Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lmdb-0.9.24/libraries/liblmdb/lmdb.h
Examining data/lmdb-0.9.24/libraries/liblmdb/mdb.c
Examining data/lmdb-0.9.24/libraries/liblmdb/mdb_copy.c
Examining data/lmdb-0.9.24/libraries/liblmdb/mdb_dump.c
Examining data/lmdb-0.9.24/libraries/liblmdb/mdb_load.c
Examining data/lmdb-0.9.24/libraries/liblmdb/mdb_stat.c
Examining data/lmdb-0.9.24/libraries/liblmdb/midl.c
Examining data/lmdb-0.9.24/libraries/liblmdb/midl.h
Examining data/lmdb-0.9.24/libraries/liblmdb/mtest.c
Examining data/lmdb-0.9.24/libraries/liblmdb/mtest2.c
Examining data/lmdb-0.9.24/libraries/liblmdb/mtest3.c
Examining data/lmdb-0.9.24/libraries/liblmdb/mtest4.c
Examining data/lmdb-0.9.24/libraries/liblmdb/mtest5.c
Examining data/lmdb-0.9.24/libraries/liblmdb/mtest6.c
FINAL RESULTS:
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4822:4: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
SetSecurityDescriptorDacl(&mdb_null_sd, TRUE, 0, FALSE);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4822:4: [5] (misc) SetSecurityDescriptorDacl:
Never create NULL ACLs; an attacker can set it to Everyone (Deny All
Access), which would even forbid administrator access (CWE-732).
SetSecurityDescriptorDacl(&mdb_null_sd, TRUE, 0, FALSE);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4139:23: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
# define mdb_name_cpy wcscpy
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4144:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
# define mdb_name_cpy strcpy /**< Copy name (#mdb_nchar_t string) */
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4183:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname->mn_val, path);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4835:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(env->me_txns->mti_rmname, "Global\\MDBr%s", encbuf);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4836:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(env->me_txns->mti_wmname, "Global\\MDBw%s", encbuf);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4862:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(env->me_txns->mti_rmname, "/MDBr%s", encbuf);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4863:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(env->me_txns->mti_wmname, "/MDBw%s", encbuf);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:10096:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, txnid == (txnid_t)-1 ?
data/lmdb-0.9.24/libraries/liblmdb/mdb_stat.c:196:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(span>1 ? " %9"Z"u[%"Z"d]\n" : " %9"Z"u\n",
data/lmdb-0.9.24/libraries/liblmdb/mtest.c:21:53: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define CHECK(test, msg) ((test) ? (void)0 : ((void)fprintf(stderr, \
data/lmdb-0.9.24/libraries/liblmdb/mtest2.c:24:53: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define CHECK(test, msg) ((test) ? (void)0 : ((void)fprintf(stderr, \
data/lmdb-0.9.24/libraries/liblmdb/mtest3.c:24:53: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define CHECK(test, msg) ((test) ? (void)0 : ((void)fprintf(stderr, \
data/lmdb-0.9.24/libraries/liblmdb/mtest4.c:24:53: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define CHECK(test, msg) ((test) ? (void)0 : ((void)fprintf(stderr, \
data/lmdb-0.9.24/libraries/liblmdb/mtest5.c:24:53: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define CHECK(test, msg) ((test) ? (void)0 : ((void)fprintf(stderr, \
data/lmdb-0.9.24/libraries/liblmdb/mtest6.c:24:53: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define CHECK(test, msg) ((test) ? (void)0 : ((void)fprintf(stderr, \
data/lmdb-0.9.24/libraries/liblmdb/mdb_dump.c:185:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "af:lnps:V")) != EOF) {
data/lmdb-0.9.24/libraries/liblmdb/mdb_load.c:309:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "f:ns:NTV")) != EOF) {
data/lmdb-0.9.24/libraries/liblmdb/mdb_stat.c:70:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((i = getopt(argc, argv, "Vaefnrs:")) != EOF) {
data/lmdb-0.9.24/libraries/liblmdb/mtest.c:38:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/lmdb-0.9.24/libraries/liblmdb/mtest2.c:40:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/lmdb-0.9.24/libraries/liblmdb/mtest3.c:41:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/lmdb-0.9.24/libraries/liblmdb/mtest5.c:41:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/lmdb-0.9.24/libraries/liblmdb/mtest6.c:43:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:583:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define DKBUF char kbuf[DKBUF_MAXKEYSIZE*2+1]
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:704:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[(sizeof(MDB_rxbody)+CACHELINE-1) & ~(CACHELINE-1)];
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:729:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtb_rmname[MNAME_LEN];
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:758:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[(sizeof(MDB_txbody)+CACHELINE-1) & ~(CACHELINE-1)];
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:762:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mt2_wmname[MNAME_LEN];
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:768:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[(MNAME_LEN+CACHELINE-1) & ~(CACHELINE-1)];
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:916:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mn_data[1]; /**< key and data are appended here */
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:1058:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mm_pad[PAGEHDRSZ];
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:1482:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MSGSIZE+PADSIZE], *ptr = buf;
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:1536:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[400];
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:1537:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.100s:%d: Assertion '%.200s' failed in %.40s()",
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:1581:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ptr += sprintf(ptr, "%02x", *c++);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:1583:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.*s", key->mv_size, key->mv_data);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:1591:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *const tp[2][2] = {{"", ": DB"}, {": sub-page", ": sub-DB"}};
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:2334:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, (lower + PAGEBASE + (Align-1)) & -Align);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:2335:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((pgno_t *)((char *)dst+upper), (pgno_t *)((char *)src+upper),
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:2338:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, psize - unused);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:2378:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np, mp, num * env->me_psize);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:2772:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(txn->mt_dbiseqs, env->me_dbiseqs, env->me_maxdbs * sizeof(unsigned int));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:2776:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(txn->mt_dbs, meta->mm_dbs, CORE_DBS * sizeof(MDB_db));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:2885:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(txn->mt_dbs, parent->mt_dbs, txn->mt_numdbs * sizeof(MDB_db));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:2896:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(env->me_pghead, ntxn->mnt_pgstate.mf_pghead, size);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:3183:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.mv_data, free_pgs, data.mv_size);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:3497:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parent->mt_dbs, txn->mt_dbs, txn->mt_numdbs * sizeof(MDB_db));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4284:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fname->mn_val, which & MDB_O_MASK, mode);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4359:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+7);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4363:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+7);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4368:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+2);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4372:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+4);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4376:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(uts.release+4);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4817:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encbuf[11];
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4848:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encbuf[11];
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:5626:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&flags, ((char *) data.mv_data + offsetof(MDB_db, md_flags)),
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:5633:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mc->mc_db, data.mv_data, sizeof(MDB_db));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:6687:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, key->mv_data, ksize);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:6748:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
dkey.mv_data = memcpy(fp+1, olddata.mv_data, olddata.mv_size);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:6829:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(METADATA(mp), METADATA(fp), NUMKEYS(fp) * fp->mp_pad);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:6831:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)mp + mp->mp_upper + PAGEBASE, (char *)fp + fp->mp_upper + PAGEBASE,
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:6833:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)(&mp->mp_ptrs), (char *)(&fp->mp_ptrs), NUMKEYS(fp) * sizeof(mp->mp_ptrs[0]));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:6899:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((size_t *)((char *)np + off),
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:6903:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np, omp, sz); /* Copy beginning of page */
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:6910:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(METADATA(omp), data->mv_data, data->mv_size);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:6924:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(olddata.mv_data, data->mv_data, data->mv_size);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:6926:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEKEY(leaf), key->mv_data, key->mv_size);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:7025:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(db, &mc->mc_xcursor->mx_db, sizeof(MDB_db));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:7047:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
data[0].mv_data = (char *)data[0].mv_data + data[0].mv_size;
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:7107:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(db, &mc->mc_xcursor->mx_db, sizeof(MDB_db));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:7295:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, key->mv_data, ksize);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:7355:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEKEY(node), key->mv_data, key->mv_size);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:7361:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndata, data->mv_data, sizeof(pgno_t));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:7365:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndata, data->mv_data, data->mv_size);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:7367:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndata, &ofp->mp_pgno, sizeof(pgno_t));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:7372:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndata, data->mv_data, data->mv_size);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:7531:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mx->mx_db, NODEDATA(node), sizeof(MDB_db));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:7768:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kbuf2[DKBUF_MAXKEYSIZE*2+1];
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:7814:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEKEY(node), key->mv_data, key->mv_size);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:8692:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp->mp_ptrs, split, rsize);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:8695:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ins, newkey->mv_data, ksize);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:8700:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rp->mp_ptrs, split, x * ksize);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:8702:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ins, newkey->mv_data, ksize);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:8703:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ins+ksize, split + x * ksize, rsize - x * ksize);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:8899:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEPTR(mp, nkeys-1), NODEPTR(copy, nkeys-1),
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:9038:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mc_wbuf[2];
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:9039:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mc_over[2];
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:9216:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEDATA(ni), &my->mc_next_pgno, sizeof(pgno_t));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:9227:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mo, omp, my->mc_env->me_psize);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:9256:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NODEDATA(ni), &db, sizeof(db));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:9832:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&txn->mt_dbs[slot], data.mv_data, sizeof(MDB_db));
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:10083:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:10278:10: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
need = MultiByteToWideChar(CP_UTF8, 0, src, -1, result, need);
data/lmdb-0.9.24/libraries/liblmdb/mdb_dump.c:280:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, key.mv_data, key.mv_size);
data/lmdb-0.9.24/libraries/liblmdb/mdb_load.c:75:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version=atoi((char *)dbuf.mv_data+STRLENOF("VERSION="));
data/lmdb-0.9.24/libraries/liblmdb/mdb_stat.c:235:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, key.mv_data, key.mv_size);
data/lmdb-0.9.24/libraries/liblmdb/midl.c:180:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ids[ids[0]+1], &app[1], app[0] * sizeof(MDB_ID));
data/lmdb-0.9.24/libraries/liblmdb/midl.h:68:34: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MDB_IDL_CPY( dst, src ) (memcpy( dst, src, MDB_IDL_SIZEOF( src ) ))
data/lmdb-0.9.24/libraries/liblmdb/mtest.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sval[32] = "";
data/lmdb-0.9.24/libraries/liblmdb/mtest.c:60:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%03x %d foo bar", values[i], values[i]);
data/lmdb-0.9.24/libraries/liblmdb/mtest.c:91:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%03x ", values[i]);
data/lmdb-0.9.24/libraries/liblmdb/mtest2.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sval[32] = "";
data/lmdb-0.9.24/libraries/liblmdb/mtest2.c:63:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%03x %d foo bar", values[i], values[i]);
data/lmdb-0.9.24/libraries/liblmdb/mtest2.c:90:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%03x ", values[i]);
data/lmdb-0.9.24/libraries/liblmdb/mtest3.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sval[32];
data/lmdb-0.9.24/libraries/liblmdb/mtest3.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kval[sizeof(int)];
data/lmdb-0.9.24/libraries/liblmdb/mtest3.c:68:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(kval, "%03x", values[i]);
data/lmdb-0.9.24/libraries/liblmdb/mtest3.c:69:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%03x %d foo bar", values[i], values[i]);
data/lmdb-0.9.24/libraries/liblmdb/mtest3.c:94:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(kval, "%03x", values[i & ~0x0f]);
data/lmdb-0.9.24/libraries/liblmdb/mtest3.c:95:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%03x %d foo bar", values[i], values[i]);
data/lmdb-0.9.24/libraries/liblmdb/mtest4.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sval[8];
data/lmdb-0.9.24/libraries/liblmdb/mtest4.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kval[sizeof(int)];
data/lmdb-0.9.24/libraries/liblmdb/mtest4.c:64:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(kval, "001");
data/lmdb-0.9.24/libraries/liblmdb/mtest4.c:66:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%07x", values[i]);
data/lmdb-0.9.24/libraries/liblmdb/mtest4.c:98:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%07x", values[3]+1);
data/lmdb-0.9.24/libraries/liblmdb/mtest4.c:103:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%07x", values[255]+1);
data/lmdb-0.9.24/libraries/liblmdb/mtest4.c:108:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%07x", values[500]+1);
data/lmdb-0.9.24/libraries/liblmdb/mtest4.c:130:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%07x", values[i]);
data/lmdb-0.9.24/libraries/liblmdb/mtest5.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sval[32];
data/lmdb-0.9.24/libraries/liblmdb/mtest5.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kval[sizeof(int)];
data/lmdb-0.9.24/libraries/liblmdb/mtest5.c:69:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(kval, "%03x", values[i]);
data/lmdb-0.9.24/libraries/liblmdb/mtest5.c:70:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%03x %d foo bar", values[i], values[i]);
data/lmdb-0.9.24/libraries/liblmdb/mtest5.c:96:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(kval, "%03x", values[i & ~0x0f]);
data/lmdb-0.9.24/libraries/liblmdb/mtest5.c:97:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%03x %d foo bar", values[i], values[i]);
data/lmdb-0.9.24/libraries/liblmdb/mtest6.c:27:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dkbuf[1024];
data/lmdb-0.9.24/libraries/liblmdb/mtest6.c:64:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%08x", kval);
data/lmdb-0.9.24/libraries/liblmdb/mtest6.c:71:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%08x", kval);
data/lmdb-0.9.24/libraries/liblmdb/mtest6.c:78:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%08x", kval);
data/lmdb-0.9.24/libraries/liblmdb/mtest6.c:100:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(kval, "%03x", values[i & ~0x0f]);
data/lmdb-0.9.24/libraries/liblmdb/mtest6.c:101:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sval, "%03x %d foo bar", values[i], values[i]);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:4178:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname->mn_len = strlen(path);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:9340:18: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
my.mc_wbuf[0] = memalign(env->me_os_psize, MDB_WBUF*2);
data/lmdb-0.9.24/libraries/liblmdb/mdb.c:9760:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/lmdb-0.9.24/libraries/liblmdb/mdb_load.c:184:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(stdin);
data/lmdb-0.9.24/libraries/liblmdb/mdb_load.c:209:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)c1);
data/lmdb-0.9.24/libraries/liblmdb/mdb_load.c:229:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)c1);
ANALYSIS SUMMARY:
Hits = 138
Lines analyzed = 14447 in approximately 0.63 seconds (23101 lines/second)
Physical Source Lines of Code (SLOC) = 9830
Hits@level = [0] 161 [1] 6 [2] 107 [3] 8 [4] 15 [5] 2
Hits@level+ = [0+] 299 [1+] 138 [2+] 132 [3+] 25 [4+] 17 [5+] 2
Hits/KSLOC@level+ = [0+] 30.4171 [1+] 14.0387 [2+] 13.4283 [3+] 2.54323 [4+] 1.7294 [5+] 0.203459
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.