Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libzdb-3.1/src/Config.h Examining data/libzdb-3.1/src/db/Connection.c Examining data/libzdb-3.1/src/db/Connection.h Examining data/libzdb-3.1/src/db/ConnectionDelegate.h Examining data/libzdb-3.1/src/db/ConnectionPool.c Examining data/libzdb-3.1/src/db/ConnectionPool.h Examining data/libzdb-3.1/src/db/mysql/MysqlConnection.c Examining data/libzdb-3.1/src/db/mysql/MysqlConnection.h Examining data/libzdb-3.1/src/db/mysql/MysqlPreparedStatement.c Examining data/libzdb-3.1/src/db/mysql/MysqlPreparedStatement.h Examining data/libzdb-3.1/src/db/mysql/MysqlResultSet.c Examining data/libzdb-3.1/src/db/mysql/MysqlResultSet.h Examining data/libzdb-3.1/src/db/oracle/OracleConnection.c Examining data/libzdb-3.1/src/db/oracle/OracleConnection.h Examining data/libzdb-3.1/src/db/oracle/OraclePreparedStatement.c Examining data/libzdb-3.1/src/db/oracle/OraclePreparedStatement.h Examining data/libzdb-3.1/src/db/oracle/OracleResultSet.c Examining data/libzdb-3.1/src/db/oracle/OracleResultSet.h Examining data/libzdb-3.1/src/db/postgresql/PostgresqlConnection.c Examining data/libzdb-3.1/src/db/postgresql/PostgresqlConnection.h Examining data/libzdb-3.1/src/db/postgresql/PostgresqlPreparedStatement.c Examining data/libzdb-3.1/src/db/postgresql/PostgresqlPreparedStatement.h Examining data/libzdb-3.1/src/db/postgresql/PostgresqlResultSet.c Examining data/libzdb-3.1/src/db/postgresql/PostgresqlResultSet.h Examining data/libzdb-3.1/src/db/PreparedStatement.c Examining data/libzdb-3.1/src/db/PreparedStatement.h Examining data/libzdb-3.1/src/db/PreparedStatementDelegate.h Examining data/libzdb-3.1/src/db/ResultSet.c Examining data/libzdb-3.1/src/db/ResultSet.h Examining data/libzdb-3.1/src/db/ResultSetDelegate.h Examining data/libzdb-3.1/src/db/sqlite/SQLiteConnection.c Examining data/libzdb-3.1/src/db/sqlite/SQLiteConnection.h Examining data/libzdb-3.1/src/db/sqlite/SQLitePreparedStatement.c Examining data/libzdb-3.1/src/db/sqlite/SQLitePreparedStatement.h Examining data/libzdb-3.1/src/db/sqlite/SQLiteResultSet.c Examining data/libzdb-3.1/src/db/sqlite/SQLiteResultSet.h Examining data/libzdb-3.1/src/exceptions/assert.c Examining data/libzdb-3.1/src/exceptions/assert.h Examining data/libzdb-3.1/src/exceptions/AssertException.h Examining data/libzdb-3.1/src/exceptions/Exception.c Examining data/libzdb-3.1/src/exceptions/Exception.h Examining data/libzdb-3.1/src/exceptions/MemoryException.h Examining data/libzdb-3.1/src/exceptions/SQLException.h Examining data/libzdb-3.1/src/net/URL.c Examining data/libzdb-3.1/src/net/URL.h Examining data/libzdb-3.1/src/system/Mem.c Examining data/libzdb-3.1/src/system/Mem.h Examining data/libzdb-3.1/src/system/System.c Examining data/libzdb-3.1/src/system/System.h Examining data/libzdb-3.1/src/system/Time.c Examining data/libzdb-3.1/src/system/Time.h Examining data/libzdb-3.1/src/Thread.h Examining data/libzdb-3.1/src/util/Str.c Examining data/libzdb-3.1/src/util/Str.h Examining data/libzdb-3.1/src/util/StringBuffer.c Examining data/libzdb-3.1/src/util/StringBuffer.h Examining data/libzdb-3.1/src/util/Vector.c Examining data/libzdb-3.1/src/util/Vector.h Examining data/libzdb-3.1/src/zdb.h Examining data/libzdb-3.1/test/exception.c Examining data/libzdb-3.1/test/pool.c Examining data/libzdb-3.1/test/select.c Examining data/libzdb-3.1/test/unit.c Examining data/libzdb-3.1/tools/filterh/lex.yy.c FINAL RESULTS: data/libzdb-3.1/src/db/Connection.h:274:75: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void Connection_execute(T C, const char *sql, ...) __attribute__((format (printf, 2, 3))); data/libzdb-3.1/src/db/Connection.h:296:87: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ResultSet_T Connection_executeQuery(T C, const char *sql, ...) __attribute__((format (printf, 2, 3))); data/libzdb-3.1/src/db/Connection.h:318:99: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. PreparedStatement_T Connection_prepareStatement(T C, const char *sql, ...) __attribute__((format (printf, 2, 3))); data/libzdb-3.1/src/exceptions/Exception.c:101:25: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(p->message, EXCEPTION_MESSAGE_LENGTH, cause, ap); data/libzdb-3.1/src/exceptions/Exception.c:109:17: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message, EXCEPTION_MESSAGE_LENGTH, cause, ap); data/libzdb-3.1/src/net/URL.h:92:59: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. T URL_create(const char *url, ...) __attribute__((format (printf, 1, 2))); data/libzdb-3.1/src/system/System.c:75:17: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, e, ap); data/libzdb-3.1/src/system/System.c:89:17: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, s, ap); data/libzdb-3.1/src/system/System.h:59:62: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void System_abort(const char *e, ...) __attribute__((format (printf, 1, 2))); data/libzdb-3.1/src/system/System.h:67:62: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. void System_debug(const char *s, ...) __attribute__((format (printf, 1, 2))); data/libzdb-3.1/src/util/Str.c:136:28: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int size = vsnprintf(t, 0, s, ap_copy) + 1; data/libzdb-3.1/src/util/Str.c:140:17: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(t, size, s, ap_copy); data/libzdb-3.1/src/util/Str.h:129:58: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. char *Str_cat(const char *s, ...) __attribute__((format (printf, 1, 2))); data/libzdb-3.1/src/util/StringBuffer.c:60:25: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int n = vsnprintf((char*)(S->buffer + S->used), S->length - S->used, s, ap_copy); data/libzdb-3.1/src/util/StringBuffer.h:77:71: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. T StringBuffer_append(T S, const char *s, ...) __attribute__((format (printf, 2, 3))); data/libzdb-3.1/src/util/StringBuffer.h:100:68: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. T StringBuffer_set(T S, const char *s, ...) __attribute__((format (printf, 2, 3))); data/libzdb-3.1/src/db/oracle/OracleConnection.c:85:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char erb[ERB_SIZE]; data/libzdb-3.1/src/db/postgresql/PostgresqlPreparedStatement.c:66:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[65]; data/libzdb-3.1/src/db/postgresql/PostgresqlPreparedStatement.c:113:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stmt[STRLEN]; data/libzdb-3.1/src/exceptions/Exception.c:107:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[EXCEPTION_MESSAGE_LENGTH + 1]; data/libzdb-3.1/src/exceptions/Exception.h:220:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[EXCEPTION_MESSAGE_LENGTH + 1]; data/libzdb-3.1/src/system/Time.c:456:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *Time_toString(time_t time, char result[20]) { data/libzdb-3.1/src/system/Time.c:456:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *Time_toString(time_t time, char result[20]) { data/libzdb-3.1/src/system/Time.c:458:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x[2]; data/libzdb-3.1/src/system/Time.c:461:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, "YYYY-MM-DD HH:MM:SS\0", 20); data/libzdb-3.1/src/system/Time.h:103:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *Time_toString(time_t time, char result[20]); data/libzdb-3.1/src/system/Time.h:103:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *Time_toString(time_t time, char result[20]); data/libzdb-3.1/src/util/Str.c:99:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, s, n); data/libzdb-3.1/src/util/Str.c:112:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, s, n); data/libzdb-3.1/src/util/StringBuffer.c:80:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x[3] = {prefix}; data/libzdb-3.1/test/pool.c:160:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char blob[8192]; data/libzdb-3.1/test/pool.c:571:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[4096]; data/libzdb-3.1/test/pool.c:686:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BSIZE]; data/libzdb-3.1/test/unit.c:34:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s3[STRLEN]; data/libzdb-3.1/test/unit.c:99:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char i[STRLEN] = " -2812 bla"; data/libzdb-3.1/test/unit.c:100:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ll[STRLEN ] = " 2147483642 blabla"; data/libzdb-3.1/test/unit.c:101:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d[STRLEN] = " 2.71828182845904523536028747135266249775724709369995 this is e"; data/libzdb-3.1/test/unit.c:102:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char de[STRLEN] = "9.461E^99 nanometers"; data/libzdb-3.1/test/unit.c:103:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ie[STRLEN] = " 9999999999999999999999999999999999999"; data/libzdb-3.1/test/unit.c:351:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open("l_d$#askfjlsdkfjlskfjdlskfjdlskfjaldkjf", 0); data/libzdb-3.1/src/db/mysql/MysqlPreparedStatement.c:136:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). P->params[i].length = strlen(x); data/libzdb-3.1/src/db/oracle/OracleConnection.c:147:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). C->lastError = OCIAttrSet(C->usr, OCI_HTYPE_SESSION, (dvoid *)username, (int)strlen(username), OCI_ATTR_USERNAME, C->err); data/libzdb-3.1/src/db/oracle/OracleConnection.c:150:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). C->lastError = OCIAttrSet(C->usr, OCI_HTYPE_SESSION, (dvoid *)password, (int)strlen(password), OCI_ATTR_PASSWORD, C->err); data/libzdb-3.1/src/db/oracle/OraclePreparedStatement.c:144:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). P->params[i].length = x ? (int)strlen(x) : 0; data/libzdb-3.1/src/db/oracle/OracleResultSet.c:202:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fmt, strlen(fmt), data/libzdb-3.1/src/db/sqlite/SQLitePreparedStatement.c:105:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int size = x ? (int)strlen(x) : 0; data/libzdb-3.1/src/net/URL.c:978:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). YYLIMIT = U->data + strlen(U->data); data/libzdb-3.1/src/system/Time.c:175:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *limit = s + strlen(s), *marker, *token, *cursor = s; data/libzdb-3.1/src/util/Str.c:97:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n = strlen(s) + 1; data/libzdb-3.1/src/util/Str.c:109:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = (int)strlen(s); data/libzdb-3.1/test/pool.c:180:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PreparedStatement_setBlob(pre, 1, images[i], (int)strlen(images[i])+1); data/libzdb-3.1/test/pool.c:245:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(image) + 1 == 8192); data/libzdb-3.1/test/pool.c:585:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(image) == ((i+1)*512)); data/libzdb-3.1/test/pool.c:586:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(string) == 4095); data/libzdb-3.1/test/pool.c:595:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(image) == ((i+1)*512)); data/libzdb-3.1/test/pool.c:596:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(string) == 4095); data/libzdb-3.1/tools/filterh/lex.yy.c:589:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/libzdb-3.1/tools/filterh/lex.yy.c:1558:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes(yystr,strlen(yystr) ); ANALYSIS SUMMARY: Hits = 58 Lines analyzed = 15228 in approximately 0.47 seconds (32720 lines/second) Physical Source Lines of Code (SLOC) = 8619 Hits@level = [0] 303 [1] 18 [2] 24 [3] 0 [4] 16 [5] 0 Hits@level+ = [0+] 361 [1+] 58 [2+] 40 [3+] 16 [4+] 16 [5+] 0 Hits/KSLOC@level+ = [0+] 41.8842 [1+] 6.72932 [2+] 4.64091 [3+] 1.85636 [4+] 1.85636 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.