Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libzdb-3.1/src/Config.h
Examining data/libzdb-3.1/src/db/Connection.c
Examining data/libzdb-3.1/src/db/Connection.h
Examining data/libzdb-3.1/src/db/ConnectionDelegate.h
Examining data/libzdb-3.1/src/db/ConnectionPool.c
Examining data/libzdb-3.1/src/db/ConnectionPool.h
Examining data/libzdb-3.1/src/db/mysql/MysqlConnection.c
Examining data/libzdb-3.1/src/db/mysql/MysqlConnection.h
Examining data/libzdb-3.1/src/db/mysql/MysqlPreparedStatement.c
Examining data/libzdb-3.1/src/db/mysql/MysqlPreparedStatement.h
Examining data/libzdb-3.1/src/db/mysql/MysqlResultSet.c
Examining data/libzdb-3.1/src/db/mysql/MysqlResultSet.h
Examining data/libzdb-3.1/src/db/oracle/OracleConnection.c
Examining data/libzdb-3.1/src/db/oracle/OracleConnection.h
Examining data/libzdb-3.1/src/db/oracle/OraclePreparedStatement.c
Examining data/libzdb-3.1/src/db/oracle/OraclePreparedStatement.h
Examining data/libzdb-3.1/src/db/oracle/OracleResultSet.c
Examining data/libzdb-3.1/src/db/oracle/OracleResultSet.h
Examining data/libzdb-3.1/src/db/postgresql/PostgresqlConnection.c
Examining data/libzdb-3.1/src/db/postgresql/PostgresqlConnection.h
Examining data/libzdb-3.1/src/db/postgresql/PostgresqlPreparedStatement.c
Examining data/libzdb-3.1/src/db/postgresql/PostgresqlPreparedStatement.h
Examining data/libzdb-3.1/src/db/postgresql/PostgresqlResultSet.c
Examining data/libzdb-3.1/src/db/postgresql/PostgresqlResultSet.h
Examining data/libzdb-3.1/src/db/PreparedStatement.c
Examining data/libzdb-3.1/src/db/PreparedStatement.h
Examining data/libzdb-3.1/src/db/PreparedStatementDelegate.h
Examining data/libzdb-3.1/src/db/ResultSet.c
Examining data/libzdb-3.1/src/db/ResultSet.h
Examining data/libzdb-3.1/src/db/ResultSetDelegate.h
Examining data/libzdb-3.1/src/db/sqlite/SQLiteConnection.c
Examining data/libzdb-3.1/src/db/sqlite/SQLiteConnection.h
Examining data/libzdb-3.1/src/db/sqlite/SQLitePreparedStatement.c
Examining data/libzdb-3.1/src/db/sqlite/SQLitePreparedStatement.h
Examining data/libzdb-3.1/src/db/sqlite/SQLiteResultSet.c
Examining data/libzdb-3.1/src/db/sqlite/SQLiteResultSet.h
Examining data/libzdb-3.1/src/exceptions/assert.c
Examining data/libzdb-3.1/src/exceptions/assert.h
Examining data/libzdb-3.1/src/exceptions/AssertException.h
Examining data/libzdb-3.1/src/exceptions/Exception.c
Examining data/libzdb-3.1/src/exceptions/Exception.h
Examining data/libzdb-3.1/src/exceptions/MemoryException.h
Examining data/libzdb-3.1/src/exceptions/SQLException.h
Examining data/libzdb-3.1/src/net/URL.c
Examining data/libzdb-3.1/src/net/URL.h
Examining data/libzdb-3.1/src/system/Mem.c
Examining data/libzdb-3.1/src/system/Mem.h
Examining data/libzdb-3.1/src/system/System.c
Examining data/libzdb-3.1/src/system/System.h
Examining data/libzdb-3.1/src/system/Time.c
Examining data/libzdb-3.1/src/system/Time.h
Examining data/libzdb-3.1/src/Thread.h
Examining data/libzdb-3.1/src/util/Str.c
Examining data/libzdb-3.1/src/util/Str.h
Examining data/libzdb-3.1/src/util/StringBuffer.c
Examining data/libzdb-3.1/src/util/StringBuffer.h
Examining data/libzdb-3.1/src/util/Vector.c
Examining data/libzdb-3.1/src/util/Vector.h
Examining data/libzdb-3.1/src/zdb.h
Examining data/libzdb-3.1/test/exception.c
Examining data/libzdb-3.1/test/pool.c
Examining data/libzdb-3.1/test/select.c
Examining data/libzdb-3.1/test/unit.c
Examining data/libzdb-3.1/tools/filterh/lex.yy.c
FINAL RESULTS:
data/libzdb-3.1/src/db/Connection.h:274:75: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void Connection_execute(T C, const char *sql, ...) __attribute__((format (printf, 2, 3)));
data/libzdb-3.1/src/db/Connection.h:296:87: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ResultSet_T Connection_executeQuery(T C, const char *sql, ...) __attribute__((format (printf, 2, 3)));
data/libzdb-3.1/src/db/Connection.h:318:99: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
PreparedStatement_T Connection_prepareStatement(T C, const char *sql, ...) __attribute__((format (printf, 2, 3)));
data/libzdb-3.1/src/exceptions/Exception.c:101:25: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(p->message, EXCEPTION_MESSAGE_LENGTH, cause, ap);
data/libzdb-3.1/src/exceptions/Exception.c:109:17: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message, EXCEPTION_MESSAGE_LENGTH, cause, ap);
data/libzdb-3.1/src/net/URL.h:92:59: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
T URL_create(const char *url, ...) __attribute__((format (printf, 1, 2)));
data/libzdb-3.1/src/system/System.c:75:17: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, e, ap);
data/libzdb-3.1/src/system/System.c:89:17: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, s, ap);
data/libzdb-3.1/src/system/System.h:59:62: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void System_abort(const char *e, ...) __attribute__((format (printf, 1, 2)));
data/libzdb-3.1/src/system/System.h:67:62: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void System_debug(const char *s, ...) __attribute__((format (printf, 1, 2)));
data/libzdb-3.1/src/util/Str.c:136:28: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int size = vsnprintf(t, 0, s, ap_copy) + 1;
data/libzdb-3.1/src/util/Str.c:140:17: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(t, size, s, ap_copy);
data/libzdb-3.1/src/util/Str.h:129:58: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
char *Str_cat(const char *s, ...) __attribute__((format (printf, 1, 2)));
data/libzdb-3.1/src/util/StringBuffer.c:60:25: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int n = vsnprintf((char*)(S->buffer + S->used), S->length - S->used, s, ap_copy);
data/libzdb-3.1/src/util/StringBuffer.h:77:71: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
T StringBuffer_append(T S, const char *s, ...) __attribute__((format (printf, 2, 3)));
data/libzdb-3.1/src/util/StringBuffer.h:100:68: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
T StringBuffer_set(T S, const char *s, ...) __attribute__((format (printf, 2, 3)));
data/libzdb-3.1/src/db/oracle/OracleConnection.c:85:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char erb[ERB_SIZE];
data/libzdb-3.1/src/db/postgresql/PostgresqlPreparedStatement.c:66:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[65];
data/libzdb-3.1/src/db/postgresql/PostgresqlPreparedStatement.c:113:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmt[STRLEN];
data/libzdb-3.1/src/exceptions/Exception.c:107:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[EXCEPTION_MESSAGE_LENGTH + 1];
data/libzdb-3.1/src/exceptions/Exception.h:220:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[EXCEPTION_MESSAGE_LENGTH + 1];
data/libzdb-3.1/src/system/Time.c:456:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *Time_toString(time_t time, char result[20]) {
data/libzdb-3.1/src/system/Time.c:456:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *Time_toString(time_t time, char result[20]) {
data/libzdb-3.1/src/system/Time.c:458:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[2];
data/libzdb-3.1/src/system/Time.c:461:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, "YYYY-MM-DD HH:MM:SS\0", 20);
data/libzdb-3.1/src/system/Time.h:103:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *Time_toString(time_t time, char result[20]);
data/libzdb-3.1/src/system/Time.h:103:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *Time_toString(time_t time, char result[20]);
data/libzdb-3.1/src/util/Str.c:99:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s, n);
data/libzdb-3.1/src/util/Str.c:112:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s, n);
data/libzdb-3.1/src/util/StringBuffer.c:80:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[3] = {prefix};
data/libzdb-3.1/test/pool.c:160:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blob[8192];
data/libzdb-3.1/test/pool.c:571:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[4096];
data/libzdb-3.1/test/pool.c:686:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BSIZE];
data/libzdb-3.1/test/unit.c:34:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s3[STRLEN];
data/libzdb-3.1/test/unit.c:99:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char i[STRLEN] = " -2812 bla";
data/libzdb-3.1/test/unit.c:100:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ll[STRLEN ] = " 2147483642 blabla";
data/libzdb-3.1/test/unit.c:101:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[STRLEN] = " 2.71828182845904523536028747135266249775724709369995 this is e";
data/libzdb-3.1/test/unit.c:102:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char de[STRLEN] = "9.461E^99 nanometers";
data/libzdb-3.1/test/unit.c:103:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ie[STRLEN] = " 9999999999999999999999999999999999999";
data/libzdb-3.1/test/unit.c:351:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("l_d$#askfjlsdkfjlskfjdlskfjdlskfjaldkjf", 0);
data/libzdb-3.1/src/db/mysql/MysqlPreparedStatement.c:136:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
P->params[i].length = strlen(x);
data/libzdb-3.1/src/db/oracle/OracleConnection.c:147:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
C->lastError = OCIAttrSet(C->usr, OCI_HTYPE_SESSION, (dvoid *)username, (int)strlen(username), OCI_ATTR_USERNAME, C->err);
data/libzdb-3.1/src/db/oracle/OracleConnection.c:150:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
C->lastError = OCIAttrSet(C->usr, OCI_HTYPE_SESSION, (dvoid *)password, (int)strlen(password), OCI_ATTR_PASSWORD, C->err);
data/libzdb-3.1/src/db/oracle/OraclePreparedStatement.c:144:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
P->params[i].length = x ? (int)strlen(x) : 0;
data/libzdb-3.1/src/db/oracle/OracleResultSet.c:202:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fmt, strlen(fmt),
data/libzdb-3.1/src/db/sqlite/SQLitePreparedStatement.c:105:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int size = x ? (int)strlen(x) : 0;
data/libzdb-3.1/src/net/URL.c:978:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
YYLIMIT = U->data + strlen(U->data);
data/libzdb-3.1/src/system/Time.c:175:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *limit = s + strlen(s), *marker, *token, *cursor = s;
data/libzdb-3.1/src/util/Str.c:97:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(s) + 1;
data/libzdb-3.1/src/util/Str.c:109:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = (int)strlen(s);
data/libzdb-3.1/test/pool.c:180:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PreparedStatement_setBlob(pre, 1, images[i], (int)strlen(images[i])+1);
data/libzdb-3.1/test/pool.c:245:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(image) + 1 == 8192);
data/libzdb-3.1/test/pool.c:585:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(image) == ((i+1)*512));
data/libzdb-3.1/test/pool.c:586:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(string) == 4095);
data/libzdb-3.1/test/pool.c:595:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(image) == ((i+1)*512));
data/libzdb-3.1/test/pool.c:596:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(string) == 4095);
data/libzdb-3.1/tools/filterh/lex.yy.c:589:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( yyin )) != EOF && c != '\n'; ++n ) \
data/libzdb-3.1/tools/filterh/lex.yy.c:1558:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return yy_scan_bytes(yystr,strlen(yystr) );
ANALYSIS SUMMARY:
Hits = 58
Lines analyzed = 15228 in approximately 0.47 seconds (32720 lines/second)
Physical Source Lines of Code (SLOC) = 8619
Hits@level = [0] 303 [1] 18 [2] 24 [3] 0 [4] 16 [5] 0
Hits@level+ = [0+] 361 [1+] 58 [2+] 40 [3+] 16 [4+] 16 [5+] 0
Hits/KSLOC@level+ = [0+] 41.8842 [1+] 6.72932 [2+] 4.64091 [3+] 1.85636 [4+] 1.85636 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.