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varint[RD_UVARINT_ENC_SIZEOF(v)]; data/librdkafka-1.5.0/src/rdkafka_buf.h:988:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varint[RD_UVARINT_ENC_SIZEOF(v)]; data/librdkafka-1.5.0/src/rdkafka_cert.c:59:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, conf->ssl.key_password, RD_MIN(pwlen, size)); data/librdkafka-1.5.0/src/rdkafka_cert.c:115:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/librdkafka-1.5.0/src/rdkafka_cgrp.c:758:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_cgrp.c:2210:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[512]; data/librdkafka-1.5.0/src/rdkafka_cgrp.c:3255:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/librdkafka-1.5.0/src/rdkafka_cgrp.c:3783:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char rd_kafka_consumer_group_metadata_magic[7] = "CGMDv1:"; data/librdkafka-1.5.0/src/rdkafka_cgrp.c:3797:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, rd_kafka_consumer_group_metadata_magic, magic_len); data/librdkafka-1.5.0/src/rdkafka_cgrp.c:3800:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+of, cgmd->group_id, groupid_len); data/librdkafka-1.5.0/src/rdkafka_cgrp.h:248:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rebalance_reason[256]; /**< Last rebalance data/librdkafka-1.5.0/src/rdkafka_conf.c:2060:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char estmp[1]; data/librdkafka-1.5.0/src/rdkafka_conf.c:2192:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, redacted, sizeof(redacted)); data/librdkafka-1.5.0/src/rdkafka_conf.c:2499:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[32]; data/librdkafka-1.5.0/src/rdkafka_conf.c:2776:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[22]; data/librdkafka-1.5.0/src/rdkafka_conf.c:2871:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, val, use_len); data/librdkafka-1.5.0/src/rdkafka_conf.c:2989:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[512]; data/librdkafka-1.5.0/src/rdkafka_conf.c:3793:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; data/librdkafka-1.5.0/src/rdkafka_conf.c:3796:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char readval[512]; data/librdkafka-1.5.0/src/rdkafka_conf.c:3821:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[64]; data/librdkafka-1.5.0/src/rdkafka_conf.h:57:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *names[RD_KAFKA_COMPRESSION_NUM] = { data/librdkafka-1.5.0/src/rdkafka_conf.h:65:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[32]; data/librdkafka-1.5.0/src/rdkafka_coord.c:303:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[256] = ""; data/librdkafka-1.5.0/src/rdkafka_event.h:77:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_feature.c:461:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[4][256]; data/librdkafka-1.5.0/src/rdkafka_feature.c:479:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ret[reti][sizeof(ret[reti])-3], "..", 3); data/librdkafka-1.5.0/src/rdkafka_header.c:83:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varint_NameLen[RD_UVARINT_ENC_SIZEOF(int32_t)]; data/librdkafka-1.5.0/src/rdkafka_header.c:84:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varint_ValueLen[RD_UVARINT_ENC_SIZEOF(int32_t)]; data/librdkafka-1.5.0/src/rdkafka_header.c:96:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)hdr->rkhdr_name, name, name_size); data/librdkafka-1.5.0/src/rdkafka_header.c:101:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)hdr->rkhdr_value, value, value_size); data/librdkafka-1.5.0/src/rdkafka_header.h:63:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rkhdr_name[1]; /**< Header name (nul-terminated string). data/librdkafka-1.5.0/src/rdkafka_idempotence.c:192:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_idempotence.c:361:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_idempotence.c:547:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/librdkafka-1.5.0/src/rdkafka_int.h:252:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rk_name[128]; data/librdkafka-1.5.0/src/rdkafka_int.h:398:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; /**< API name, e.g., data/librdkafka-1.5.0/src/rdkafka_int.h:847:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _logname[RD_KAFKA_NODENAME_SIZE]; \ data/librdkafka-1.5.0/src/rdkafka_int.h:910:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char RD_TLS rd_kafka_thread_name[64]; data/librdkafka-1.5.0/src/rdkafka_interceptor.c:382:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_lz4.c:52:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char magic[4] = { 0x04, 0x22, 0x4d, 0x18 }; data/librdkafka-1.5.0/src/rdkafka_lz4.c:111:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char magic[4] = { 0x04, 0x22, 0x4d, 0x18 }; data/librdkafka-1.5.0/src/rdkafka_mock.c:115:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)mset->bytes.data, bytes->data, mset->bytes.len); data/librdkafka-1.5.0/src/rdkafka_mock.c:121:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)mset->bytes.data, &BaseOffset, sizeof(BaseOffset)); data/librdkafka-1.5.0/src/rdkafka_mock.c:316:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(coff->group, group->str, slen); data/librdkafka-1.5.0/src/rdkafka_mock.c:713:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; data/librdkafka-1.5.0/src/rdkafka_mock.c:951:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; data/librdkafka-1.5.0/src/rdkafka_mock.c:1079:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; data/librdkafka-1.5.0/src/rdkafka_mock.c:1126:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/librdkafka-1.5.0/src/rdkafka_mock_cgrp.c:515:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char memberid[32]; data/librdkafka-1.5.0/src/rdkafka_mock_int.h:131:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char advertised_listener[128]; data/librdkafka-1.5.0/src/rdkafka_mock_int.h:263:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[32]; /**< Generated cluster id */ data/librdkafka-1.5.0/src/rdkafka_msg.c:181:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rkm->rkm_payload, payload, len); data/librdkafka-1.5.0/src/rdkafka_msg.c:192:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rkm->rkm_key, key, keylen); data/librdkafka-1.5.0/src/rdkafka_msgset_reader.c:320:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; data/librdkafka-1.5.0/src/rdkafka_msgset_writer.c:689:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varint_Length[RD_UVARINT_ENC_SIZEOF(int32_t)]; data/librdkafka-1.5.0/src/rdkafka_msgset_writer.c:690:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varint_TimestampDelta[RD_UVARINT_ENC_SIZEOF(int64_t)]; data/librdkafka-1.5.0/src/rdkafka_msgset_writer.c:691:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varint_OffsetDelta[RD_UVARINT_ENC_SIZEOF(int64_t)]; data/librdkafka-1.5.0/src/rdkafka_msgset_writer.c:692:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varint_KeyLen[RD_UVARINT_ENC_SIZEOF(int32_t)]; data/librdkafka-1.5.0/src/rdkafka_msgset_writer.c:693:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varint_ValueLen[RD_UVARINT_ENC_SIZEOF(int32_t)]; data/librdkafka-1.5.0/src/rdkafka_msgset_writer.c:694:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varint_HeaderCount[RD_UVARINT_ENC_SIZEOF(int32_t)]; data/librdkafka-1.5.0/src/rdkafka_offset.c:73:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[16][32]; data/librdkafka-1.5.0/src/rdkafka_offset.c:113:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(pathname, flags|O_CLOEXEC, mode); data/librdkafka-1.5.0/src/rdkafka_offset.c:129:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(pathname, flags, mode); data/librdkafka-1.5.0/src/rdkafka_offset.c:179:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[22]; data/librdkafka-1.5.0/src/rdkafka_offset.c:268:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[22]; data/librdkafka-1.5.0/src/rdkafka_offset.c:878:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spath[4096+1]; /* larger than escfile to avoid warning */ data/librdkafka-1.5.0/src/rdkafka_offset.c:883:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpfile[1024]; data/librdkafka-1.5.0/src/rdkafka_offset.c:883:22: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). char tmpfile[1024]; data/librdkafka-1.5.0/src/rdkafka_offset.c:884:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char escfile[4096]; data/librdkafka-1.5.0/src/rdkafka_offset.c:888:37: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). rd_snprintf(tmpfile, sizeof(tmpfile), data/librdkafka-1.5.0/src/rdkafka_offset.c:888:53: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). rd_snprintf(tmpfile, sizeof(tmpfile), data/librdkafka-1.5.0/src/rdkafka_offset.c:895:37: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). rd_snprintf(tmpfile, sizeof(tmpfile), data/librdkafka-1.5.0/src/rdkafka_offset.c:895:53: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). rd_snprintf(tmpfile, sizeof(tmpfile), data/librdkafka-1.5.0/src/rdkafka_offset.c:901:33: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). mk_esc_filename(tmpfile, escfile, sizeof(escfile)); data/librdkafka-1.5.0/src/rdkafka_op.c:389:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/librdkafka-1.5.0/src/rdkafka_op.c:423:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/librdkafka-1.5.0/src/rdkafka_op.h:329:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodename[RD_KAFKA_NODENAME_SIZE]; data/librdkafka-1.5.0/src/rdkafka_op.h:348:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fac[64]; data/librdkafka-1.5.0/src/rdkafka_partition.c:2512:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/librdkafka-1.5.0/src/rdkafka_partition.c:2781:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->metadata, src->metadata, dst->metadata_size); data/librdkafka-1.5.0/src/rdkafka_partition.c:2928:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; data/librdkafka-1.5.0/src/rdkafka_partition.c:3025:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char preamble[80]; data/librdkafka-1.5.0/src/rdkafka_partition.c:3473:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; data/librdkafka-1.5.0/src/rdkafka_partition.c:3474:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char offsetstr[32]; data/librdkafka-1.5.0/src/rdkafka_partition.c:3552:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)d->metadata, s->metadata, data/librdkafka-1.5.0/src/rdkafka_partition.h:412:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[256]; data/librdkafka-1.5.0/src/rdkafka_pattern.c:120:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char re_errstr[256]; data/librdkafka-1.5.0/src/rdkafka_pattern.c:221:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[16]; data/librdkafka-1.5.0/src/rdkafka_proto.h:163:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[32]; data/librdkafka-1.5.0/src/rdkafka_proto.h:303:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(kstr+1, &klen, 2); data/librdkafka-1.5.0/src/rdkafka_proto.h:310:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)kstr->str, str, len); data/librdkafka-1.5.0/src/rdkafka_proto.h:374:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char _data[1]; /* Bytes following struct when new()ed */ data/librdkafka-1.5.0/src/rdkafka_proto.h:430:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(kbytes+1, &klen, 4); data/librdkafka-1.5.0/src/rdkafka_proto.h:437:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)kbytes->data, bytes, len); data/librdkafka-1.5.0/src/rdkafka_proto.h:590:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char buf[2][64]; data/librdkafka-1.5.0/src/rdkafka_queue.c:745:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(qio->payload, payload, size); data/librdkafka-1.5.0/src/rdkafka_queue.h:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rkq_name[64]; /* Debugging: queue name (FUNC:LINE) */ data/librdkafka-1.5.0/src/rdkafka_request.c:71:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char actstr[128]; data/librdkafka-1.5.0/src/rdkafka_request.c:463:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[256]; data/librdkafka-1.5.0/src/rdkafka_request.c:2144:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_request.c:3027:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fatal_err[512]; data/librdkafka-1.5.0/src/rdkafka_sasl_cyrus.c:202:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; data/librdkafka-1.5.0/src/rdkafka_sasl_cyrus.c:360:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*psecret)->data, password, passlen); data/librdkafka-1.5.0/src/rdkafka_sasl_cyrus.c:486:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->callbacks, callbacks, sizeof(callbacks)); data/librdkafka-1.5.0/src/rdkafka_sasl_cyrus.c:588:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmperr[128]; data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1008:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1422:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1465:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1508:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1543:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1571:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1600:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1635:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1677:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1712:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1754:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1773:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_sasl_plain.c:85:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[of], rk->rk_conf.sasl.username, cidlen); data/librdkafka-1.5.0/src/rdkafka_sasl_plain.c:90:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[of], rk->rk_conf.sasl.password, pwlen); data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:126:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, &inbuf->ptr[of], len - 2); data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:279:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tempres[EVP_MAX_MD_SIZE]; data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:285:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(saltplus, salt->ptr, salt->size); data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:301:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->ptr, tempres, ressize); data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:305:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tempdest[EVP_MAX_MD_SIZE]; data/librdkafka-1.5.0/src/rdkafka_sasl_win32.c:65:9: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t principal[512]; /* Broker service principal and hostname */ data/librdkafka-1.5.0/src/rdkafka_sasl_win32.c:294:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffers[1].pvBuffer, server_token->pvBuffer, server_token->cbBuffer); data/librdkafka-1.5.0/src/rdkafka_sasl_win32.c:300:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffers[2].pvBuffer, in_buffer.pvBuffer, in_buffer.cbBuffer); data/librdkafka-1.5.0/src/rdkafka_sasl_win32.c:331:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out_buffer.pvBuffer, buffers[0].pvBuffer, buffers[0].cbBuffer); data/librdkafka-1.5.0/src/rdkafka_sasl_win32.c:333:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((unsigned char *)out_buffer.pvBuffer + (int)buffers[0].cbBuffer, data/librdkafka-1.5.0/src/rdkafka_sasl_win32.c:336:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((unsigned char *)out_buffer.pvBuffer + data/librdkafka-1.5.0/src/rdkafka_sasl_win32.c:340:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((unsigned char *)out_buffer.pvBuffer + data/librdkafka-1.5.0/src/rdkafka_sasl_win32.c:408:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. supported = ((char *)buffers[1].pvBuffer)[0]; data/librdkafka-1.5.0/src/rdkafka_ssl.c:97:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char errstr[256]; data/librdkafka-1.5.0/src/rdkafka_ssl.c:138:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/librdkafka-1.5.0/src/rdkafka_ssl.c:328:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, rk->rk_conf.ssl.key_password, RD_MIN(pwlen, size)); data/librdkafka-1.5.0/src/rdkafka_ssl.c:354:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_ssl.c:394:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subject[128]; data/librdkafka-1.5.0/src/rdkafka_ssl.c:395:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char issuer[128]; data/librdkafka-1.5.0/src/rdkafka_ssl.c:427:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[RD_KAFKA_NODENAME_SIZE]; data/librdkafka-1.5.0/src/rdkafka_ssl.c:532:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_ssl.c:596:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_ssl.c:702:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[256]; data/librdkafka-1.5.0/src/rdkafka_ssl.c:838:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_ssl.c:940:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr2[512]; data/librdkafka-1.5.0/src/rdkafka_ssl.c:1118:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fp = fopen(rk->rk_conf.ssl.keystore_location, "rb"))) { data/librdkafka-1.5.0/src/rdkafka_subscription.c:54:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[1]; data/librdkafka-1.5.0/src/rdkafka_topic.c:221:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lrkt->lrkt_magic, "LRKT", 4); data/librdkafka-1.5.0/src/rdkafka_topic.c:225:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lrkt->lrkt_topic, topic, topic_len+1); data/librdkafka-1.5.0/src/rdkafka_topic.c:318:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rkt->rkt_magic, "IRKT", 4); data/librdkafka-1.5.0/src/rdkafka_topic.c:1521:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)ti->topic, topic, tlen); data/librdkafka-1.5.0/src/rdkafka_topic.c:1545:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; data/librdkafka-1.5.0/src/rdkafka_topic.h:46:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lrkt_magic[4]; /**< "LRKT" */ data/librdkafka-1.5.0/src/rdkafka_topic.h:94:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rkt_magic[4]; /**< "IRKT" */ data/librdkafka-1.5.0/src/rdkafka_transport.c:612:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_transport.c:661:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_transport.c:981:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_transport.c:1000:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:246:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:291:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:752:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:1371:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:1390:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errparts[256]; data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:1765:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:2025:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:2237:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:2423:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:2530:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:2600:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/librdkafka-1.5.0/src/rdlist.c:433:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->rl_p, src->rl_p, src->rl_elemsize * src->rl_size); data/librdkafka-1.5.0/src/rdlist.c:463:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rl->rl_elems[idx], &val, sizeof(int32_t)); data/librdkafka-1.5.0/src/rdlog.c:48:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexen[16*3+1]; data/librdkafka-1.5.0/src/rdlog.c:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char charen[16+1]; data/librdkafka-1.5.0/src/rdposix.h:100:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[128]; data/librdkafka-1.5.0/src/rdrand.c:45:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, (char *)base + (i*entry_size), entry_size); data/librdkafka-1.5.0/src/rdrand.c:46:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)base+(i*entry_size), data/librdkafka-1.5.0/src/rdrand.c:48:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)base+(j*entry_size), tmp, entry_size); data/librdkafka-1.5.0/src/rdstring.c:70:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf+of, (PTR), (SZ)); \ data/librdkafka-1.5.0/src/rdstring.c:171:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(strtup->name, name, name_len); data/librdkafka-1.5.0/src/rdstring.c:175:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(strtup->value, value, value_len); data/librdkafka-1.5.0/src/rdstring.h:41:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, copylen); data/librdkafka-1.5.0/src/rdstring.h:64:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1]; /* Actual allocation of name + val here */ data/librdkafka-1.5.0/src/rdtime.h:125:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[27]; data/librdkafka-1.5.0/src/rdvarint.c:37:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16] = { 0xff, 0xff, 0xff, 0xff, data/librdkafka-1.5.0/src/rdwin32.h:150:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[128]; data/librdkafka-1.5.0/src/rdwin32.h:218:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char tmp[512]; data/librdkafka-1.5.0/src/rdwin32.h:248:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char buf[256]; data/librdkafka-1.5.0/src/rdxxhash.c:112:76: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static void* XXH_memcpy(void* dest, const void* src, size_t size) { return memcpy(dest,src,size); } data/librdkafka-1.5.0/src/rdxxhash.c:434:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstState, srcState, sizeof(*dstState)); data/librdkafka-1.5.0/src/rdxxhash.c:446:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved)); data/librdkafka-1.5.0/src/rdxxhash.c:569:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &hash, sizeof(*dst)); data/librdkafka-1.5.0/src/rdxxhash.c:895:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstState, srcState, sizeof(*dstState)); data/librdkafka-1.5.0/src/rdxxhash.c:907:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved)); data/librdkafka-1.5.0/src/rdxxhash.c:1022:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &hash, sizeof(*dst)); data/librdkafka-1.5.0/src/rdxxhash.h:204:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef struct { unsigned char digest[4]; } XXH32_canonical_t; data/librdkafka-1.5.0/src/rdxxhash.h:239:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef struct { unsigned char digest[8]; } XXH64_canonical_t; data/librdkafka-1.5.0/src/regexp.c:851:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char *)prog)+1, prog, 4); data/librdkafka-1.5.0/src/regexp.c:968:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&t->sub, sub, sizeof t->sub); data/librdkafka-1.5.0/src/regexp.c:989:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sub, &ready[nready].sub, sizeof sub); data/librdkafka-1.5.0/src/regexp.c:1016:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&scratch, &sub, sizeof scratch); data/librdkafka-1.5.0/src/snappy.c:387:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, data, nlen); data/librdkafka-1.5.0/src/snappy.c:396:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iov->iov_base, data, nlen); data/librdkafka-1.5.0/src/snappy.c:440:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->dest, data, n); data/librdkafka-1.5.0/src/snappy.c:579:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, ip, len); data/librdkafka-1.5.0/src/snappy.c:693:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, literal, len); data/librdkafka-1.5.0/src/snappy.c:1170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scratch[5]; /* Temporary buffer for peekfast boundaries */ data/librdkafka-1.5.0/src/snappy.c:1359:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d->scratch + nbuf, src, to_add); data/librdkafka-1.5.0/src/snappy.c:1414:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ulength[kmax32]; data/librdkafka-1.5.0/src/snappy.c:1438:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(env->scratch, fragment, bytes_read); data/librdkafka-1.5.0/src/snappy.c:1446:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)(env->scratch) + bytes_read, fragment, n); data/librdkafka-1.5.0/src/snappy.c:1610:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&clen, inbuf+of, 4); data/librdkafka-1.5.0/src/snappy_compat.h:79:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&_ret, (x), sizeof(*(x))); \ data/librdkafka-1.5.0/src/snappy_compat.h:83:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((x), &_v, sizeof(*(x))); }) data/librdkafka-1.5.0/tests/0001-multiobj.c:54:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/librdkafka-1.5.0/tests/0002-unkpart.c:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/librdkafka-1.5.0/tests/0003-msgmaxsize.c:75:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0004-conf.c:136:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0004-conf.c:183:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0004-conf.c:257:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0004-conf.c:347:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest[512]; data/librdkafka-1.5.0/tests/0004-conf.c:369:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0004-conf.c:586:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest[64]; data/librdkafka-1.5.0/tests/0005-order.c:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/librdkafka-1.5.0/tests/0007-autotopic.c:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/librdkafka-1.5.0/tests/0008-reqacks.c:82:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0008-reqacks.c:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/librdkafka-1.5.0/tests/0008-reqacks.c:99:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[10]; data/librdkafka-1.5.0/tests/0011-produce_batch.c:82:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/librdkafka-1.5.0/tests/0011-produce_batch.c:204:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/librdkafka-1.5.0/tests/0011-produce_batch.c:319:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128 + sizeof(__FILE__) + sizeof(__FUNCTION__)]; data/librdkafka-1.5.0/tests/0011-produce_batch.c:453:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128 + sizeof(__FILE__) + sizeof(__FUNCTION__)]; data/librdkafka-1.5.0/tests/0012-produce_consume.c:74:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0012-produce_consume.c:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/librdkafka-1.5.0/tests/0012-produce_consume.c:249:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/librdkafka-1.5.0/tests/0013-null-msgs.c:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0013-null-msgs.c:100:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[128]; data/librdkafka-1.5.0/tests/0013-null-msgs.c:212:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/librdkafka-1.5.0/tests/0014-reconsume-191.c:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0014-reconsume-191.c:95:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[128]; data/librdkafka-1.5.0/tests/0014-reconsume-191.c:96:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/librdkafka-1.5.0/tests/0014-reconsume-191.c:239:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/librdkafka-1.5.0/tests/0016-client_swname.c:37:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char jmx_cmd[512]; data/librdkafka-1.5.0/tests/0016-client_swname.c:48:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[512+256]; data/librdkafka-1.5.0/tests/0017-compression.c:47:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *codecs[CODEC_CNT+1] = { data/librdkafka-1.5.0/tests/0017-compression.c:61:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *topics[CODEC_CNT]; data/librdkafka-1.5.0/tests/0018-cgrp_term.c:140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0019-list_groups.c:150:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *groups[_CONS_CNT]; data/librdkafka-1.5.0/tests/0020-destroy_hang.c:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_id[32]; data/librdkafka-1.5.0/tests/0022-consume_batch.c:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *topics[topic_cnt]; data/librdkafka-1.5.0/tests/0026-consume_pause.c:56:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_id[32]; data/librdkafka-1.5.0/tests/0028-long_topicnames.c:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char topic[256]; data/librdkafka-1.5.0/tests/0030-offset_commit.c:103:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char groupid[64]; data/librdkafka-1.5.0/tests/0030-offset_commit.c:380:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_id[64]; data/librdkafka-1.5.0/tests/0030-offset_commit.c:460:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_id[64]; data/librdkafka-1.5.0/tests/0033-regex_subscribe.c:44:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *sub[4]; /* subscriptions */ data/librdkafka-1.5.0/tests/0033-regex_subscribe.c:45:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *exp[4]; /* expected topics */ data/librdkafka-1.5.0/tests/0033-regex_subscribe.c:277:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char topics[3][128]; data/librdkafka-1.5.0/tests/0033-regex_subscribe.c:278:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nonexist_topic[128]; data/librdkafka-1.5.0/tests/0033-regex_subscribe.c:283:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char groupid[64]; data/librdkafka-1.5.0/tests/0033-regex_subscribe.c:453:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[256]; data/librdkafka-1.5.0/tests/0033-regex_subscribe.c:475:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char topic[32]; data/librdkafka-1.5.0/tests/0039-event.c:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/librdkafka-1.5.0/tests/0039-event.c:183:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctx[60]; data/librdkafka-1.5.0/tests/0048-partitioner.c:227:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *keys[_MSG_CNT] = { data/librdkafka-1.5.0/tests/0050-subscribe_adds.c:49:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *topic[TOPIC_CNT] = { data/librdkafka-1.5.0/tests/0051-assign_adds.c:49:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *topic[TOPIC_CNT] = { data/librdkafka-1.5.0/tests/0052-msg_timestamps.c:68:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[128], buf[100]; data/librdkafka-1.5.0/tests/0053-stats_cb.cpp:281:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[256]; data/librdkafka-1.5.0/tests/0053-stats_cb.cpp:430:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[256]; data/librdkafka-1.5.0/tests/0055-producer_latency.c:36:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *conf[16]; data/librdkafka-1.5.0/tests/0055-producer_latency.c:43:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linger_ms_conf[32]; /**< Read back to show actual value */ data/librdkafka-1.5.0/tests/0064-interceptors.c:127:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). id = atoi(id_str); data/librdkafka-1.5.0/tests/0064-interceptors.c:223:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[16]; data/librdkafka-1.5.0/tests/0066-plugins.cpp:66:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cwd[512], *pcwd; data/librdkafka-1.5.0/tests/0070-null_empty.cpp:93:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *msgs[msgcnt*2] = { data/librdkafka-1.5.0/tests/0072-headers_ut.c:63:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&msgid, rkmessage->payload, rkmessage->len); data/librdkafka-1.5.0/tests/0072-headers_ut.c:105:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vid, value, size); data/librdkafka-1.5.0/tests/0072-headers_ut.c:226:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TEST_ASSERT(!strcmp((const char *)value, expected[idx]), data/librdkafka-1.5.0/tests/0072-headers_ut.c:255:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *expect_iter_multi[4] = { data/librdkafka-1.5.0/tests/0072-headers_ut.c:261:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *expect_iter_static[1] = { data/librdkafka-1.5.0/tests/0073-headers.c:62:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&msgid, rkmessage->payload, rkmessage->len); data/librdkafka-1.5.0/tests/0073-headers.c:118:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vid, value, size); data/librdkafka-1.5.0/tests/0074-producev.c:42:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2000]; data/librdkafka-1.5.0/tests/0076-produce_retry.c:187:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/librdkafka-1.5.0/tests/0077-compaction.c:105:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[16]; data/librdkafka-1.5.0/tests/0077-compaction.c:160:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *keys[_KEY_CNT] = { "k1", "k2", "k3", NULL/*generate unique*/ }; data/librdkafka-1.5.0/tests/0077-compaction.c:219:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rdk_msgid[256]; data/librdkafka-1.5.0/tests/0077-compaction.c:220:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unique_key[16]; data/librdkafka-1.5.0/tests/0080-admin_ut.c:89:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0080-admin_ut.c:292:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0080-admin_ut.c:441:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; data/librdkafka-1.5.0/tests/0080-admin_ut.c:533:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0080-admin_ut.c:616:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0080-admin_ut.c:696:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0081-admin.c:48:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *topics[MY_NEW_TOPICS_CNT]; data/librdkafka-1.5.0/tests/0081-admin.c:60:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0081-admin.c:294:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *topics[MY_DEL_TOPICS_CNT]; data/librdkafka-1.5.0/tests/0081-admin.c:306:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0081-admin.c:481:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *topics[MY_CRP_TOPICS_CNT]; data/librdkafka-1.5.0/tests/0081-admin.c:490:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0081-admin.c:715:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *topics[MY_CONFRES_CNT]; data/librdkafka-1.5.0/tests/0081-admin.c:724:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; data/librdkafka-1.5.0/tests/0081-admin.c:906:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *topics[MY_CONFRES_CNT]; data/librdkafka-1.5.0/tests/0081-admin.c:915:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; data/librdkafka-1.5.0/tests/0081-admin.c:1096:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0086-purge.c:123:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&msgid, rkmessage->payload, rkmessage->len); data/librdkafka-1.5.0/tests/0092-mixed_msgver.c:64:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[230]; data/librdkafka-1.5.0/tests/0098-consumer-txn.cpp:79:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[256]; data/librdkafka-1.5.0/tests/0098-consumer-txn.cpp:406:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rd_usleep(atoi(cmd[1].c_str()) * 1000, NULL); data/librdkafka-1.5.0/tests/0098-consumer-txn.cpp:462:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(cmd[1].c_str()), /* partition */ data/librdkafka-1.5.0/tests/0098-consumer-txn.cpp:464:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(cmd[3].c_str()), /* msg count */ data/librdkafka-1.5.0/tests/0099-commit_metadata.c:169:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group_id[16]; data/librdkafka-1.5.0/tests/0101-fetch-from-follower.cpp:107:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rxbytes[atoi(broker_id.c_str())] = broker_rxbytes; data/librdkafka-1.5.0/tests/0101-fetch-from-follower.cpp:230:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cerrstr[128]; data/librdkafka-1.5.0/tests/0101-fetch-from-follower.cpp:348:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int msg_cnt = atoi(cnt_str_start_ptr); data/librdkafka-1.5.0/tests/0102-static_group_rebalance.c:442:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0103-transactions.c:55:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[128]; data/librdkafka-1.5.0/tests/0103-transactions.c:56:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[128]; data/librdkafka-1.5.0/tests/0103-transactions.c:518:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/0105-transactions_mock.c:73:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numstr[8]; data/librdkafka-1.5.0/tests/0110-batch_size.cpp:138:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[msgsize]; data/librdkafka-1.5.0/tests/1000-unktopic.c:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char topic[64]; data/librdkafka-1.5.0/tests/1000-unktopic.c:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/1000-unktopic.c:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/librdkafka-1.5.0/tests/rusage.c:130:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reasons[3][128]; data/librdkafka-1.5.0/tests/sockem.c:62:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (char *)memcpy(_d, _s, _len); \ data/librdkafka-1.5.0/tests/sockem.c:260:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sb->sb_data, data, size); data/librdkafka-1.5.0/tests/sockem.c:703:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (sockem_set0(skm, s, atoi(d)) == -1) data/librdkafka-1.5.0/tests/test.c:50:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_mode[64] = "bare"; data/librdkafka-1.5.0/tests/test.c:51:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char test_scenario[64] = "default"; data/librdkafka-1.5.0/tests/test.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char test_topic_prefix[128] = "rdkafkatest"; data/librdkafka-1.5.0/tests/test.c:538:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/test.c:626:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). test_level = atoi(tmp); data/librdkafka-1.5.0/tests/test.c:634:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). seed = atoi(tmp); data/librdkafka-1.5.0/tests/test.c:662:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[512]; data/librdkafka-1.5.0/tests/test.c:720:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/librdkafka-1.5.0/tests/test.c:724:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(conf_path, "r"); data/librdkafka-1.5.0/tests/test.c:743:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/test.c:837:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/librdkafka-1.5.0/tests/test.c:894:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[64]; data/librdkafka-1.5.0/tests/test.c:928:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val+of, key, len); data/librdkafka-1.5.0/tests/test.c:942:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/librdkafka-1.5.0/tests/test.c:985:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stats_file[256]; data/librdkafka-1.5.0/tests/test.c:989:32: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(test->stats_fp = fopen(stats_file, "w+"))) data/librdkafka-1.5.0/tests/test.c:1166:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char testnum[128]; data/librdkafka-1.5.0/tests/test.c:1170:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[128]; data/librdkafka-1.5.0/tests/test.c:1247:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char report_path[128]; data/librdkafka-1.5.0/tests/test.c:1250:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datestr[64]; data/librdkafka-1.5.0/tests/test.c:1269:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). report_fp = fopen(report_path, "w+"); data/librdkafka-1.5.0/tests/test.c:1313:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extra[128] = ""; data/librdkafka-1.5.0/tests/test.c:1706:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cwd[512], *pcwd; data/librdkafka-1.5.0/tests/test.c:1841:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/test.c:1910:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/test.c:1963:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[128]; data/librdkafka-1.5.0/tests/test.c:2220:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[64]; data/librdkafka-1.5.0/tests/test.c:2436:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char grpid0[64]; data/librdkafka-1.5.0/tests/test.c:2859:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/librdkafka-1.5.0/tests/test.c:3501:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/librdkafka-1.5.0/tests/test.c:3832:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/test.c:3840:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[256]; data/librdkafka-1.5.0/tests/test.c:3872:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/test.c:3886:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512] = {"Missing conf_t"}; data/librdkafka-1.5.0/tests/test.c:3941:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[1024]; data/librdkafka-1.5.0/tests/test.c:3984:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[512]; data/librdkafka-1.5.0/tests/test.c:4040:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/test.c:4159:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/test.c:4245:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/test.c:4569:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[128]; data/librdkafka-1.5.0/tests/test.c:4589:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static RD_TLS char ret[8][512]; data/librdkafka-1.5.0/tests/test.c:4610:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/librdkafka-1.5.0/tests/test.c:5173:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/test.c:5186:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/test.c:5242:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/test.c:5320:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/tests/test.c:5542:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[256]; data/librdkafka-1.5.0/tests/test.c:5661:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/librdkafka-1.5.0/tests/test.c:5666:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestr[32]; data/librdkafka-1.5.0/tests/test.c:5740:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[256]; data/librdkafka-1.5.0/tests/test.h:70:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char test_mode[64]; data/librdkafka-1.5.0/tests/test.h:147:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char failstr[512];/**< First test failure reason */ data/librdkafka-1.5.0/tests/testshared.h:48:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char test_scenario[64]; data/librdkafka-1.5.0/tests/testshared.h:232:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/librdkafka-1.5.0/tests/testshared.h:266:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _str[512]; \ data/librdkafka-1.5.0/tests/xxxx-assign_partition.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[512]; data/librdkafka-1.5.0/win32/wingetopt.c:182:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char **) nargv)[pos] = nargv[cstart]; data/librdkafka-1.5.0/win32/wingetopt.c:184:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char **)nargv)[cstart] = swap; data/librdkafka-1.5.0/examples/idempotent_producer.c:257:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RD_KAFKA_V_VALUE(buf, strlen(buf)), data/librdkafka-1.5.0/examples/idempotent_producer.c:323:17: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(500 * 1000); /* 500ms */ data/librdkafka-1.5.0/examples/kafkatest_verifiable_client.cpp:160:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), ".%03d", data/librdkafka-1.5.0/examples/kafkatest_verifiable_client.cpp:160:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), ".%03d", data/librdkafka-1.5.0/examples/kafkatest_verifiable_client.cpp:708:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s.erase(pos, strlen("org.apache.kafka.clients.consumer.")); data/librdkafka-1.5.0/examples/kafkatest_verifiable_client.cpp:711:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s.erase(pos, strlen("Assignor")); data/librdkafka-1.5.0/examples/kafkatest_verifiable_client.cpp:865:7: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(1000); data/librdkafka-1.5.0/examples/producer.c:149:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(buf); data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.c:358:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(name, "topic.", strlen("topic."))) data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.c:361:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("topic."), data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.cpp:295:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(name, "topic.", strlen("topic."))) data/librdkafka-1.5.0/examples/rdkafka_complex_consumer_example.cpp:296:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = tconf->set(name+strlen("topic."), val, errstr); data/librdkafka-1.5.0/examples/rdkafka_example.c:435:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(name, "topic.", strlen("topic."))) data/librdkafka-1.5.0/examples/rdkafka_example.c:438:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name+strlen("topic."), data/librdkafka-1.5.0/examples/rdkafka_example.c:463:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(name, "topic.", strlen("topic."))) data/librdkafka-1.5.0/examples/rdkafka_example.c:466:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("topic."), data/librdkafka-1.5.0/examples/rdkafka_example.c:614:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(buf); data/librdkafka-1.5.0/examples/rdkafka_example.cpp:365:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(name, "topic.", strlen("topic."))) data/librdkafka-1.5.0/examples/rdkafka_example.cpp:366:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = tconf->set(name+strlen("topic."), val, errstr); data/librdkafka-1.5.0/examples/rdkafka_performance.c:381:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len1 = (int)strlen(field1); data/librdkafka-1.5.0/examples/rdkafka_performance.c:382:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len2 = (int)strlen(field2); data/librdkafka-1.5.0/examples/rdkafka_performance.c:406:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *end = t + strlen(t); data/librdkafka-1.5.0/examples/rdkafka_performance.c:780:17: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(sleep_us); data/librdkafka-1.5.0/examples/rdkafka_performance.c:1032:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(name, "topic.", strlen("topic."))) data/librdkafka-1.5.0/examples/rdkafka_performance.c:1035:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("topic."), data/librdkafka-1.5.0/examples/rdkafka_performance.c:1289:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msgsize = (int)strlen(msgpattern); data/librdkafka-1.5.0/examples/rdkafka_performance.c:1304:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int keylen = key ? (int)strlen(key) : 0; data/librdkafka-1.5.0/examples/rdkafka_performance.c:1306:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t plen = strlen(msgpattern); data/librdkafka-1.5.0/examples/rdkafka_performance.c:1311:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int minlen = (int)(strlen("LATENCY:") + data/librdkafka-1.5.0/examples/rdkafka_performance.c:1312:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("18446744073709551615 ")+1); data/librdkafka-1.5.0/examples/rdkafka_performance.c:1316:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int minlen = (int)strlen("18446744073709551615 ")+1; data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:267:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). brokerptr += strlen(brokerptr); data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:422:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(name, "topic.", strlen("topic."))) data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:425:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("topic."), data/librdkafka-1.5.0/examples/rdkafka_zookeeper_example.c:583:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(buf); data/librdkafka-1.5.0/examples/transactions.c:555:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RD_KAFKA_V_VALUE(value, strlen(value)), data/librdkafka-1.5.0/packaging/rpm/tests/test.c:44:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t elen = strlen(*exp); data/librdkafka-1.5.0/src/crc32c.c:413:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). crc = crc32c(0, buf, strlen(buf)); data/librdkafka-1.5.0/src/crc32c.c:423:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). crc = crc32c_sw(0, buf, strlen(buf)); data/librdkafka-1.5.0/src/rd.h:180:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t _srclen1 = strlen(_src1); \ data/librdkafka-1.5.0/src/rdaddr.c:76:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(ret[reti]); data/librdkafka-1.5.0/src/rdaddr.c:123:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(svct) >= sizeof(ssvc)) data/librdkafka-1.5.0/src/rdaddr.c:130:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nodelen = strlen(nodesvc); data/librdkafka-1.5.0/src/rddl.c:131:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (td && td >= fname + strlen(fname) - strlen(SOLIB_EXT)) data/librdkafka-1.5.0/src/rddl.c:131:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (td && td >= fname + strlen(fname) - strlen(SOLIB_EXT)) data/librdkafka-1.5.0/src/rddl.c:135:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pathlen = strlen(path); data/librdkafka-1.5.0/src/rddl.c:136:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extpath = rd_alloca(pathlen + strlen(solib_ext) + 1); data/librdkafka-1.5.0/src/rddl.c:138:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(extpath+pathlen, solib_ext, strlen(solib_ext) + 1); data/librdkafka-1.5.0/src/rdfnv1a.c:105:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(keysToTest[i]) : 0); data/librdkafka-1.5.0/src/rdkafka_admin.c:1352:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t tsize = strlen(topic) + 1; data/librdkafka-1.5.0/src/rdkafka_admin.c:1574:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t tsize = strlen(topic) + 1; data/librdkafka-1.5.0/src/rdkafka_admin.c:2043:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namesz = resname ? strlen(resname) : 0; data/librdkafka-1.5.0/src/rdkafka_assignor.c:475:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *e = s + strlen(s); data/librdkafka-1.5.0/src/rdkafka_assignor.c:512:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = s + strlen(s); data/librdkafka-1.5.0/src/rdkafka_aux.c:64:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t tlen = topic_size != -1 ? (size_t)topic_size : strlen(topic); data/librdkafka-1.5.0/src/rdkafka_aux.c:65:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t elen = errstr ? strlen(errstr) + 1 : 0; data/librdkafka-1.5.0/src/rdkafka_broker.c:5701:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = s + strlen(s)-1; data/librdkafka-1.5.0/src/rdkafka_buf.h:143:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return rd_tmpabuf_write0(func, line, tab, str, strlen(str)+1); data/librdkafka-1.5.0/src/rdkafka_buf.h:192:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(__tmpstr) == 2) __tmpstr[0] = '\0'; \ data/librdkafka-1.5.0/src/rdkafka_buf.h:1028:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/librdkafka-1.5.0/src/rdkafka_buf.h:1054:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str) + 1; data/librdkafka-1.5.0/src/rdkafka_cert.c:58:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pwlen = (int) strlen(conf->ssl.key_password); data/librdkafka-1.5.0/src/rdkafka_cert.c:128:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data, data ? (int)strlen(data) : -1, data/librdkafka-1.5.0/src/rdkafka_cgrp.c:3792:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t groupid_len = strlen(cgmd->group_id) + 1; data/librdkafka-1.5.0/src/rdkafka_conf.c:1923:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = s+strlen(s); data/librdkafka-1.5.0/src/rdkafka_conf.c:1958:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(prop->s2i[j].str) == (size_t)(t-s) && data/librdkafka-1.5.0/src/rdkafka_conf.c:2163:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(name, "topic.", strlen("topic."))) data/librdkafka-1.5.0/src/rdkafka_conf.c:2164:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name += strlen("topic."); data/librdkafka-1.5.0/src/rdkafka_conf.c:2180:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/librdkafka-1.5.0/src/rdkafka_conf.c:2380:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(prop->name); data/librdkafka-1.5.0/src/rdkafka_conf.c:2382:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t flen = strlen(filter[fi]); data/librdkafka-1.5.0/src/rdkafka_conf.c:2751:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). of += strlen(prop->s2i[j].str) + (of > 0 ? 1 : 0); data/librdkafka-1.5.0/src/rdkafka_conf.c:2867:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). val_len = strlen(val); data/librdkafka-1.5.0/src/rdkafka_conf.c:3295:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vlen = strlen(v); data/librdkafka-1.5.0/src/rdkafka_feature.c:319:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(vermap[i].pfx, broker_version, strlen(vermap[i].pfx))) { data/librdkafka-1.5.0/src/rdkafka_header.c:87:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_size = strlen(name); data/librdkafka-1.5.0/src/rdkafka_header.c:90:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value_size = value ? strlen(value) : 0; data/librdkafka-1.5.0/src/rdkafka_header.c:165:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t name_size = strlen(name); data/librdkafka-1.5.0/src/rdkafka_header.c:187:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t name_size = strlen(name); data/librdkafka-1.5.0/src/rdkafka_interceptor.c:283:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t nlen = strlen(confval->name); data/librdkafka-1.5.0/src/rdkafka_interceptor.c:287:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t flen = strlen(filter[fi]); data/librdkafka-1.5.0/src/rdkafka_metadata.c:251:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rkb_namelen = strlen(rkb->rkb_name)+1; data/librdkafka-1.5.0/src/rdkafka_metadata_cache.c:210:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). topic_len = strlen(mtopic->topic) + 1; data/librdkafka-1.5.0/src/rdkafka_mock.c:2090:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bootstraps_len += strlen(mrkb->advertised_listener) + 6 + 1; data/librdkafka-1.5.0/src/rdkafka_msg.c:1356:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(rkmessage->payload) : 0; data/librdkafka-1.5.0/src/rdkafka_offset.c:833:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). esclen = strlen(esc); data/librdkafka-1.5.0/src/rdkafka_offset.c:837:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). esclen = strlen(esc); data/librdkafka-1.5.0/src/rdkafka_offset.c:841:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). esclen = strlen(esc); data/librdkafka-1.5.0/src/rdkafka_offset.c:904:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path, path[strlen(path)-1] == '/' ? "" : "/", escfile); data/librdkafka-1.5.0/src/rdkafka_pattern.c:127:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(t-1, t, strlen(t)+1); data/librdkafka-1.5.0/src/rdkafka_plugin.c:179:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t elen = errstr_size > 0 ? strlen(errstr) : 0; data/librdkafka-1.5.0/src/rdkafka_plugin.c:183:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (elen + strlen("(plugin )") + strlen(path) < data/librdkafka-1.5.0/src/rdkafka_plugin.c:183:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (elen + strlen("(plugin )") + strlen(path) < data/librdkafka-1.5.0/src/rdkafka_proto.h:295:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(str); data/librdkafka-1.5.0/src/rdkafka_proto.h:339:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int)strlen(str); data/librdkafka-1.5.0/src/rdkafka_proto.h:350:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int)strlen(str); data/librdkafka-1.5.0/src/rdkafka_request.c:351:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). 1 + 2 + strlen(coordkey)); data/librdkafka-1.5.0/src/rdkafka_request.c:2085:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int mechlen = (int)strlen(mechanism); data/librdkafka-1.5.0/src/rdkafka_request.c:3926:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(transactional_id) : 0) + data/librdkafka-1.5.0/src/rdkafka_sasl.c:374:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("SCRAM-SHA-"))) { data/librdkafka-1.5.0/src/rdkafka_sasl_cyrus.c:299:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(*result); data/librdkafka-1.5.0/src/rdkafka_sasl_cyrus.c:338:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = *result ? strlen(*result) : 0; data/librdkafka-1.5.0/src/rdkafka_sasl_cyrus.c:357:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t passlen = strlen(password); data/librdkafka-1.5.0/src/rdkafka_sasl_cyrus.c:378:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(*result); data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:505:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *loc += strlen(prefix); data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:563:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(prefix_principal_claim_name))) { data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:579:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(prefix_principal))) { data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:594:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(prefix_scope_claim_name))) { data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:609:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (!strncmp(prefix_scope, loc, strlen(prefix_scope))) { data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:624:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(prefix_life_seconds))) { data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:671:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(prefix_extension))) { data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:772:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(parsed->scope_claim_name) + data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:774:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(start) + data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:779:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scope_json_length += (int)strlen(start); data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:791:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(parsed->principal_claim_name) + data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:793:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(parsed->principal) + data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:833:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retval_size = strlen(jose_header_encoded) + 1 + data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:837:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jws_claims = retval_jws + strlen(retval_jws); data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:840:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(claims_json)); data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1068:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const int kvsep_size = (int)strlen(kvsep); data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1078:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extension_size += (int)strlen(extension->name) + 1 // "=" data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1079:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (int)strlen(extension->value) + kvsep_size; data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1083:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out->size = strlen(gs2_header) + kvsep_size data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1084:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen("auth=Bearer ") + strlen(state->token_value) data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1084:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen("auth=Bearer ") + strlen(state->token_value) data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1653:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errstr, strlen(expected_prefix)), data/librdkafka-1.5.0/src/rdkafka_sasl_oauthbearer.c:1695:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). errstr, strlen(expected_prefix)), data/librdkafka-1.5.0/src/rdkafka_sasl_plain.c:74:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(rk->rk_conf.sasl.username) : 0; data/librdkafka-1.5.0/src/rdkafka_sasl_plain.c:76:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(rk->rk_conf.sasl.password) : 0; data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:390:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out->size = strlen("c=,r=") + strlen(attr_c) + data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:390:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out->size = strlen("c=,r=") + strlen(attr_c) + data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:391:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). state->cnonce.size + strlen(snonce); data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:413:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). .size = strlen(conf->sasl.password) }; data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:541:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(",p=") + strlen(ClientProofB64); data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:541:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(",p=") + strlen(ClientProofB64); data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:594:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(server_nonce) <= state->cnonce.size || data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:611:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). salt_b64.size = strlen(salt_b64.ptr); data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:752:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out->size = strlen("n,,n=,r=") + strlen(sasl_username) + data/librdkafka-1.5.0/src/rdkafka_sasl_scram.c:752:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out->size = strlen("n,,n=,r=") + strlen(sasl_username) + data/librdkafka-1.5.0/src/rdkafka_sasl_win32.c:270:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(names.sUserName) + 1; data/librdkafka-1.5.0/src/rdkafka_ssl.c:327:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pwlen = (int) strlen(rk->rk_conf.ssl.key_password); data/librdkafka-1.5.0/src/rdkafka_ssl.c:443:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(name)) || data/librdkafka-1.5.0/src/rdkafka_ssl.c:444:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). /*ipv4*/strspn(name, "0123456789.") == strlen(name)) && data/librdkafka-1.5.0/src/rdkafka_ssl.c:1313:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = (int)strlen(errstr); data/librdkafka-1.5.0/src/rdkafka_topic.c:217:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t topic_len = strlen(topic); data/librdkafka-1.5.0/src/rdkafka_topic.c:271:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!topic || strlen(topic) > 512) { data/librdkafka-1.5.0/src/rdkafka_topic.c:1516:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t tlen = strlen(topic) + 1; data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:1042:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(name, "rd_kafka_", strlen("rd_kafka_"))) data/librdkafka-1.5.0/src/rdkafka_txnmgr.c:1043:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name += strlen("rd_kafka_"); data/librdkafka-1.5.0/src/rdmurmur2.c:152:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(keysToTest[i]) : 0); data/librdkafka-1.5.0/src/rdposix.h:233:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define rd_read(fd,buf,sz) read(fd,buf,sz) data/librdkafka-1.5.0/src/rdstring.c:53:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *tend = template + strlen(template); data/librdkafka-1.5.0/src/rdstring.c:161:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = strlen(name); data/librdkafka-1.5.0/src/rdstring.c:166:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value_len = strlen(value); data/librdkafka-1.5.0/src/rdstring.h:39:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t srclen = strlen(src); data/librdkafka-1.5.0/src/regexp.c:849:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g->pstart = g->pend = rd_malloc(sizeof (Renode) * strlen(pattern) * 2); data/librdkafka-1.5.0/tests/0001-multiobj.c:76:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg, strlen(msg), NULL, 0, NULL); data/librdkafka-1.5.0/tests/0002-unkpart.c:114:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg, strlen(msg), NULL, 0, msgidp); data/librdkafka-1.5.0/tests/0005-order.c:102:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg, strlen(msg), NULL, 0, msgidp); data/librdkafka-1.5.0/tests/0007-autotopic.c:107:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg, strlen(msg), NULL, 0, msgidp); data/librdkafka-1.5.0/tests/0008-reqacks.c:145:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg, strlen(msg), NULL, 0, msgidp); data/librdkafka-1.5.0/tests/0011-produce_batch.c:116:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rkmessages[i].len = strlen(msg); data/librdkafka-1.5.0/tests/0011-produce_batch.c:236:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rkmessages[i].len = strlen(msg); data/librdkafka-1.5.0/tests/0011-produce_batch.c:357:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rkmessages[i].len = strlen(msg); data/librdkafka-1.5.0/tests/0011-produce_batch.c:486:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rkmessages[i].len = strlen(msg); data/librdkafka-1.5.0/tests/0012-produce_consume.c:110:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rkmessages[i].len = strlen(msg); data/librdkafka-1.5.0/tests/0013-null-msgs.c:106:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key, strlen(key), data/librdkafka-1.5.0/tests/0014-reconsume-191.c:106:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf, strlen(buf), data/librdkafka-1.5.0/tests/0014-reconsume-191.c:107:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key, strlen(key), data/librdkafka-1.5.0/tests/0028-long_topicnames.c:55:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(topic, test_mk_topic_name(topic, 1), sizeof(topic)-1); data/librdkafka-1.5.0/tests/0028-long_topicnames.c:58:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(topic), topic); data/librdkafka-1.5.0/tests/0039-event.c:123:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg, strlen(msg), NULL, 0, msgidp); data/librdkafka-1.5.0/tests/0040-io_event.c:148:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(pfd.fd, &b, 1); data/librdkafka-1.5.0/tests/0048-partitioner.c:147:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(keys[i]) : 0), data/librdkafka-1.5.0/tests/0061-consumer_lag.cpp:96:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). remain = t + strlen(*sp); data/librdkafka-1.5.0/tests/0064-interceptors.c:126:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(id_str) > 0 && isdigit(*id_str)); data/librdkafka-1.5.0/tests/0064-interceptors.c:239:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RD_KAFKA_V_KEY(key, strlen(key)+1), data/librdkafka-1.5.0/tests/0070-null_empty.cpp:41:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t exp_len = exp ? strlen(exp) : 0; data/librdkafka-1.5.0/tests/0070-null_empty.cpp:111:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void *)msgs[i+1], msgs[i+1] ? strlen(msgs[i+1]) : 0, data/librdkafka-1.5.0/tests/0070-null_empty.cpp:113:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void *)msgs[i], msgs[i] ? strlen(msgs[i]) : 0, data/librdkafka-1.5.0/tests/0072-headers_ut.c:129:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TEST_ASSERT(size == strlen(exp->value), data/librdkafka-1.5.0/tests/0072-headers_ut.c:132:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). what, strlen(exp->value), exp->name, size); data/librdkafka-1.5.0/tests/0072-headers_ut.c:312:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TEST_ASSERT(size == strlen("multi5") && data/librdkafka-1.5.0/tests/0072-headers_ut.c:399:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rd_kafka_header_add(hdrs, "multi", -1, "multi3", strlen("multi3")); data/librdkafka-1.5.0/tests/0072-headers_ut.c:450:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RD_KAFKA_V_HEADER("multi", "multi3", strlen("multi3")), data/librdkafka-1.5.0/tests/0073-headers.c:104:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(name)); data/librdkafka-1.5.0/tests/0073-headers.c:142:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TEST_ASSERT(size == strlen(exp->value), data/librdkafka-1.5.0/tests/0073-headers.c:145:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). what, strlen(exp->value), exp->name, size); data/librdkafka-1.5.0/tests/0073-headers.c:334:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RD_KAFKA_V_HEADER("multi", "multi3", strlen("multi3")), data/librdkafka-1.5.0/tests/0077-compaction.c:233:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valsize = strlen(valp); data/librdkafka-1.5.0/tests/0077-compaction.c:241:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keysize = strlen(key); data/librdkafka-1.5.0/tests/0097-ssl_verify.cpp:68:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ifs.read(buffer.data(), size); data/librdkafka-1.5.0/tests/0097-ssl_verify.cpp:192:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ifs.read(buffer.data(), size); data/librdkafka-1.5.0/tests/0099-commit_metadata.c:186:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(expected_toppar->elems[0].metadata); data/librdkafka-1.5.0/tests/0103-transactions.c:62:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). messages[i].key_len = strlen(key); data/librdkafka-1.5.0/tests/0103-transactions.c:64:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). messages[i].len = strlen(value); data/librdkafka-1.5.0/tests/0107-topic_recreate.c:95:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RD_KAFKA_V_VALUE(value, strlen(value)), data/librdkafka-1.5.0/tests/0107-topic_recreate.c:140:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t exp_len = strlen(exp_value); data/librdkafka-1.5.0/tests/1000-unktopic.c:115:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg, strlen(msg), NULL, 0, msgidp); data/librdkafka-1.5.0/tests/interceptor_test/interceptor_test.c:184:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !strncmp(name, "interceptor_test", strlen("interceptor_test"))) data/librdkafka-1.5.0/tests/interceptor_test/interceptor_test.c:193:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(errstr, "on_conf_set failed deliberately", data/librdkafka-1.5.0/tests/sockem.c:60:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t _len = strlen(_s)+1; \ data/librdkafka-1.5.0/tests/test.c:628:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(test_mode, tmp, sizeof(test_mode)-1); data/librdkafka-1.5.0/tests/test.c:630:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(test_scenario, tmp, sizeof(test_scenario)-1); data/librdkafka-1.5.0/tests/test.c:763:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(name, "topic.", strlen("topic."))) { data/librdkafka-1.5.0/tests/test.c:764:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name += strlen("topic."); data/librdkafka-1.5.0/tests/test.c:772:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name -= strlen("topic."); data/librdkafka-1.5.0/tests/test.c:1178:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(testnum, test->name, sizeof(testnum)-1); data/librdkafka-1.5.0/tests/test.c:1373:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tests_to_run))))) { data/librdkafka-1.5.0/tests/test.c:1546:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(argv[i], "-p", 2) && strlen(argv[i]) > 2) { data/librdkafka-1.5.0/tests/test.c:1569:25: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(test_scenario, argv[++i], data/librdkafka-1.5.0/tests/test.c:1582:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[i]) > strlen("-R")) { data/librdkafka-1.5.0/tests/test.c:1582:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[i]) > strlen("-R")) { data/librdkafka-1.5.0/tests/test.c:1999:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !payload ? strlen(key) : 0, data/librdkafka-1.5.0/tests/test.c:5470:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t test_topic_prefix_len = strlen(test_topic_prefix); data/librdkafka-1.5.0/tests/test.c:5501:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(md->topics[i].topic) >= test_topic_prefix_len && data/librdkafka-1.5.0/tests/test.c:5702:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(test_curr->failstr, buf, sizeof(test_curr->failstr)); data/librdkafka-1.5.0/tests/test.h:199:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(str); data/librdkafka-1.5.0/win32/wingetopt.c:218:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). current_argv_len = strlen(current_argv); data/librdkafka-1.5.0/win32/wingetopt.c:226:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(long_options[i].name) == current_argv_len) { ANALYSIS SUMMARY: Hits = 907 Lines analyzed = 159921 in approximately 4.20 seconds (38102 lines/second) Physical Source Lines of Code (SLOC) = 94531 Hits@level = [0] 519 [1] 220 [2] 601 [3] 28 [4] 58 [5] 0 Hits@level+ = [0+] 1426 [1+] 907 [2+] 687 [3+] 86 [4+] 58 [5+] 0 Hits/KSLOC@level+ = [0+] 15.085 [1+] 9.59474 [2+] 7.26746 [3+] 0.909754 [4+] 0.613555 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.