Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/pgpool2-4.1.4/src/auth/md5.c Examining data/pgpool2-4.1.4/src/auth/pool_auth.c Examining data/pgpool2-4.1.4/src/auth/pool_passwd.c Examining data/pgpool2-4.1.4/src/auth/pool_hba.c Examining data/pgpool2-4.1.4/src/auth/auth-scram.c Examining data/pgpool2-4.1.4/src/config/pool_config.c Examining data/pgpool2-4.1.4/src/config/pool_config_variables.c Examining data/pgpool2-4.1.4/src/context/pool_session_context.c Examining data/pgpool2-4.1.4/src/context/pool_process_context.c Examining data/pgpool2-4.1.4/src/context/pool_query_context.c Examining data/pgpool2-4.1.4/src/main/main.c Examining data/pgpool2-4.1.4/src/main/pool_globals.c Examining data/pgpool2-4.1.4/src/main/pgpool_main.c Examining data/pgpool2-4.1.4/src/main/health_check.c Examining data/pgpool2-4.1.4/src/pcp_con/pcp_child.c Examining data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c Examining data/pgpool2-4.1.4/src/pcp_con/recovery.c Examining data/pgpool2-4.1.4/src/protocol/pool_proto2.c Examining data/pgpool2-4.1.4/src/protocol/child.c Examining data/pgpool2-4.1.4/src/protocol/pool_process_query.c Examining data/pgpool2-4.1.4/src/protocol/pool_connection_pool.c Examining data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c Examining data/pgpool2-4.1.4/src/protocol/CommandComplete.c Examining data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c Examining data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c Examining data/pgpool2-4.1.4/src/rewrite/pool_lobj.c Examining data/pgpool2-4.1.4/src/sql/pgpool-recovery/pgpool-recovery.c Examining data/pgpool2-4.1.4/src/sql/pgpool-regclass/pgpool-regclass.c Examining data/pgpool2-4.1.4/src/sql/pgpool_adm/pgpool_adm.c Examining data/pgpool2-4.1.4/src/sql/pgpool_adm/pgpool_adm.h Examining data/pgpool2-4.1.4/src/streaming_replication/pool_worker_child.c Examining data/pgpool2-4.1.4/src/test/C/test_extended.c Examining data/pgpool2-4.1.4/src/test/parser/main.c Examining data/pgpool2-4.1.4/src/test/parser/pool.h Examining data/pgpool2-4.1.4/src/test/regression/tests/010.rewrite_timestamp/timestamp/main.c Examining data/pgpool2-4.1.4/src/utils/error/elog.c Examining data/pgpool2-4.1.4/src/utils/error/assert.c Examining data/pgpool2-4.1.4/src/utils/mmgr/mcxt.c Examining data/pgpool2-4.1.4/src/utils/mmgr/aset.c Examining data/pgpool2-4.1.4/src/utils/pcp/pcp_stream.c Examining data/pgpool2-4.1.4/src/utils/pool_select_walker.c Examining data/pgpool2-4.1.4/src/utils/strlcpy.c Examining data/pgpool2-4.1.4/src/utils/psprintf.c Examining data/pgpool2-4.1.4/src/utils/pool_params.c Examining data/pgpool2-4.1.4/src/utils/ps_status.c Examining data/pgpool2-4.1.4/src/utils/pool_shmem.c Examining data/pgpool2-4.1.4/src/utils/pool_sema.c Examining data/pgpool2-4.1.4/src/utils/pool_signal.c Examining data/pgpool2-4.1.4/src/utils/pool_path.c Examining data/pgpool2-4.1.4/src/utils/pool_ip.c Examining data/pgpool2-4.1.4/src/utils/pool_relcache.c Examining data/pgpool2-4.1.4/src/utils/pool_process_reporting.c Examining data/pgpool2-4.1.4/src/utils/pool_ssl.c Examining data/pgpool2-4.1.4/src/utils/pool_stream.c Examining data/pgpool2-4.1.4/src/utils/getopt_long.c Examining data/pgpool2-4.1.4/src/utils/regex_array.c Examining data/pgpool2-4.1.4/src/utils/json_writer.c Examining data/pgpool2-4.1.4/src/utils/json.c Examining data/pgpool2-4.1.4/src/utils/scram-common.c Examining data/pgpool2-4.1.4/src/utils/base64.c Examining data/pgpool2-4.1.4/src/utils/sha2.c Examining data/pgpool2-4.1.4/src/utils/ssl_utils.c Examining data/pgpool2-4.1.4/src/utils/statistics.c Examining data/pgpool2-4.1.4/src/utils/sprompt.c Examining data/pgpool2-4.1.4/src/parser/gram.h Examining data/pgpool2-4.1.4/src/parser/gram.c Examining data/pgpool2-4.1.4/src/parser/gram_minimal.h Examining data/pgpool2-4.1.4/src/parser/gram_minimal.c Examining data/pgpool2-4.1.4/src/parser/copyfuncs.c Examining data/pgpool2-4.1.4/src/parser/keywords.c Examining data/pgpool2-4.1.4/src/parser/kwlookup.c Examining data/pgpool2-4.1.4/src/parser/list.c Examining data/pgpool2-4.1.4/src/parser/makefuncs.c Examining data/pgpool2-4.1.4/src/parser/nodes.c Examining data/pgpool2-4.1.4/src/parser/outfuncs.c Examining data/pgpool2-4.1.4/src/parser/parser.c Examining data/pgpool2-4.1.4/src/parser/pool_string.c Examining data/pgpool2-4.1.4/src/parser/scansup.c Examining data/pgpool2-4.1.4/src/parser/stringinfo.c Examining data/pgpool2-4.1.4/src/parser/value.c Examining data/pgpool2-4.1.4/src/parser/wchar.c Examining data/pgpool2-4.1.4/src/parser/scan.c Examining data/pgpool2-4.1.4/src/parser/snprintf.c Examining data/pgpool2-4.1.4/src/libs/pcp/pcp.c Examining data/pgpool2-4.1.4/src/include/pcp/pcp.h Examining data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h Examining data/pgpool2-4.1.4/src/include/pcp/pcp_stream.h Examining data/pgpool2-4.1.4/src/include/utils/pool_process_reporting.h Examining data/pgpool2-4.1.4/src/include/utils/base64.h Examining data/pgpool2-4.1.4/src/include/utils/getopt_long.h Examining data/pgpool2-4.1.4/src/include/utils/json.h Examining data/pgpool2-4.1.4/src/include/utils/memdebug.h Examining data/pgpool2-4.1.4/src/include/utils/memnodes.h Examining data/pgpool2-4.1.4/src/include/utils/memutils.h Examining data/pgpool2-4.1.4/src/include/utils/palloc.h Examining data/pgpool2-4.1.4/src/include/utils/pool_path.h Examining data/pgpool2-4.1.4/src/include/utils/regex_array.h Examining data/pgpool2-4.1.4/src/include/utils/sha2.h Examining data/pgpool2-4.1.4/src/include/utils/ssl_utils.h Examining data/pgpool2-4.1.4/src/include/utils/elog.h Examining data/pgpool2-4.1.4/src/include/utils/fe_ports.h Examining data/pgpool2-4.1.4/src/include/utils/json_writer.h Examining data/pgpool2-4.1.4/src/include/utils/pool_ip.h Examining data/pgpool2-4.1.4/src/include/utils/pool_ipc.h Examining data/pgpool2-4.1.4/src/include/utils/pool_relcache.h Examining data/pgpool2-4.1.4/src/include/utils/pool_select_walker.h Examining data/pgpool2-4.1.4/src/include/utils/pool_signal.h Examining data/pgpool2-4.1.4/src/include/utils/pool_stream.h Examining data/pgpool2-4.1.4/src/include/pool_type.h Examining data/pgpool2-4.1.4/src/include/auth/pool_passwd.h Examining data/pgpool2-4.1.4/src/include/auth/scram-common.h Examining data/pgpool2-4.1.4/src/include/auth/scram.h Examining data/pgpool2-4.1.4/src/include/auth/md5.h Examining data/pgpool2-4.1.4/src/include/auth/pool_hba.h Examining data/pgpool2-4.1.4/src/include/context/pool_process_context.h Examining data/pgpool2-4.1.4/src/include/context/pool_query_context.h Examining data/pgpool2-4.1.4/src/include/context/pool_session_context.h Examining data/pgpool2-4.1.4/src/include/query_cache/pool_memqcache.h Examining data/pgpool2-4.1.4/src/include/parser/explain.h Examining data/pgpool2-4.1.4/src/include/parser/extensible.h Examining data/pgpool2-4.1.4/src/include/parser/lockoptions.h Examining data/pgpool2-4.1.4/src/include/parser/pool_string.h Examining data/pgpool2-4.1.4/src/include/parser/gramparse.h Examining data/pgpool2-4.1.4/src/include/parser/keywords.h Examining data/pgpool2-4.1.4/src/include/parser/kwlist.h Examining data/pgpool2-4.1.4/src/include/parser/kwlist_d.h Examining data/pgpool2-4.1.4/src/include/parser/kwlookup.h Examining data/pgpool2-4.1.4/src/include/parser/makefuncs.h Examining data/pgpool2-4.1.4/src/include/parser/nodes.h Examining data/pgpool2-4.1.4/src/include/parser/parsenodes.h Examining data/pgpool2-4.1.4/src/include/parser/parser.h Examining data/pgpool2-4.1.4/src/include/parser/pg_class.h Examining data/pgpool2-4.1.4/src/include/parser/pg_config_manual.h Examining data/pgpool2-4.1.4/src/include/parser/pg_list.h Examining data/pgpool2-4.1.4/src/include/parser/pg_trigger.h Examining data/pgpool2-4.1.4/src/include/parser/pg_wchar.h Examining data/pgpool2-4.1.4/src/include/parser/pool_parser.h Examining data/pgpool2-4.1.4/src/include/parser/primnodes.h Examining data/pgpool2-4.1.4/src/include/parser/scanner.h Examining data/pgpool2-4.1.4/src/include/parser/scansup.h Examining data/pgpool2-4.1.4/src/include/parser/stringinfo.h Examining data/pgpool2-4.1.4/src/include/parser/value.h Examining data/pgpool2-4.1.4/src/include/pool_config.h Examining data/pgpool2-4.1.4/src/include/protocol/protocol_defs.h Examining data/pgpool2-4.1.4/src/include/protocol/pool_proto_modules.h Examining data/pgpool2-4.1.4/src/include/rewrite/pool_lobj.h Examining data/pgpool2-4.1.4/src/include/rewrite/pool_timestamp.h Examining data/pgpool2-4.1.4/src/include/version.h Examining data/pgpool2-4.1.4/src/include/watchdog/wd_utils.h Examining data/pgpool2-4.1.4/src/include/watchdog/watchdog.h Examining data/pgpool2-4.1.4/src/include/watchdog/wd_ipc_commands.h Examining data/pgpool2-4.1.4/src/include/watchdog/wd_ipc_defines.h Examining data/pgpool2-4.1.4/src/include/watchdog/wd_json_data.h Examining data/pgpool2-4.1.4/src/include/watchdog/wd_lifecheck.h Examining data/pgpool2-4.1.4/src/include/config.h Examining data/pgpool2-4.1.4/src/include/pool_config_variables.h Examining data/pgpool2-4.1.4/src/include/pgproto/buffer.h Examining data/pgpool2-4.1.4/src/include/pgproto/extended_query.h Examining data/pgpool2-4.1.4/src/include/pgproto/fe_memutils.h Examining data/pgpool2-4.1.4/src/include/pgproto/pgproto.h Examining data/pgpool2-4.1.4/src/include/pgproto/read.h Examining data/pgpool2-4.1.4/src/include/pgproto/send.h Examining data/pgpool2-4.1.4/src/include/pool.h Examining data/pgpool2-4.1.4/src/tools/fe_port.c Examining data/pgpool2-4.1.4/src/tools/fe_memutils.c Examining data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c Examining data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c Examining data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c Examining data/pgpool2-4.1.4/src/tools/pgproto/main.c Examining data/pgpool2-4.1.4/src/tools/pgproto/read.c Examining data/pgpool2-4.1.4/src/tools/pgproto/send.c Examining data/pgpool2-4.1.4/src/tools/pgproto/extended_query.c Examining data/pgpool2-4.1.4/src/tools/pgproto/buffer.c Examining data/pgpool2-4.1.4/src/tools/pgproto/fe_memutils.c Examining data/pgpool2-4.1.4/src/watchdog/watchdog.c Examining data/pgpool2-4.1.4/src/watchdog/wd_if.c Examining data/pgpool2-4.1.4/src/watchdog/wd_lifecheck.c Examining data/pgpool2-4.1.4/src/watchdog/wd_commands.c Examining data/pgpool2-4.1.4/src/watchdog/wd_json_data.c Examining data/pgpool2-4.1.4/src/watchdog/wd_ping.c Examining data/pgpool2-4.1.4/src/watchdog/wd_heartbeat.c Examining data/pgpool2-4.1.4/src/watchdog/wd_utils.c Examining data/pgpool2-4.1.4/src/watchdog/wd_escalation.c FINAL RESULTS: data/pgpool2-4.1.4/src/main/pgpool_main.c:985:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(un_addr_tmp.sun_path, 0777) == -1) data/pgpool2-4.1.4/src/utils/pool_select_walker.c:1292:3: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(tablename, rangevar->schemaname, POOL_NAMEDATALEN); data/pgpool2-4.1.4/src/utils/pool_select_walker.c:1306:2: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. strncat(tablename, rangevar->relname, POOL_NAMEDATALEN); data/pgpool2-4.1.4/src/auth/md5.c:399:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(crypt_buf, passwd); data/pgpool2-4.1.4/src/auth/pool_auth.c:165:20: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. crypt_password = crypt(password, salt); data/pgpool2-4.1.4/src/auth/pool_hba.c:1545:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inc_fullname, outer_filename); data/pgpool2-4.1.4/src/auth/pool_passwd.c:143:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(writebuf, linebuf); data/pgpool2-4.1.4/src/auth/pool_passwd.c:156:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(writebuf, linebuf); data/pgpool2-4.1.4/src/config/pool_config_variables.c:2749:4: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(output, buf, j + 1); data/pgpool2-4.1.4/src/config/pool_config_variables.c:4708:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buffer, sizeof(buffer), INT64_FORMAT, data/pgpool2-4.1.4/src/context/pool_query_context.c:1807:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rewritten_contents, name); data/pgpool2-4.1.4/src/context/pool_query_context.c:1808:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rewritten_contents + strlen(name) + 1, rewritten_query); data/pgpool2-4.1.4/src/context/pool_session_context.c:1216:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(message->query, query_context->original_query, sizeof(message->query)); data/pgpool2-4.1.4/src/context/pool_session_context.c:1235:4: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(message->statement, message->contents, sizeof(message->statement)); data/pgpool2-4.1.4/src/context/pool_session_context.c:1236:4: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(message->query, message->contents + strlen(message->contents) + 1, sizeof(message->query)); data/pgpool2-4.1.4/src/context/pool_session_context.c:1240:4: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(message->portal, message->contents, sizeof(message->portal)); data/pgpool2-4.1.4/src/context/pool_session_context.c:1241:4: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(message->statement, message->contents + strlen(message->contents) + 1, sizeof(message->statement)); data/pgpool2-4.1.4/src/context/pool_session_context.c:1245:4: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(message->portal, message->contents, sizeof(message->portal)); data/pgpool2-4.1.4/src/context/pool_session_context.c:1251:5: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(message->statement, message->contents + 1, sizeof(message->statement)); data/pgpool2-4.1.4/src/context/pool_session_context.c:1253:5: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(message->portal, message->contents + 1, sizeof(message->portal)); data/pgpool2-4.1.4/src/context/pool_session_context.c:1878:3: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(table->tablename, tablename, sizeof(table->tablename)); data/pgpool2-4.1.4/src/include/parser/pg_config_manual.h:31:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define PG_PRINTF_ATTRIBUTE printf data/pgpool2-4.1.4/src/include/parser/stringinfo.h:36:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #ifndef vsnprintf data/pgpool2-4.1.4/src/include/parser/stringinfo.h:39:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf(...) pg_vsnprintf(__VA_ARGS__) data/pgpool2-4.1.4/src/include/parser/stringinfo.h:41:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf pg_vsnprintf data/pgpool2-4.1.4/src/include/pool_type.h:396:9: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define StrNCpy(dst,src,len) \ data/pgpool2-4.1.4/src/include/utils/fe_ports.h:56:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 1, 2))); data/pgpool2-4.1.4/src/include/utils/fe_ports.h:60:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 1, 2))); data/pgpool2-4.1.4/src/include/utils/fe_ports.h:64:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 1, 2))); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1626:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(msgBuf, sizeof(msgBuf), fmt, args); data/pgpool2-4.1.4/src/main/health_check.c:508:3: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(buf, "%d\t%s", &node_id, status); data/pgpool2-4.1.4/src/main/health_check.c:542:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(writebuf, p); data/pgpool2-4.1.4/src/main/pgpool_main.c:3108:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. r = system(exec_cmd->data); data/pgpool2-4.1.4/src/main/pgpool_main.c:3943:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s\n", status); data/pgpool2-4.1.4/src/parser/gram.c:25621:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/pgpool2-4.1.4/src/parser/gram_minimal.c:25276:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/pgpool2-4.1.4/src/parser/scan.c:861:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/pgpool2-4.1.4/src/parser/scan.c:862:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf(file, fmt, msg) fprintf_to_ereport(fmt, msg) data/pgpool2-4.1.4/src/parser/snprintf.c:160:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef vsnprintf data/pgpool2-4.1.4/src/parser/snprintf.c:161:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef snprintf data/pgpool2-4.1.4/src/parser/snprintf.c:162:8: [4] (buffer) vsprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #undef vsprintf data/pgpool2-4.1.4/src/parser/snprintf.c:163:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #undef sprintf data/pgpool2-4.1.4/src/parser/snprintf.c:164:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef vfprintf data/pgpool2-4.1.4/src/parser/snprintf.c:165:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/pgpool2-4.1.4/src/parser/snprintf.c:166:8: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef vprintf data/pgpool2-4.1.4/src/parser/snprintf.c:167:8: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef printf data/pgpool2-4.1.4/src/parser/snprintf.c:1245:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. vallen = sprintf(convert, fmt, prec, value); data/pgpool2-4.1.4/src/parser/snprintf.c:1252:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. vallen = sprintf(convert, fmt, value); data/pgpool2-4.1.4/src/parser/snprintf.c:1383:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. vallen = sprintf(convert, fmt, precision, value); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:863:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(standby_delay_str, sizeof(standby_delay_str), UINT64_FORMAT, bi->standby_delay); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:865:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(status_changed_time_str, sizeof(status_changed_time_str), UINT64_FORMAT, bi->status_changed_time); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2643:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(qbuf, sizeof(qbuf), ROWLOCKQUERY3, table); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2645:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(qbuf, sizeof(qbuf), ROWLOCKQUERY2, table); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2649:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(qbuf, sizeof(qbuf), ROWLOCKQUERY, table); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:3778:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p, str); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:825:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(hex_str, sizeof(hex_str), (i == 0) ? " %02X" : "%02X", 0xff & query_in_bind_msg[i]); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:833:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(search_query, hex_str); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1202:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(contents, name); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1203:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(contents + strlen(name) + 1, rewrite_query); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:3463:5: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(message_body + 1, bind_message->contents + offset, sizeof(message_body) - 1); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1541:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(query, sizeof(query), DATABASE_TO_OID_QUERY, dbname); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1735:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(command) == -1) data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1757:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(command) == -1) data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1238:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, res->data[0]); data/pgpool2-4.1.4/src/sql/pgpool-recovery/pgpool-recovery.c:123:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. r = system(recovery_script); data/pgpool2-4.1.4/src/sql/pgpool-recovery/pgpool-recovery.c:155:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. r = system(recovery_script); data/pgpool2-4.1.4/src/sql/pgpool-recovery/pgpool-recovery.c:208:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. r = system(command_text); data/pgpool2-4.1.4/src/test/parser/main.c:29:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(cmd, "pset %s %s", name, value) == 2) data/pgpool2-4.1.4/src/test/parser/pool.h:7:20: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define pool_error printf data/pgpool2-4.1.4/src/tools/fe_port.c:87:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt2, ap); data/pgpool2-4.1.4/src/tools/fe_port.c:99:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:483:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(format_string, data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:612:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(frmt, data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:875:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf2, sizeof(buf2), buf, titles[i], types[i]); data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:348:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *) b64_enc, (char *) PASSWORD_AES_PREFIX); data/pgpool2-4.1.4/src/tools/pgproto/main.c:228:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(conninfo, user); data/pgpool2-4.1.4/src/utils/error/elog.c:2307:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(errorstr_buf, sizeof(errorstr_buf), data/pgpool2-4.1.4/src/utils/error/elog.c:2462:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/pgpool2-4.1.4/src/utils/error/elog.c:2465:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(errbuf, sizeof(errbuf), fmt, ap); data/pgpool2-4.1.4/src/utils/json.c:1038:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(error_buf, error); data/pgpool2-4.1.4/src/utils/mmgr/mcxt.c:677:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(node->name, name); data/pgpool2-4.1.4/src/utils/pool_ip.c:322:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(unp->sun_path, path); data/pgpool2-4.1.4/src/utils/pool_params.c:129:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(params->values[pos], value); data/pgpool2-4.1.4/src/utils/pool_path.c:164:3: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(ret_path, head, MAXPGPATH); data/pgpool2-4.1.4/src/utils/pool_path.c:358:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(new, "%s/%s", cwd, path); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:174:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "listen_addresses", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:176:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "host name(s) or IP address(es) to listen on", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:179:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "port", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:181:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "pgpool accepting port number", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:185:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "socket_dir", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:187:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "pgpool socket directory", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:190:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "pcp_listen_addresses", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:192:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "host name(s) or IP address(es) for pcp process to listen on", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:195:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "pcp_port", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:197:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "PCP port # to bind", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:200:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "pcp_socket_dir", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:202:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "PCP socket directory", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:206:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "enable_pool_hba", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:208:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "if true, use pool_hba.conf for client authentication", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:211:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "pool_passwd", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:213:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "file name of pool_passwd for md5 authentication", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:216:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "authentication_timeout", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:218:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "maximum time in seconds to complete client authentication", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:221:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "allow_clear_text_frontend_auth", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:223:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "allow to use clear text password auth when pool_passwd does not contain password", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:227:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "ssl", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:229:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "SSL support", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:232:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "ssl_key", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:234:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "path to the SSL private key file", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:237:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "ssl_cert", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:239:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "path to the SSL public certificate file", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:242:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "ssl_ca_cert", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:244:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "path to a single PEM format file", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:247:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "ssl_ca_cert_dir", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:249:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "directory containing CA root certificate(s)", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:252:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "ssl_ciphers", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:254:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "allowed SSL ciphers", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:257:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "ssl_prefer_server_ciphers", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:259:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Use server's SSL cipher preferences", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:262:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "ssl_ecdh_curve", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:264:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "the curve to use in ECDH key exchange", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:267:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "ssl_dh_params_file", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:269:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "path to the Diffie-Hellman parameters contained file", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:275:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "num_init_children", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:277:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "# of children initially pre-forked", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:280:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "listen_backlog_multiplier", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:282:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "determines the size of the queue for pending connections", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:285:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "serialize_accept", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:287:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "whether to serialize accept() call", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:290:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "reserved_connections", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:292:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "number of reserved connections", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:295:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "max_pool", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:297:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "max # of connection pool per child", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:301:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "child_life_time", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:303:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "if idle for this seconds, child exits", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:306:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "child_max_connections", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:308:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "if max_connections received, child exits", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:311:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "connection_life_time", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:313:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "if idle for this seconds, connection closes", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:316:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "client_idle_limit", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:318:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "if idle for this seconds, child connection closes", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:324:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "log_destination", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:326:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "logging destination", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:330:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "log_line_prefix", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:332:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "printf-style string to output at beginning of each log line", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:335:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "log_error_verbosity", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:337:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "controls how much detail about error should be emitted", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:340:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "client_min_messages", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:342:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "controls which message should be sent to client", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:345:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "log_min_messages", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:347:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "controls which message should be emitted to server log", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:350:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "log_connections", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:352:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "if true, print incoming connections to the log", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:355:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "log_hostname", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:357:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "if true, resolve hostname for ps and log print", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:360:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "log_statement", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:362:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "if non 0, logs all SQL statements", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:365:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "log_per_node_statement", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:367:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "if non 0, logs all SQL statements on each node", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:370:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "log_client_messages", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:372:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "if non 0, logs any client messages", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:375:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "log_standby_delay", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:377:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "how to log standby delay", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:381:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "syslog_facility", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:383:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "syslog local faclity", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:386:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "syslog_ident", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:388:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "syslog program ident string", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:393:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "pid_file_name", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:395:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "path to pid file", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:398:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "logdir", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:400:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "PgPool status file logging directory", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:405:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "connection_cache", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:407:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "if true, cache connection pool", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:410:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "reset_query_list", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:420:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "queries issued at the end of session", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:425:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "replication_mode", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:427:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "non 0 if operating in replication mode", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:430:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "replicate_select", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:432:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "non 0 if SELECT statement is replicated", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:435:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "insert_lock", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:437:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "insert lock", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:440:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "lobj_lock_table", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:442:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "table name used for large object replication control", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:446:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "replication_stop_on_mismatch", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:448:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "stop replication mode on fatal error", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:451:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "failover_if_affected_tuples_mismatch", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:453:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "failover if affected tuples are mismatch", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:458:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "load_balance_mode", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:460:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "non 0 if operating in load balancing mode", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:463:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "ignore_leading_white_space", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:465:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "ignore leading white spaces", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:468:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "white_function_list", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:478:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "functions those do not write to database", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:481:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "black_function_list", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:491:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "functions those write to database", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:494:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "black_query_pattern_list", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:504:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "query patterns that should be sent to primary node", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:507:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "disable_load_balance_on_write", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:509:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Load balance behavior when write query is received", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:512:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "statement_level_load_balance", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:514:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "statement level load balancing", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:519:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "master_slave_mode", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:521:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "if true, operate in master/slave mode", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:524:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "master_slave_sub_mode", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:526:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "master/slave sub mode", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:530:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "sr_check_period", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:532:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "sr check period", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:535:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "sr_check_user", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:537:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "sr check user", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:540:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "sr_check_password", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:542:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "sr check password", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:545:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "sr_check_database", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:547:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "sr check database", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:550:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "delay_threshold", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:551:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(status[i].value, POOLCONFIG_MAXVALLEN, INT64_FORMAT, pool_config->delay_threshold); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:552:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "standby delay threshold", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:556:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "follow_master_command", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:558:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "follow master command", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:561:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "database_redirect_preference_list", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:563:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "redirect by database name", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:566:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "app_name_redirect_preference_list", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:568:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "redirect by application name", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:571:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "allow_sql_comments", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:573:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "allow SQL comments", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:578:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "health_check_period", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:580:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "health check period", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:583:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "health_check_timeout", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:585:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "health check timeout", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:588:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "health_check_user", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:590:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "health check user", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:593:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "health_check_password", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:595:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "health check password", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:598:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "health_check_database", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:600:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "health check database", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:603:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "health_check_max_retries", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:605:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "health check max retries", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:608:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "health_check_retry_delay", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:610:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "health check retry delay", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:613:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "connect_timeout", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:615:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "connect timeout", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:620:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "failover_command", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:622:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "failover command", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:625:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "failback_command", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:627:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "failback command", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:630:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "failover_on_backend_error", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:632:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "failover on backend error", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:635:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "detach_false_primary", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:637:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "detach false primary", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:640:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "auto_failback", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:642:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "auto_failback", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:645:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "auto_failback_interval", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:647:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "auto_failback_interval", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:652:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "recovery_user", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:654:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "online recovery user", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:657:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "recovery_1st_stage_command", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:659:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "execute a command in first stage.", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:662:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "recovery_2nd_stage_command", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:664:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "execute a command in second stage.", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:667:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "recovery_timeout", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:669:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "max time in seconds to wait for the recovering node's postmaster", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:672:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "search_primary_node_timeout", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:674:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "max time in seconds to search for primary node after failover", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:677:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "client_idle_limit_in_recovery", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:679:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "if idle for this seconds, child connection closes in recovery 2nd statge", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:684:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "relcache_expire", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:686:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "relation cache expiration time in seconds", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:689:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "relcache_size", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:691:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "number of relation cache entry", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:694:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "check_temp_table", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:696:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "enable temporary table check", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:699:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "check_unlogged_table", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:701:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "enable unlogged table check", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:704:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "enable_shared_relcache", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:706:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "If true, relation cache stored in memory cache", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:709:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "relcache_query_target", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:711:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Target node to send relcache queries", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:717:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "use_watchdog", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:719:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "non 0 if operating in use_watchdog", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:722:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_ipc_socket_dir", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:724:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "watchdog ipc socket directory", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:727:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_lifecheck_method", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:729:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "method of watchdog lifecheck", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:732:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "clear_memqcache_on_escalation", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:734:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "If true, clear all the query caches in shared memory when escalation occurs", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:737:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_escalation_command", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:739:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "command executed when escalation occurs", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:742:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_de_escalation_command", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:744:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "command executed when master pgpool resigns occurs", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:747:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "trusted_servers", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:749:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "upper server list to observe connection", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:752:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "delegate_IP", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:754:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "delegate IP address of master pgpool", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:757:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_hostname", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:759:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Host name or IP address of this watchdog", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:762:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_port", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:764:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "watchdog port number", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:767:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_priority", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:769:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "watchdog priority", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:772:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_interval", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:774:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "life check interval (second)", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:777:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "ping_path", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:779:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "path to ping command", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:782:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "if_cmd_path", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:784:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "path to interface up/down command", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:787:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "if_up_cmd", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:789:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "virtual interface up command with full parameters", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:792:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "if_down_cmd", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:794:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "virtual interface down command with full parameters", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:797:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "arping_path", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:799:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "path to arping command", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:802:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "arping_cmd", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:804:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "send ARP REQUESTi to neighbour host", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:807:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_heartbeat_port", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:809:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "port number for receiving heartbeat signal", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:812:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_heartbeat_keepalive", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:814:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "interval time of sending heartbeat siganl (sec)", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:817:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_heartbeat_deadtime", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:819:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "deadtime interval for heartbeat siganl (sec)", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:822:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_life_point", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:824:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "retry times of life check", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:827:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_lifecheck_query", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:829:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "lifecheck query to pgpool from watchdog", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:832:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_lifecheck_dbname", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:834:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "database name connected for lifecheck", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:837:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_lifecheck_user", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:839:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "watchdog user monitoring pgpools in lifecheck", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:842:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_lifecheck_password", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:844:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "password for watchdog user in lifecheck", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:847:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "wd_monitoring_interfaces_list", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:857:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "interfaces to monitor by watchdog", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:864:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "memory_cache_enabled", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:866:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "If true, use the memory cache functionality, false by default", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:869:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "memqcache_method", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:871:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Cache store method. either shmem(shared memory) or Memcached. shmem by default", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:874:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "memqcache_memcached_host", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:876:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Memcached host name. Mandatory if memqcache_method=memcached", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:879:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "memqcache_memcached_port", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:881:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Memcached port number. Mondatory if memqcache_method=memcached", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:884:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "memqcache_total_size", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:886:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Total memory size in bytes for storing memory cache. Mandatory if memqcache_method=shmem", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:889:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "memqcache_max_num_cache", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:891:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Total number of cache entries", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:894:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "memqcache_expire", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:896:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Memory cache entry life time specified in seconds. 60 by default", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:899:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "memqcache_auto_cache_invalidation", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:901:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "If true, invalidation of query cache is triggered by corresponding DDL/DML/DCL(and memqcache_expire). If false, it is only triggered by memqcache_expire. True by default.", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:904:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "memqcache_maxcache", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:906:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Maximum SELECT result size in bytes", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:909:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "memqcache_cache_block_size", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:911:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Cache block size in bytes. 8192 by default", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:914:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "memqcache_cache_oiddir", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:916:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Tempory work directory to record table oids", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:919:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "memqcache_stats_start_time", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:921:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Start time of query cache stats", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:924:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "memqcache_no_cache_hits", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:926:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Number of SELECTs not hitting query cache", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:929:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "memqcache_cache_hits", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:931:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "Number of SELECTs hitting query cache", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:934:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "white_memqcache_table_list", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:944:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "tables to memqcache", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:947:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].name, "black_memqcache_table_list", POOLCONFIG_MAXNAMELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:957:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(status[i].desc, "tables not to memqcache", POOLCONFIG_MAXDESCLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:993:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(status[i].value, POOLCONFIG_MAXVALLEN, UINT64_FORMAT, BACKEND_INFO(j).standby_delay); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1250:3: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(nodes[i].hostname, bi->backend_hostname, strlen(bi->backend_hostname) + 1); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1254:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(nodes[i].select, POOLCONFIG_MAXWEIGHTLEN, UINT64_FORMAT, stat_get_select_count(i)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1269:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(nodes[i].delay, POOLCONFIG_MAXWEIGHTLEN, UINT64_FORMAT, bi->standby_delay); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1497:6: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(pools[lines].database, "", POOLCONFIG_MAXIDENTLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1498:6: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(pools[lines].username, "", POOLCONFIG_MAXIDENTLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1505:6: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(pools[lines].database, pi->connection_info[poolBE].database, POOLCONFIG_MAXIDENTLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1506:6: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(pools[lines].username, pi->connection_info[poolBE].user, POOLCONFIG_MAXIDENTLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1689:3: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(processes[child].database, "", POOLCONFIG_MAXIDENTLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1690:3: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(processes[child].username, "", POOLCONFIG_MAXIDENTLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1691:3: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(processes[child].create_time, "", POOLCONFIG_MAXDATELEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1692:3: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(processes[child].pool_counter, "", POOLCONFIG_MAXCOUNTLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1699:5: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(processes[child].database, pi->connection_info[poolBE].database, POOLCONFIG_MAXIDENTLEN); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1700:5: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(processes[child].username, pi->connection_info[poolBE].user, POOLCONFIG_MAXIDENTLEN); data/pgpool2-4.1.4/src/utils/pool_relcache.c:206:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(query, sizeof(query), relcache->sql, table); data/pgpool2-4.1.4/src/utils/ps_status.c:347:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "pgident: %s", ps_buffer); data/pgpool2-4.1.4/src/utils/psprintf.c:124:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. nprinted = vsnprintf(buf, len, fmt, args); data/pgpool2-4.1.4/src/watchdog/watchdog.c:755:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(g_cluster.remoteNodes[i].hostname, pool_config->wd_remote_nodes.wd_remote_node_info[i].hostname); data/pgpool2-4.1.4/src/watchdog/wd_commands.c:87:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(watchdog_ipc_address, wd_ipc_sock_addr); data/pgpool2-4.1.4/src/watchdog/wd_escalation.c:113:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int r = system(pool_config->wd_escalation_command); data/pgpool2-4.1.4/src/watchdog/wd_escalation.c:189:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int r = system(pool_config->wd_de_escalation_command); data/pgpool2-4.1.4/src/watchdog/wd_if.c:318:12: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status = execv(path, args); data/pgpool2-4.1.4/src/watchdog/wd_lifecheck.c:627:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(gslifeCheckCluster->lifeCheckNodes[i].hostName, nodeInfo->hostName); data/pgpool2-4.1.4/src/watchdog/wd_lifecheck.c:628:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(gslifeCheckCluster->lifeCheckNodes[i].nodeName, nodeInfo->nodeName); data/pgpool2-4.1.4/src/watchdog/wd_ping.c:140:12: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status = execv(ping_path, args); data/pgpool2-4.1.4/src/auth/pool_auth.c:2268:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(random_seed); data/pgpool2-4.1.4/src/auth/pool_auth.c:2271:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return random(); data/pgpool2-4.1.4/src/include/utils/getopt_long.h:39:12: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt_long(int argc, char *const argv[], data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1833:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((passfile_env = getenv("PCPPASSFILE")) != NULL) data/pgpool2-4.1.4/src/main/main.c:112:16: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "a:df:k:F:hm:nDCxv", long_options, &optindex)) != -1) data/pgpool2-4.1.4/src/main/main.c:420:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((passfile_env = getenv(POOLKEYFILEENV)) != NULL) data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:113:2: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom((unsigned int) (getpid() ^ uptime.tv_usec)); data/pgpool2-4.1.4/src/protocol/child.c:197:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned int) now.tv_usec); data/pgpool2-4.1.4/src/protocol/child.c:199:2: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom((unsigned int) now.tv_usec); data/pgpool2-4.1.4/src/protocol/child.c:1627:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. r = (((double) random()) / RAND_MAX); data/pgpool2-4.1.4/src/protocol/child.c:1755:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. r = (((double) random()) / RAND_MAX) * total_weight; data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:169:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt_long(argc, argv, current_app_type->allowed_options, long_options, &optindex)) != -1) data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:92:16: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "hPpmf:u:k:K:", long_options, &optindex)) != -1) data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:442:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((passfile_env = getenv(POOLKEYFILEENV)) != NULL) data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:79:16: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "hpmf:u:", long_options, &optindex)) != -1) data/pgpool2-4.1.4/src/tools/pgproto/main.c:74:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv("PGHOST")) != NULL && *env != '\0') data/pgpool2-4.1.4/src/tools/pgproto/main.c:76:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv("PGPORT")) != NULL && *env != '\0') data/pgpool2-4.1.4/src/tools/pgproto/main.c:78:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv("PGDATABASE")) != NULL && *env != '\0') data/pgpool2-4.1.4/src/tools/pgproto/main.c:80:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv("PGUSER")) != NULL && *env != '\0') data/pgpool2-4.1.4/src/tools/pgproto/main.c:83:16: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt_long(argc, argv, "v?Dh:p:u:d:f:r:", long_options, &optindex)) != -1) data/pgpool2-4.1.4/src/utils/getopt_long.c:53:1: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. getopt_long(int argc, char *const argv[], data/pgpool2-4.1.4/src/utils/sprompt.c:112:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. || (getenv("OSTYPE") && strcmp(getenv("OSTYPE"), "msys") == 0) data/pgpool2-4.1.4/src/utils/sprompt.c:112:34: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. || (getenv("OSTYPE") && strcmp(getenv("OSTYPE"), "msys") == 0) data/pgpool2-4.1.4/src/auth/auth-scram.c:155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ServerSignature[SCRAM_KEY_LEN]; data/pgpool2-4.1.4/src/auth/auth-scram.c:191:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ClientProof[SCRAM_KEY_LEN]; data/pgpool2-4.1.4/src/auth/auth-scram.c:457:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char saltbuf[SCRAM_DEFAULT_SALT_LEN]; data/pgpool2-4.1.4/src/auth/auth-scram.c:702:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[5]; data/pgpool2-4.1.4/src/auth/auth-scram.c:1026:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_nonce[SCRAM_RAW_NONCE_LEN]; data/pgpool2-4.1.4/src/auth/auth-scram.c:1116:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->ClientProof, client_proof, SCRAM_KEY_LEN); data/pgpool2-4.1.4/src/auth/auth-scram.c:1126:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->client_final_message_without_proof, input, proof - begin); data/pgpool2-4.1.4/src/auth/auth-scram.c:1187:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char mockNonce[MOCK_AUTH_NONCE_LEN] = "pgpool-II random nonce string"; data/pgpool2-4.1.4/src/auth/auth-scram.c:1377:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_nonce[SCRAM_RAW_NONCE_LEN + 1]; data/pgpool2-4.1.4/src/auth/auth-scram.c:1649:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char saltbuf[SCRAM_DEFAULT_SALT_LEN]; data/pgpool2-4.1.4/src/auth/md5.c:133:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, b, sizeof(uint8) * len); data/pgpool2-4.1.4/src/auth/md5.c:400:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crypt_buf + passwd_len, salt, salt_len); data/pgpool2-4.1.4/src/auth/md5.c:432:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crypt_buf, passwd, passwd_len); data/pgpool2-4.1.4/src/auth/md5.c:433:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crypt_buf + passwd_len, salt, salt_len); data/pgpool2-4.1.4/src/auth/md5.c:435:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "md5"); data/pgpool2-4.1.4/src/auth/pool_auth.c:159:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[3]; data/pgpool2-4.1.4/src/auth/pool_auth.c:182:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[4]; data/pgpool2-4.1.4/src/auth/pool_auth.c:198:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf1, password + 3, MD5_PASSWD_LEN + 1); data/pgpool2-4.1.4/src/auth/pool_auth.c:203:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, "md5", 3); data/pgpool2-4.1.4/src/auth/pool_auth.c:926:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password[MAX_PASSWORD_SIZE]; data/pgpool2-4.1.4/src/auth/pool_auth.c:927:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char userPassword[MAX_PASSWORD_SIZE]; data/pgpool2-4.1.4/src/auth/pool_auth.c:939:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(frontend->password, password, frontend->pwd_size); data/pgpool2-4.1.4/src/auth/pool_auth.c:1107:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(backend->password, pwd, backend->pwd_size); data/pgpool2-4.1.4/src/auth/pool_auth.c:1119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[2]; data/pgpool2-4.1.4/src/auth/pool_auth.c:1121:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char password[MAX_PASSWORD_SIZE]; data/pgpool2-4.1.4/src/auth/pool_auth.c:1258:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(backend->password, password, backend->pwd_size); data/pgpool2-4.1.4/src/auth/pool_auth.c:1259:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(backend->salt, salt, sizeof(salt)); data/pgpool2-4.1.4/src/auth/pool_auth.c:1365:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char data[MAX_PASSWORD_SIZE]; data/pgpool2-4.1.4/src/auth/pool_auth.c:1396:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&inputlen, ptr, sizeof(int)); data/pgpool2-4.1.4/src/auth/pool_auth.c:1522:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[4]; data/pgpool2-4.1.4/src/auth/pool_auth.c:1524:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password[MAX_PASSWORD_SIZE]; data/pgpool2-4.1.4/src/auth/pool_auth.c:1525:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char userPassword[MAX_PASSWORD_SIZE]; data/pgpool2-4.1.4/src/auth/pool_auth.c:1526:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encbuf[POOL_PASSWD_LEN + 1]; data/pgpool2-4.1.4/src/auth/pool_auth.c:1613:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[4]; data/pgpool2-4.1.4/src/auth/pool_auth.c:1615:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char password[MAX_PASSWORD_SIZE]; data/pgpool2-4.1.4/src/auth/pool_auth.c:1674:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(backend->password, password, backend->pwd_size); data/pgpool2-4.1.4/src/auth/pool_auth.c:1675:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(backend->salt, salt, sizeof(salt)); data/pgpool2-4.1.4/src/auth/pool_auth.c:1733:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[4]; data/pgpool2-4.1.4/src/auth/pool_auth.c:1734:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char userPassword[MAX_PASSWORD_SIZE]; data/pgpool2-4.1.4/src/auth/pool_auth.c:1737:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encbuf[POOL_PASSWD_LEN + 1]; data/pgpool2-4.1.4/src/auth/pool_auth.c:1793:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(backend->password, frontend->password, frontend->pwd_size); data/pgpool2-4.1.4/src/auth/pool_auth.c:2283:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char payload[MAX_SASL_PAYLOAD_LEN]; data/pgpool2-4.1.4/src/auth/pool_auth.c:2315:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(backend->password, frontend->password, frontend->pwd_size); data/pgpool2-4.1.4/src/auth/pool_auth.c:2518:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(challenge, payload, payloadlen); data/pgpool2-4.1.4/src/auth/pool_hba.c:196:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(hbapath, "r"); data/pgpool2-4.1.4/src/auth/pool_hba.c:473:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&parsedline->addr, gai_result->ai_addr, data/pgpool2-4.1.4/src/auth/pool_hba.c:574:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&parsedline->mask, gai_result->ai_addr, data/pgpool2-4.1.4/src/auth/pool_hba.c:810:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostinfo[NI_MAXHOST]; data/pgpool2-4.1.4/src/auth/pool_hba.c:1304:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_hostname[NI_MAXHOST]; data/pgpool2-4.1.4/src/auth/pool_hba.c:1551:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inc_file = fopen(inc_fullname, "r"); data/pgpool2-4.1.4/src/auth/pool_hba.c:1645:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rawline[MAX_LINE]; data/pgpool2-4.1.4/src/auth/pool_hba.c:1732:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_TOKEN]; data/pgpool2-4.1.4/src/auth/pool_hba.c:1887:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hbatoken->string, token, toklen + 1); data/pgpool2-4.1.4/src/auth/pool_passwd.c:42:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char saved_passwd_filename[POOLMAXPATHLEN + 1]; data/pgpool2-4.1.4/src/auth/pool_passwd.c:65:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(saved_passwd_filename, pool_passwd_filename, len); data/pgpool2-4.1.4/src/auth/pool_passwd.c:74:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). passwd_fd = fopen(pool_passwd_filename, openmode); data/pgpool2-4.1.4/src/auth/pool_passwd.c:80:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). passwd_fd = fopen(pool_passwd_filename, "w+"); data/pgpool2-4.1.4/src/auth/pool_passwd.c:99:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuf[LINE_LEN]; data/pgpool2-4.1.4/src/auth/pool_passwd.c:163:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). passwd_fd = fopen(saved_passwd_filename, "w+"); data/pgpool2-4.1.4/src/auth/pool_passwd.c:187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_USER_NAME_LEN + 1]; data/pgpool2-4.1.4/src/auth/pool_passwd.c:188:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char passwd[MAX_POOL_PASSWD_LEN + 1]; data/pgpool2-4.1.4/src/auth/pool_passwd.c:258:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tok[MAX_TOKEN_LEN + 1]; data/pgpool2-4.1.4/src/auth/pool_passwd.c:338:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/pgpool2-4.1.4/src/auth/pool_passwd.c:546:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b64_dec[MAX_PGPASS_LEN * 2]; data/pgpool2-4.1.4/src/auth/pool_passwd.c:547:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char plaintext[MAX_PGPASS_LEN]; data/pgpool2-4.1.4/src/auth/pool_passwd.c:619:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LINELEN]; data/pgpool2-4.1.4/src/auth/pool_passwd.c:645:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(key_file_path, "r"); data/pgpool2-4.1.4/src/config/pool_config.c:2064:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(config_file, "r"); data/pgpool2-4.1.4/src/config/pool_config.c:2290:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; /* should be large enough */ data/pgpool2-4.1.4/src/config/pool_config_variables.c:2843:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *index = atoi(name + index_start_index); data/pgpool2-4.1.4/src/config/pool_config_variables.c:3204:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newval = atoi(value); data/pgpool2-4.1.4/src/config/pool_config_variables.c:3302:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newval = atoi(value); data/pgpool2-4.1.4/src/config/pool_config_variables.c:3623:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newval = atoi(value); data/pgpool2-4.1.4/src/config/pool_config_variables.c:4032:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[10]; data/pgpool2-4.1.4/src/config/pool_config_variables.c:4065:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; data/pgpool2-4.1.4/src/config/pool_config_variables.c:4387:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localhostname[256]; data/pgpool2-4.1.4/src/config/pool_config_variables.c:4659:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/pgpool2-4.1.4/src/config/pool_config_variables.c:5122:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_NAME_LEN + 1]; data/pgpool2-4.1.4/src/config/pool_config_variables.c:5188:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_NAME_LEN + 1]; data/pgpool2-4.1.4/src/context/pool_query_context.c:123:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(qc, query_context, sizeof(POOL_QUERY_CONTEXT)); data/pgpool2-4.1.4/src/context/pool_query_context.c:974:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[QUERY_STRING_BUFFER_LEN]; data/pgpool2-4.1.4/src/context/pool_query_context.c:1809:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rewritten_contents + strlen(name) + strlen(rewritten_query) + 2, data/pgpool2-4.1.4/src/context/pool_session_context.c:258:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->query_context->where_to_send, s->where_to_send_save, sizeof(s->where_to_send_save)); data/pgpool2-4.1.4/src/context/pool_session_context.c:548:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->contents, contents, len); data/pgpool2-4.1.4/src/context/pool_session_context.c:914:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, sizeof(bool) * MAX_NUM_BACKENDS); data/pgpool2-4.1.4/src/context/pool_session_context.c:1148:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->contents, contents, len); data/pgpool2-4.1.4/src/context/pool_session_context.c:1426:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg, message, sizeof(POOL_PENDING_MESSAGE)); data/pgpool2-4.1.4/src/context/pool_session_context.c:1428:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->contents, message->contents, msg->contents_len); data/pgpool2-4.1.4/src/context/pool_session_context.c:1477:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&session_context->previous_message, message, sizeof(POOL_PENDING_MESSAGE)); data/pgpool2-4.1.4/src/include/context/pool_session_context.h:134:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[QUERY_STRING_BUFFER_LEN]; /* copy of original query */ data/pgpool2-4.1.4/src/include/context/pool_session_context.h:135:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char statement[MAX_IDENTIFIER_LEN]; /* prepared statment name if data/pgpool2-4.1.4/src/include/context/pool_session_context.h:137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portal[MAX_IDENTIFIER_LEN]; /* portal name if any */ data/pgpool2-4.1.4/src/include/context/pool_session_context.h:155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tablename[MAX_IDENTIFIER_LEN]; /* temporary table name */ data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backend_hostname[MAX_DB_HOST_NAMELEN]; /* backend host name */ data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backend_data_directory[MAX_PATH_LENGTH]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backend_application_name[NAMEDATALEN]; /* application_name for walreciever */ data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:98:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char replication_state [NAMEDATALEN]; /* "state" from pg_stat_replication */ data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:99:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char replication_sync_state [NAMEDATALEN]; /* "sync_state" from pg_stat_replication */ data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char database[SM_DATABASE]; /* Database name */ data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[SM_USER]; /* User name */ data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:178:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[POOLCONFIG_MAXNAMELEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:179:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[POOLCONFIG_MAXVALLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:180:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc[POOLCONFIG_MAXDESCLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:186:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node_id[POOLCONFIG_MAXIDLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[MAX_DB_HOST_NAMELEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:188:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port[POOLCONFIG_MAXPORTLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:189:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status[POOLCONFIG_MAXSTATLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:190:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lb_weight[POOLCONFIG_MAXWEIGHTLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:191:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char role[POOLCONFIG_MAXWEIGHTLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:192:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char select[POOLCONFIG_MAXWEIGHTLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char load_balance_node[POOLCONFIG_MAXWEIGHTLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:194:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delay[POOLCONFIG_MAXWEIGHTLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:195:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rep_state[POOLCONFIG_MAXWEIGHTLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:196:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rep_sync_state[POOLCONFIG_MAXWEIGHTLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:197:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_status_change[POOLCONFIG_MAXDATELEN]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:203:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pool_pid[POOLCONFIG_MAXCOUNTLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:204:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char start_time[POOLCONFIG_MAXDATELEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:205:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char database[POOLCONFIG_MAXIDENTLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:206:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char username[POOLCONFIG_MAXIDENTLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:207:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char create_time[POOLCONFIG_MAXDATELEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:208:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pool_counter[POOLCONFIG_MAXCOUNTLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:218:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char database[POOLCONFIG_MAXIDENTLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:219:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char username[POOLCONFIG_MAXIDENTLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/libpcp_ext.h:231:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[POOLCONFIG_MAXVALLEN + 1]; data/pgpool2-4.1.4/src/include/pcp/pcp.h:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodeName[WD_MAX_HOST_NAMELEN]; data/pgpool2-4.1.4/src/include/pcp/pcp.h:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostName[WD_MAX_HOST_NAMELEN]; /* host name */ data/pgpool2-4.1.4/src/include/pcp/pcp.h:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stateName[WD_MAX_HOST_NAMELEN]; /* state name */ data/pgpool2-4.1.4/src/include/pcp/pcp.h:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delegate_ip[WD_MAX_HOST_NAMELEN]; /* delegate IP */ data/pgpool2-4.1.4/src/include/pcp/pcp.h:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char masterNodeName[WD_MAX_HOST_NAMELEN]; data/pgpool2-4.1.4/src/include/pcp/pcp.h:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char masterHostName[WD_MAX_HOST_NAMELEN]; data/pgpool2-4.1.4/src/include/pgproto/pgproto.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1]; /* actual message (variable length) */ data/pgpool2-4.1.4/src/include/pool.h:137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char database[SM_DATABASE]; /* Database name */ data/pgpool2-4.1.4/src/include/pool.h:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[SM_USER]; /* User name */ data/pgpool2-4.1.4/src/include/pool.h:139:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char options[SM_OPTIONS]; /* Optional additional args */ data/pgpool2-4.1.4/src/include/pool.h:140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused[SM_UNUSED]; /* Unused */ data/pgpool2-4.1.4/src/include/pool.h:141:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tty[SM_TTY]; /* Tty for debug output */ data/pgpool2-4.1.4/src/include/pool.h:282:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password[MAX_PASSWORD_SIZE + 1]; /* password (sent back data/pgpool2-4.1.4/src/include/pool.h:284:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[4]; /* password salt */ data/pgpool2-4.1.4/src/include/pool.h:615:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version_string[MAX_PG_VERSION_STRING+1]; /* original version string */ data/pgpool2-4.1.4/src/include/pool_config.h:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[WD_MAX_HOST_NAMELEN]; /* host name */ data/pgpool2-4.1.4/src/include/pool_config.h:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[WD_MAX_HOST_NAMELEN]; data/pgpool2-4.1.4/src/include/pool_config.h:139:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char if_name[WD_MAX_IF_NAME_LEN]; data/pgpool2-4.1.4/src/include/pool_type.h:96:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). #define pool_atoi64 atol data/pgpool2-4.1.4/src/include/pool_type.h:159:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss_pad[128]; /* ensures struct has desired size */ data/pgpool2-4.1.4/src/include/query_cache/pool_memqcache.h:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query_hash[POOL_MD5_HASHKEYLEN]; data/pgpool2-4.1.4/src/include/query_cache/pool_memqcache.h:112:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1]; /* variable length data follows */ data/pgpool2-4.1.4/src/include/query_cache/pool_memqcache.h:135:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hashkey[POOL_MD5_HASHKEYLEN]; /* cache key (memcached data/pgpool2-4.1.4/src/include/utils/pool_relcache.h:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbname[MAX_ITEM_LENGTH]; /* database name */ data/pgpool2-4.1.4/src/include/utils/pool_relcache.h:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char relname[MAX_ITEM_LENGTH]; /* table name */ data/pgpool2-4.1.4/src/include/utils/pool_relcache.h:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[MAX_ITEM_LENGTH]; /* Query to relation */ data/pgpool2-4.1.4/src/include/utils/pool_select_walker.h:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char table_names[POOL_MAX_SELECT_OIDS][POOL_NAMEDATALEN]; /* table names */ data/pgpool2-4.1.4/src/include/watchdog/watchdog.h:137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[48]; /* ip address of socket connection */ data/pgpool2-4.1.4/src/include/watchdog/watchdog.h:165:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pgp_version[MAX_VERSION_STR_LEN]; /* Pgpool-II version */ data/pgpool2-4.1.4/src/include/watchdog/watchdog.h:169:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodeName[WD_MAX_NODE_NAMELEN]; /* name of this node */ data/pgpool2-4.1.4/src/include/watchdog/watchdog.h:170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[WD_MAX_HOST_NAMELEN]; /* host name */ data/pgpool2-4.1.4/src/include/watchdog/watchdog.h:174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delegate_ip[WD_MAX_HOST_NAMELEN]; /* delegate IP */ data/pgpool2-4.1.4/src/include/watchdog/wd_json_data.h:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodeName[WD_MAX_HOST_NAMELEN]; data/pgpool2-4.1.4/src/include/watchdog/wd_json_data.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostName[WD_MAX_HOST_NAMELEN]; /* host name */ data/pgpool2-4.1.4/src/include/watchdog/wd_json_data.h:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stateName[WD_MAX_HOST_NAMELEN]; /* watchdog state name */ data/pgpool2-4.1.4/src/include/watchdog/wd_json_data.h:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delegate_ip[WD_MAX_HOST_NAMELEN]; /* delegate IP */ data/pgpool2-4.1.4/src/include/watchdog/wd_json_data.h:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodeName[WD_MAX_HOST_NAMELEN]; /* name of the watchdog node data/pgpool2-4.1.4/src/include/watchdog/wd_lifecheck.h:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostName[128]; data/pgpool2-4.1.4/src/include/watchdog/wd_lifecheck.h:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodeName[128]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:104:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char os_user[256]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:227:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port_str[100]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:254:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(salt, buf, 4); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:278:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[4]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:280:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encrypt_buf[(MD5_PASSWD_LEN + 1) * 2]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:281:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[MD5_PASSWD_LEN + 1]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:318:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(salt, salt_ptr, 4); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:636:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ret = atoi(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:700:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). backend_info->backend_port = atoi(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:706:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). backend_info->backend_status = atoi(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:719:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). backend_info->role = atoi(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:726:33: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). backend_info->standby_delay = atol(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:747:39: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). backend_info->status_changed_time = atol(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:787:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node_id[16]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:829:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). process_count = atoi(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:845:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). process_list[i] = atoi(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:929:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ci_size = atoi(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:948:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). processInfo->pid = atoi(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:966:29: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). processInfo->start_time = atol(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:972:47: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). processInfo->connection_info->create_time = atol(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:978:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). processInfo->connection_info->major = atoi(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:984:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). processInfo->connection_info->minor = atoi(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:990:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). processInfo->connection_info->counter = atoi(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:996:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). processInfo->connection_info->backend_id = atoi(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1002:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). processInfo->connection_info->pid = atoi(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1008:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). processInfo->connection_info->connected = atoi(index); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1045:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char process_id[16]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1096:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node_id[16]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1149:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node_id[16]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1266:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node_id[16]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1317:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node_id[16]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1554:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wd_index[16]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1618:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgBuf[1024]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1840:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char homedir[MAXPGPATH]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1857:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pgpassfile[MAXPGPATH + sizeof(PCPPASSFILE) + 1]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1860:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LINELEN]; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1893:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(pgpassfile, "r"); data/pgpool2-4.1.4/src/main/health_check.c:113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char psbuffer[NI_MAXHOST]; data/pgpool2-4.1.4/src/main/health_check.c:468:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char backend_down_request_file[POOLMAXPATHLEN]; data/pgpool2-4.1.4/src/main/health_check.c:472:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuf[MAXLINE]; data/pgpool2-4.1.4/src/main/health_check.c:473:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char readbuf[MAXLINE]; data/pgpool2-4.1.4/src/main/health_check.c:474:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXLINE]; data/pgpool2-4.1.4/src/main/health_check.c:479:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status[MAXLINE]; data/pgpool2-4.1.4/src/main/health_check.c:487:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(backend_down_request_file, "r"); data/pgpool2-4.1.4/src/main/health_check.c:551:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(backend_down_request_file, "w"); data/pgpool2-4.1.4/src/main/main.c:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pcp_conf_file_path[POOLMAXPATHLEN + 1]; data/pgpool2-4.1.4/src/main/main.c:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conf_file_path[POOLMAXPATHLEN + 1]; data/pgpool2-4.1.4/src/main/main.c:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hba_file_path[POOLMAXPATHLEN + 1]; data/pgpool2-4.1.4/src/main/main.c:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pool_passwd_key_file_path[POOLMAXPATHLEN + 1 + sizeof(POOLKEYFILE) + 1]; data/pgpool2-4.1.4/src/main/main.c:335:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pool_passwd[POOLMAXPATHLEN + 1]; data/pgpool2-4.1.4/src/main/main.c:336:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirnamebuf[POOLMAXPATHLEN + 1]; data/pgpool2-4.1.4/src/main/main.c:371:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char homedir[POOLMAXPATHLEN]; data/pgpool2-4.1.4/src/main/main.c:427:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char homedir[POOLMAXPATHLEN]; data/pgpool2-4.1.4/src/main/main.c:482:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). i = open("/dev/null", O_RDWR); data/pgpool2-4.1.4/src/main/main.c:595:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidbuf[128]; data/pgpool2-4.1.4/src/main/main.c:605:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(pid_file, O_RDONLY); data/pgpool2-4.1.4/src/main/main.c:629:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return (atoi(pidbuf)); data/pgpool2-4.1.4/src/main/main.c:639:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidbuf[128]; data/pgpool2-4.1.4/src/main/main.c:650:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(pid_file, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR | S_IWUSR); data/pgpool2-4.1.4/src/main/pgpool_main.c:550:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Req_info->request[index].node_id, node_id_set, (sizeof(int) * count)); data/pgpool2-4.1.4/src/main/pgpool_main.c:779:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INET6_ADDRSTRLEN + 1]; data/pgpool2-4.1.4/src/main/pgpool_main.c:921:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[NI_MAXHOST], data/pgpool2-4.1.4/src/main/pgpool_main.c:1732:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node_id_set, Req_info->request[queue_index].node_id, (sizeof(int) * Req_info->request[queue_index].count)); data/pgpool2-4.1.4/src/main/pgpool_main.c:2982:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port_buf[6]; data/pgpool2-4.1.4/src/main/pgpool_main.c:2983:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2]; data/pgpool2-4.1.4/src/main/pgpool_main.c:3233:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[1024]; data/pgpool2-4.1.4/src/main/pgpool_main.c:3234:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port[1024]; data/pgpool2-4.1.4/src/main/pgpool_main.c:3338:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). backend_info->backend_port == atoi(port)) data/pgpool2-4.1.4/src/main/pgpool_main.c:3725:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnamebuf[POOLMAXPATHLEN]; data/pgpool2-4.1.4/src/main/pgpool_main.c:3740:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(fnamebuf, "r"); data/pgpool2-4.1.4/src/main/pgpool_main.c:3812:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char readbuf[MAXLINE]; data/pgpool2-4.1.4/src/main/pgpool_main.c:3814:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(fnamebuf, "r"); data/pgpool2-4.1.4/src/main/pgpool_main.c:3885:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnamebuf[POOLMAXPATHLEN]; data/pgpool2-4.1.4/src/main/pgpool_main.c:3886:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/pgpool2-4.1.4/src/main/pgpool_main.c:3922:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(fnamebuf, "w"); data/pgpool2-4.1.4/src/main/pgpool_main.c:4414:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). server_versions[node_id] = atoi(res->data[0]); data/pgpool2-4.1.4/src/parser/copyfuncs.c:62:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newnode->fldname, from->fldname, _size); \ data/pgpool2-4.1.4/src/parser/copyfuncs.c:5720:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, a, size); data/pgpool2-4.1.4/src/parser/gram.c:25910:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/pgpool2-4.1.4/src/parser/gram.c:26121:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/pgpool2-4.1.4/src/parser/gram_minimal.c:25565:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/pgpool2-4.1.4/src/parser/gram_minimal.c:25776:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/pgpool2-4.1.4/src/parser/makefuncs.c:278:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tle, src_tle, sizeof(TargetEntry)); data/pgpool2-4.1.4/src/parser/outfuncs.c:717:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n[10]; data/pgpool2-4.1.4/src/parser/outfuncs.c:1759:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/pgpool2-4.1.4/src/parser/outfuncs.c:1765:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", value->val.ival); data/pgpool2-4.1.4/src/parser/outfuncs.c:1828:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/pgpool2-4.1.4/src/parser/outfuncs.c:1838:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/pgpool2-4.1.4/src/parser/outfuncs.c:1844:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", node->val.val.ival); data/pgpool2-4.1.4/src/parser/outfuncs.c:3040:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/pgpool2-4.1.4/src/parser/outfuncs.c:3059:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/pgpool2-4.1.4/src/parser/outfuncs.c:3313:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/pgpool2-4.1.4/src/parser/outfuncs.c:3507:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/pgpool2-4.1.4/src/parser/outfuncs.c:3879:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/pgpool2-4.1.4/src/parser/outfuncs.c:4141:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/pgpool2-4.1.4/src/parser/outfuncs.c:4912:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/pgpool2-4.1.4/src/parser/outfuncs.c:5142:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/pgpool2-4.1.4/src/parser/outfuncs.c:6290:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, str->data, str->len); data/pgpool2-4.1.4/src/parser/pool_string.c:45:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string->data, str, string->len); data/pgpool2-4.1.4/src/parser/pool_string.c:73:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(string->data + string->len, append_data, len); data/pgpool2-4.1.4/src/parser/pool_string.c:92:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy->data, string->data, string->size * STRING_SIZE); data/pgpool2-4.1.4/src/parser/scan.c:2314:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). yylval->ival = atol(yytext + 1); data/pgpool2-4.1.4/src/parser/scan.c:3655:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(yyext->scanbuf, str, slen); data/pgpool2-4.1.4/src/parser/scan.c:3705:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(yyextra->literalbuf + yyextra->literallen, ytext, yleng); data/pgpool2-4.1.4/src/parser/scan.c:3736:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, yyextra->literalbuf, llen); data/pgpool2-4.1.4/src/parser/scan.c:3818:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8]; data/pgpool2-4.1.4/src/parser/scansup.c:202:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NAMEDATALEN]; data/pgpool2-4.1.4/src/parser/scansup.c:204:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, ident, len); data/pgpool2-4.1.4/src/parser/snprintf.c:234:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char onebyte[1]; data/pgpool2-4.1.4/src/parser/snprintf.c:303:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; /* size is arbitrary */ data/pgpool2-4.1.4/src/parser/snprintf.c:768:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[PG_STRERROR_R_BUFLEN]; data/pgpool2-4.1.4/src/parser/snprintf.c:1060:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[64]; data/pgpool2-4.1.4/src/parser/snprintf.c:1063:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. vallen = sprintf(convert, "%p", value); data/pgpool2-4.1.4/src/parser/snprintf.c:1080:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[64]; data/pgpool2-4.1.4/src/parser/snprintf.c:1183:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[8]; data/pgpool2-4.1.4/src/parser/snprintf.c:1184:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[1024]; data/pgpool2-4.1.4/src/parser/snprintf.c:1211:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(convert, "NaN"); data/pgpool2-4.1.4/src/parser/snprintf.c:1233:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(convert, "Infinity"); data/pgpool2-4.1.4/src/parser/snprintf.c:1329:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[8]; data/pgpool2-4.1.4/src/parser/snprintf.c:1330:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[64]; data/pgpool2-4.1.4/src/parser/snprintf.c:1356:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(convert, "NaN"); data/pgpool2-4.1.4/src/parser/snprintf.c:1373:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(convert, "Infinity"); data/pgpool2-4.1.4/src/parser/stringinfo.c:224:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str->data + str->len, data, datalen); data/pgpool2-4.1.4/src/parser/stringinfo.c:250:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str->data + str->len, data, datalen); data/pgpool2-4.1.4/src/parser/wchar.c:2118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8 * 5 + 1]; data/pgpool2-4.1.4/src/parser/wchar.c:2128:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "0x%02x", (unsigned char) mbstr[j]); data/pgpool2-4.1.4/src/parser/wchar.c:2151:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8 * 5 + 1]; data/pgpool2-4.1.4/src/parser/wchar.c:2161:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "0x%02x", (unsigned char) mbstr[j]); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:100:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char salt[4]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:403:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packet_username[MAX_USER_PASSWD_LEN + 1]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:404:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char packet_password[MAX_USER_PASSWD_LEN + 1]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:405:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char encrypt_buf[(MD5_PASSWD_LEN + 1) * 2]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:406:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_username[MAX_USER_PASSWD_LEN + 1]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:407:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_password[MAX_USER_PASSWD_LEN + 1]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:409:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[MAX_FILE_LINE_LEN + 1]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:425:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(passwd_file, "r"); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:455:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file_username, line, len); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:476:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file_password, line + strlen(file_username) + 1, len); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:612:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char process_count_str[16]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:628:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char process_id[7]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:662:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). proc_id = atoi(buf); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:674:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char con_info_size[16]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:703:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proc_pid[16]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:704:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proc_start_time[20]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:705:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proc_create_time[20]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:706:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char majorversion[5]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:707:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char minorversion[5]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:708:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pool_counter[16]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:709:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backend_id[16]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:710:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backend_pid[16]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:711:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connected[2]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:784:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wd_index = atoi(buf); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:820:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port_str[6]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:821:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status[2]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:822:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char weight_str[20]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:823:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char role_str[10]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:824:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char standby_delay_str[20]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:825:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status_changed_time_str[20]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:830:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). node_id = atoi(buf); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:898:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[16]; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:931:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). node_id = atoi(buf); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:952:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). node_id = atoi(buf); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:972:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int node_id = atoi(buf); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:1094:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). node_id = atoi(buf); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:1256:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *valid_val = (char *) ordered_valid_values[i]; data/pgpool2-4.1.4/src/pcp_con/recovery.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char recovery_command[1024]; data/pgpool2-4.1.4/src/pcp_con/recovery.c:341:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port_str[16]; data/pgpool2-4.1.4/src/pcp_con/recovery.c:440:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port_str[16]; data/pgpool2-4.1.4/src/protocol/CommandComplete.c:107:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p1, p, len); data/pgpool2-4.1.4/src/protocol/CommandComplete.c:140:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p1, p, len); data/pgpool2-4.1.4/src/protocol/CommandComplete.c:417:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(rows); data/pgpool2-4.1.4/src/protocol/CommandComplete.c:490:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[128]; data/pgpool2-4.1.4/src/protocol/child.c:115:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_ps_data[NI_MAXHOST + NI_MAXSERV + 2]; /* used for set_ps_display */ data/pgpool2-4.1.4/src/protocol/child.c:119:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_host[NI_MAXHOST]; /* client host */ data/pgpool2-4.1.4/src/protocol/child.c:120:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_port[NI_MAXSERV]; /* client port */ data/pgpool2-4.1.4/src/protocol/child.c:141:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char psbuf[NI_MAXHOST + 128]; data/pgpool2-4.1.4/src/protocol/child.c:604:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sp_sort,sp->startup_packet,len); data/pgpool2-4.1.4/src/protocol/child.c:631:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, tmpopt ,strlen(tmpopt) + 1); /* memcpy option name */ data/pgpool2-4.1.4/src/protocol/child.c:634:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, tmpopt ,strlen(tmpopt) + 1); /* memcpy option value */ data/pgpool2-4.1.4/src/protocol/child.c:788:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command_buf[1024]; data/pgpool2-4.1.4/src/protocol/child.c:955:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_sp->startup_packet, sp->startup_packet, sp->len); data/pgpool2-4.1.4/src/protocol/child.c:1351:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[MAX_USER_AND_DATABASE]; data/pgpool2-4.1.4/src/protocol/child.c:1885:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &rmask, (char *) &readmask, sizeof(fd_set)); data/pgpool2-4.1.4/src/protocol/child.c:2282:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cp->raddr, saddr, sizeof(SockAddr)); data/pgpool2-4.1.4/src/protocol/child.c:2470:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int tmp = atoi(str); data/pgpool2-4.1.4/src/protocol/child.c:2546:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[VERSION_BUF_SIZE]; data/pgpool2-4.1.4/src/protocol/child.c:2614:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). major = atoi(buf); data/pgpool2-4.1.4/src/protocol/child.c:2643:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). major = major * 10 + atoi(buf); data/pgpool2-4.1.4/src/protocol/child.c:2659:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minor = atoi(buf); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:712:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p1, p, len); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:828:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[256]; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:887:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parambuf[1024]; /* parameter + value string buffer. XXX is data/pgpool2-4.1.4/src/protocol/pool_process_query.c:926:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(parambuf, p, len); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1295:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[MAXDATA]; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1296:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[MAXMSGBUF + 1]; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1309:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + len, msgbuf, thislen + 1); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1315:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + len, msgbuf, thislen + 1); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1321:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + len, msgbuf, thislen + 1); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1329:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + len, msgbuf, thislen + 1); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1338:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + len, msgbuf, thislen + 1); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1345:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + len, msgbuf, thislen + 1); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1351:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + len, msgbuf, thislen + 1); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1667:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[1024] = "pgpool_error_portal"; /* large enough */ data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1669:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; /* memory space is large enough */ data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1693:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &kind, sizeof(kind)); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1704:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &len, sizeof(len)); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1724:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, string, len); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1745:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, string, len); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1852:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nullmap[8192]; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1887:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prepared_name[256]; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2197:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&shortval, p, sizeof(short)); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2227:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attrinfo->attrname, p, len); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2229:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&intval, p, sizeof(int)); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2232:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&shortval, p, sizeof(short)); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2235:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&intval, p, sizeof(int)); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2238:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&shortval, p, sizeof(short)); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2241:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&intval, p, sizeof(int)); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2251:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attrinfo->attrname, p, len); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2275:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&shortval, p, sizeof(short)); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2307:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&intval, p, sizeof(int)); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2316:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res->data[num_data], p, len); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2340:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res->data[num_data], p, len); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2525:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qbuf[1024]; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2529:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char seq_rel_name[MAX_NAME_LEN + 1]; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2888:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qbuf[QUERY_STRING_BUFFER_LEN]; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2928:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qbuf[QUERY_STRING_BUFFER_LEN]; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2960:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char table[MAX_NAME_LEN + 1]; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:3176:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char kind_list[MAX_NUM_BACKENDS]; /* records each backend's kind */ data/pgpool2-4.1.4/src/protocol/pool_process_query.c:3177:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char kind_map[256]; /* records which kind gets majority. 256 data/pgpool2-4.1.4/src/protocol/pool_process_query.c:3599:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:3793:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char psbuf[1024]; data/pgpool2-4.1.4/src/protocol/pool_proto2.c:41:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nullmap[8192], data/pgpool2-4.1.4/src/protocol/pool_proto2.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[1024]; data/pgpool2-4.1.4/src/protocol/pool_proto2.c:62:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nullmap1, nullmap, nbytes); data/pgpool2-4.1.4/src/protocol/pool_proto2.c:168:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nullmap[8192], data/pgpool2-4.1.4/src/protocol/pool_proto2.c:189:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nullmap1, nullmap, nbytes); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:82:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query_string_buffer[QUERY_STRING_BUFFER_LEN]; data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:690:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[1024] = POOL_ERROR_QUERY; /* large enough */ data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:814:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hex_str[4]; /* 02X chars + white space + null end */ data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:934:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[1024] = "pgpool_error_portal"; /* large enough */ data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1204:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(contents + strlen(name) + strlen(rewrite_query) + 2, data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1736:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(query_context->where_to_send, where_to_send_save, sizeof(where_to_send_save)); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1833:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[128]; data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:2286:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p1, p, len); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:2346:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy[2]; data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:2512:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(contents, bufp, len); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:2521:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(contents, "", 1); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:2617:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&oid, contents, sizeof(int)); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:3038:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:3418:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(backup, qc->where_to_send, sizeof(qc->where_to_send)); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:3426:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message_body[1024]; data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:3556:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(qc->where_to_send, backup, sizeof(backup)); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:3563:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(qc->where_to_send, backup, sizeof(backup)); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:240:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpkey[MAX_KEY]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:270:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cachekey.hashkey, tmpkey, 32); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:350:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpkey[MAX_KEY]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:380:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cachekey.hashkey, tmpkey, 32); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:455:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpkey[MAX_KEY]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:530:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, ptr, *len); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1421:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[1024]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1449:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rtn[num_oids] = atol(dp->d_name); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1535:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[1024]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1553:10: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dboid = atol(res->data[0]); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1572:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[1024]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1637:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR)) == -1) data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1731:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1024]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1746:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1024]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1774:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[1024]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1842:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_RDONLY)) == -1) data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1892:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delbuf[33]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1894:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(delbuf, buf.hashkey, 32); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:2491:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, total_length); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:2498:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, sizeof(POOL_CACHE_ITEM_POINTER)); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:2527:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p + sizeof(POOL_CACHE_BLOCK_HEADER), data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:2574:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item, &ci, sizeof(POOL_CACHE_ITEM_HEADER)); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:2578:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item + sizeof(POOL_CACHE_ITEM_HEADER), data, size); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:2582:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cip_body.query_hash, query_hash, sizeof(POOL_QUERY_HASH)); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:2586:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item_pointer(p, bh->num_items), &cip_body, sizeof(POOL_CACHE_ITEM_POINTER)); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:2785:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&key, &cip->query_hash, sizeof(POOL_QUERY_HASH)); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:3287:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->buf + buffer->buflen, data, len); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:3315:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, buffer->buf, buffer->buflen); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:3779:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mystats, stats, sizeof(POOL_QUERY_CACHE_STATS)); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4016:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[POOL_MD5_HASHKEYLEN + 1]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4018:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(md5, key->query_hash, POOL_MD5_HASHKEYLEN); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4031:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[POOL_MD5_HASHKEYLEN + 1]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4033:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(md5, key->query_hash, POOL_MD5_HASHKEYLEN); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4075:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[POOL_MD5_HASHKEYLEN + 1]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4077:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(md5, key->query_hash, POOL_MD5_HASHKEYLEN); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4097:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[POOL_MD5_HASHKEYLEN + 1]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4101:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(md5, key->query_hash, POOL_MD5_HASHKEYLEN); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4110:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) &element->cacheid, cacheid, sizeof(POOL_CACHEID)); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4133:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) new_element->hashkey.query_hash, key->query_hash, POOL_MD5_HASHKEYLEN); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4134:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) &new_element->cacheid, cacheid, sizeof(POOL_CACHEID)); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4180:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[POOL_MD5_HASHKEYLEN + 1]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4182:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(md5, key->query_hash, POOL_MD5_HASHKEYLEN); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4207:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[POOL_HASH_NCHARS + 1]; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:4210:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(md5, key->query_hash, POOL_HASH_NCHARS); data/pgpool2-4.1.4/src/rewrite/pool_lobj.c:67:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rewritten_packet[LO_CREATE_PACKET_LENGTH]; data/pgpool2-4.1.4/src/rewrite/pool_lobj.c:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qbuf[1024]; data/pgpool2-4.1.4/src/rewrite/pool_lobj.c:207:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lobjid = atoi(result->data[0]); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:485:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char timestamp[64]; data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1084:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy_to, copy_from, copy_len); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1090:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy_to, copy_from, copy_len); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1097:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp2, copy_from, sizeof(int16)); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1123:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy_to, &tmp2, copy_len); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1134:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&org_format_code, copy_from, sizeof(int16)); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1139:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy_to, &org_format_code, sizeof(int16)); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1147:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy_to, copy_from, copy_len); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1160:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp2, copy_from, sizeof(int16)); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1164:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy_to, &tmp2, sizeof(int16)); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1172:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp4, copy_from + copy_len, sizeof(int32)); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1185:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy_to, copy_from, copy_len); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1193:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy_to, &tmp4, sizeof(int32)); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1195:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy_to, ts, ts_len); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1200:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp2, copy_from, sizeof(int16)); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1203:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy_to, copy_from, copy_len); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1223:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[1024]; data/pgpool2-4.1.4/src/sql/pgpool-recovery/pgpool-recovery.c:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char recovery_script[1024]; data/pgpool2-4.1.4/src/sql/pgpool-recovery/pgpool-recovery.c:57:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char command_text[1024]; data/pgpool2-4.1.4/src/sql/pgpool-recovery/pgpool-recovery.c:229:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/pgpool2-4.1.4/src/sql/pgpool_adm/pgpool_adm.c:95:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(strVal(def->arg)); data/pgpool2-4.1.4/src/sql/pgpool_adm/pgpool_adm.c:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datebuf[20]; data/pgpool2-4.1.4/src/sql/pgpool_adm/pgpool_adm.c:366:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[3]; data/pgpool2-4.1.4/src/streaming_replication/pool_worker_child.c:339:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). server_version[i] = atoi(res->data[0]); data/pgpool2-4.1.4/src/test/parser/main.c:23:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024], data/pgpool2-4.1.4/src/test/parser/main.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/pgpool2-4.1.4/src/test/regression/tests/010.rewrite_timestamp/timestamp/main.c:111:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *data[1] = { data/pgpool2-4.1.4/src/tools/fe_port.c:156:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char strbuf[MAXSTRFTIME]; data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:220:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nodeID = atoi(optarg); data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:240:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(optarg); data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:249:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). processID = atoi(optarg); data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:283:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). processID = atoi(argv[optind]); data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:292:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nodeID = atoi(argv[optind]); data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:301:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nodeID = atoi(argv[optind]); data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:470:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_status_change[20]; data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:572:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strcreatetime[128]; data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:573:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strstarttime[128]; data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:859:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char formatbuf[8192]; data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:871:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:872:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[64]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conf_file[POOLMAXPATHLEN + 1]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char enc_key[MAX_POOL_KEY_LEN + 1]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pg_pass[MAX_PGPASS_LEN + 1]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char username[MAX_USER_NAME_LEN + 1]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_file_path[POOLMAXPATHLEN + sizeof(POOLKEYFILE) + 1]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:156:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_PGPASS_LEN]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:201:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_POOL_KEY_LEN]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:265:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ciphertext[MAX_ENCODED_PASSWD_LEN]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:266:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b64_enc[MAX_ENCODED_PASSWD_LEN]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:280:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b64_dec[MAX_ENCODED_PASSWD_LEN]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:281:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char plaintext[MAX_PGPASS_LEN]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:300:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pool_passwd[MAX_PGPASS_LEN + 1]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:301:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirnamebuf[POOLMAXPATHLEN + 1]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:305:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ciphertext[MAX_ENCODED_PASSWD_LEN]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:306:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b64_enc[MAX_ENCODED_PASSWD_LEN]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:365:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char homedir[POOLMAXPATHLEN]; data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:449:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char homedir[POOLMAXPATHLEN]; data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conf_file[POOLMAXPATHLEN + 1]; data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char username[MAX_INPUT_SIZE + 1]; data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:122:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[MD5_PASSWD_LEN + 1]; data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:123:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_INPUT_SIZE + 1]; data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:162:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[POOL_PASSWD_LEN + 1]; data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:196:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[POOL_PASSWD_LEN + 1]; data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:197:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pool_passwd[POOLMAXPATHLEN + 1]; data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:198:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirnamebuf[POOLMAXPATHLEN + 1]; data/pgpool2-4.1.4/src/tools/pgproto/buffer.c:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char intbuf[128]; data/pgpool2-4.1.4/src/tools/pgproto/extended_query.c:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *paramvals[MAXENTRIES]; data/pgpool2-4.1.4/src/tools/pgproto/extended_query.c:236:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). send_int(atoi(paramvals[i]), conn); data/pgpool2-4.1.4/src/tools/pgproto/main.c:122:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). read_nap = atoi(optarg); data/pgpool2-4.1.4/src/tools/pgproto/main.c:183:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fd = fopen(filename, "r"); data/pgpool2-4.1.4/src/tools/pgproto/main.c:200:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conninfo[1024]; data/pgpool2-4.1.4/src/tools/pgproto/main.c:474:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *paramvals[MAXENTRIES]; data/pgpool2-4.1.4/src/utils/error/elog.c:111:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char OutputFileName[1024]; /* debugging output file */ data/pgpool2-4.1.4/src/utils/error/elog.c:1172:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newedata, edata, sizeof(ErrorData)); data/pgpool2-4.1.4/src/utils/error/elog.c:1293:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newedata, edata, sizeof(ErrorData)); data/pgpool2-4.1.4/src/utils/error/elog.c:1522:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PG_SYSLOG_LIMIT + 1]; data/pgpool2-4.1.4/src/utils/error/elog.c:1542:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, line, buflen); data/pgpool2-4.1.4/src/utils/error/elog.c:1807:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[MAXDATA]; data/pgpool2-4.1.4/src/utils/error/elog.c:1808:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgbuf[MAXMSGBUF + 1]; data/pgpool2-4.1.4/src/utils/error/elog.c:1820:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + len, msgbuf, thislen + 1); data/pgpool2-4.1.4/src/utils/error/elog.c:1826:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + len, msgbuf, thislen + 1); data/pgpool2-4.1.4/src/utils/error/elog.c:1832:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + len, msgbuf, thislen + 1); data/pgpool2-4.1.4/src/utils/error/elog.c:1840:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + len, msgbuf, thislen + 1); data/pgpool2-4.1.4/src/utils/error/elog.c:1849:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + len, msgbuf, thislen + 1); data/pgpool2-4.1.4/src/utils/error/elog.c:1856:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + len, msgbuf, thislen + 1); data/pgpool2-4.1.4/src/utils/error/elog.c:1862:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + len, msgbuf, thislen + 1); data/pgpool2-4.1.4/src/utils/error/elog.c:2081:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strbuf[129]; data/pgpool2-4.1.4/src/utils/error/elog.c:2291:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errorstr_buf[48]; data/pgpool2-4.1.4/src/utils/error/elog.c:2454:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[2048]; /* Arbitrary size? */ data/pgpool2-4.1.4/src/utils/json.c:303:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&state.settings, settings, sizeof(json_settings)); data/pgpool2-4.1.4/src/utils/json.c:1024:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(error, "Memory allocation failure"); data/pgpool2-4.1.4/src/utils/json.c:1040:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(error_buf, "Unknown error"); data/pgpool2-4.1.4/src/utils/mmgr/aset.c:242:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char LogTable256[256] = data/pgpool2-4.1.4/src/utils/mmgr/aset.c:1102:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newPointer, pointer, oldsize); data/pgpool2-4.1.4/src/utils/mmgr/mcxt.c:1079:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nstr, string, len); data/pgpool2-4.1.4/src/utils/mmgr/mcxt.c:1100:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, in, len); data/pgpool2-4.1.4/src/utils/pcp/pcp_stream.c:103:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char readbuf[READBUFSZ]; data/pgpool2-4.1.4/src/utils/pcp/pcp_stream.c:185:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pc->wbuf + pc->wbufpo, buf, len); data/pgpool2-4.1.4/src/utils/pool_ip.c:444:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mask, &mask4, sizeof(mask4)); data/pgpool2-4.1.4/src/utils/pool_ip.c:470:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mask, &mask6, sizeof(mask6)); data/pgpool2-4.1.4/src/utils/pool_ip.c:511:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, &addr6, sizeof(addr6)); data/pgpool2-4.1.4/src/utils/pool_ip.c:548:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, &addr6, sizeof(addr6)); data/pgpool2-4.1.4/src/utils/pool_path.c:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pwdbuf[BUFSIZ]; data/pgpool2-4.1.4/src/utils/pool_path.c:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pwdbuf[BUFSIZ]; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[64]; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1063:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nullmap[2] = {0xff, 0xff}; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1126:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nullmap[2] = {0xff, 0xff}; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1161:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nullmap[2] = {0xff, 0xff}; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1308:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nullmap[2] = {0xff, 0xff}; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1532:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nullmap[2] = {0xff, 0xff}; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1537:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proc_pid[16]; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1538:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pool_id[16]; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1539:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proc_start_time[20]; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1540:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proc_create_time[20]; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1541:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char majorversion[5]; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1542:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char minorversion[5]; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1543:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pool_counter[16]; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1544:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backend_id[16]; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1545:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backend_pid[16]; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1546:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connected[2]; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1723:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nullmap[2] = {0xff, 0xff}; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1838:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nullmap[2] = {0xff, 0xff}; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1890:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char nullmap[2] = {0xff, 0xff}; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1900:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[POOL_CACHE_STATS_MAX_STRING_LEN + 1]; data/pgpool2-4.1.4/src/utils/pool_relcache.c:109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[1024]; data/pgpool2-4.1.4/src/utils/pool_relcache.c:354:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rel[MAX_ITEM_LENGTH]; data/pgpool2-4.1.4/src/utils/pool_relcache.c:382:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return (void *) atol(res->data[0]); data/pgpool2-4.1.4/src/utils/pool_relcache.c:445:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res->data[i], p, res->nullflags[i]); data/pgpool2-4.1.4/src/utils/pool_relcache.c:489:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &res->rowdesc->num_attrs, sizeof(int)); data/pgpool2-4.1.4/src/utils/pool_relcache.c:491:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &res->numrows, sizeof(int)); data/pgpool2-4.1.4/src/utils/pool_relcache.c:496:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, res->nullflags, sizeof(int) * array_size); data/pgpool2-4.1.4/src/utils/pool_relcache.c:503:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, res->data[i], res->nullflags[i]); data/pgpool2-4.1.4/src/utils/pool_select_walker.c:1270:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tablename[POOL_NAMEDATALEN * 2 + 1 + 2 * 2 + 1]; data/pgpool2-4.1.4/src/utils/pool_ssl.c:395:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errbuf[32]; data/pgpool2-4.1.4/src/utils/pool_ssl.c:796:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "r")) == NULL) data/pgpool2-4.1.4/src/utils/pool_stream.c:158:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char readbuf[READBUFSZ]; data/pgpool2-4.1.4/src/utils/pool_stream.c:465:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. c = ((char *) buf)[0]; data/pgpool2-4.1.4/src/utils/pool_stream.c:475:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. c = ((char *) buf)[0]; data/pgpool2-4.1.4/src/utils/pool_stream.c:518:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp->wbuf + cp->wbufpo, buf, remainder); data/pgpool2-4.1.4/src/utils/pool_stream.c:878:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pbuf[READBUFSZ]; data/pgpool2-4.1.4/src/utils/pool_stream.c:1249:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, data, len); data/pgpool2-4.1.4/src/utils/ps_status.c:101:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ps_buffer[PS_BUFFER_SIZE]; data/pgpool2-4.1.4/src/utils/ps_status.c:342:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PS_BUFFER_SIZE + 32]; data/pgpool2-4.1.4/src/utils/ps_status.c:396:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char psbuf[1024]; data/pgpool2-4.1.4/src/utils/scram-common.c:127:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, Ui_prev, SCRAM_KEY_LEN); data/pgpool2-4.1.4/src/utils/scram-common.c:137:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Ui_prev, Ui, SCRAM_KEY_LEN); data/pgpool2-4.1.4/src/utils/scram-common.c:226:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p = result + sprintf(result, "SCRAM-SHA-256$%d:", iterations); data/pgpool2-4.1.4/src/utils/sha2.c:265:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state, sha256_initial_hash_value, PG_SHA256_DIGEST_LENGTH); data/pgpool2-4.1.4/src/utils/sha2.c:476:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, freespace); data/pgpool2-4.1.4/src/utils/sha2.c:485:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, len); data/pgpool2-4.1.4/src/utils/sha2.c:503:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->buffer, data, len); data/pgpool2-4.1.4/src/utils/sha2.c:577:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state, PG_SHA256_DIGEST_LENGTH); data/pgpool2-4.1.4/src/utils/sha2.c:591:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state, sha512_initial_hash_value, PG_SHA512_DIGEST_LENGTH); data/pgpool2-4.1.4/src/utils/sha2.c:802:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, freespace); data/pgpool2-4.1.4/src/utils/sha2.c:811:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, len); data/pgpool2-4.1.4/src/utils/sha2.c:829:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->buffer, data, len); data/pgpool2-4.1.4/src/utils/sha2.c:906:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state, PG_SHA512_DIGEST_LENGTH); data/pgpool2-4.1.4/src/utils/sha2.c:920:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state, sha384_initial_hash_value, PG_SHA512_DIGEST_LENGTH); data/pgpool2-4.1.4/src/utils/sha2.c:951:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state, PG_SHA384_DIGEST_LENGTH); data/pgpool2-4.1.4/src/utils/sha2.c:964:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state, sha224_initial_hash_value, PG_SHA256_DIGEST_LENGTH); data/pgpool2-4.1.4/src/utils/sha2.c:994:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state, PG_SHA224_DIGEST_LENGTH); data/pgpool2-4.1.4/src/utils/sprompt.c:92:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). termin = fopen("CONIN$", "r"); data/pgpool2-4.1.4/src/utils/sprompt.c:93:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). termout = fopen("CONOUT$", "w+"); data/pgpool2-4.1.4/src/utils/sprompt.c:100:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). termin = fopen("/dev/tty", "r"); data/pgpool2-4.1.4/src/utils/sprompt.c:101:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). termout = fopen("/dev/tty", "w"); data/pgpool2-4.1.4/src/utils/sprompt.c:162:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/pgpool2-4.1.4/src/utils/ssl_utils.c:57:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[EVP_MAX_KEY_LENGTH], data/pgpool2-4.1.4/src/utils/ssl_utils.c:70:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[EVP_MAX_KEY_LENGTH], data/pgpool2-4.1.4/src/utils/ssl_utils.c:220:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[WD_AUTH_HASH_LEN / 2]; data/pgpool2-4.1.4/src/watchdog/watchdog.c:153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/pgpool2-4.1.4/src/watchdog/watchdog.c:2385:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipcCommand->sourcePacket.data, pkt->data, pkt->len); data/pgpool2-4.1.4/src/watchdog/watchdog.c:2587:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(failoverObj->nodeList, node_id_list, sizeof(int) * node_count); data/pgpool2-4.1.4/src/watchdog/watchdog.c:3602:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char authhash[WD_AUTH_HASH_LEN + 1]; data/pgpool2-4.1.4/src/watchdog/watchdog.c:3615:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char authhash[WD_AUTH_HASH_LEN + 1]; data/pgpool2-4.1.4/src/watchdog/watchdog.c:4760:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clusterCommand->commandPacket.data, pkt->data, pkt->len); data/pgpool2-4.1.4/src/watchdog/watchdog.c:7279:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodeStr[WD_MAX_PACKET_STRING + 1]; data/pgpool2-4.1.4/src/watchdog/watchdog.c:7299:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char calculated_authhash[WD_AUTH_HASH_LEN + 1]; data/pgpool2-4.1.4/src/watchdog/watchdog.c:7301:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nodeStr[WD_MAX_PACKET_STRING]; data/pgpool2-4.1.4/src/watchdog/watchdog.c:7784:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[100]; data/pgpool2-4.1.4/src/watchdog/watchdog.c:7851:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char wd_debug_request_file[POOLMAXPATHLEN]; data/pgpool2-4.1.4/src/watchdog/watchdog.c:7855:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char readbuf[MAXLINE]; data/pgpool2-4.1.4/src/watchdog/watchdog.c:7865:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(wd_debug_request_file, "r"); data/pgpool2-4.1.4/src/watchdog/wd_commands.c:80:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wd_ipc_sock_addr[255]; data/pgpool2-4.1.4/src/watchdog/wd_heartbeat.c:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from[WD_MAX_HOST_NAMELEN]; data/pgpool2-4.1.4/src/watchdog/wd_heartbeat.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hash[WD_AUTH_HASH_LEN + 1]; data/pgpool2-4.1.4/src/watchdog/wd_heartbeat.c:347:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char from[WD_MAX_HOST_NAMELEN]; data/pgpool2-4.1.4/src/watchdog/wd_heartbeat.c:349:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[WD_AUTH_HASH_LEN + 1]; data/pgpool2-4.1.4/src/watchdog/wd_heartbeat.c:350:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pack_str[WD_MAX_PACKET_STRING]; data/pgpool2-4.1.4/src/watchdog/wd_heartbeat.c:483:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pack_str[WD_MAX_PACKET_STRING]; data/pgpool2-4.1.4/src/watchdog/wd_if.c:107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[WD_MAX_PATH_LEN]; data/pgpool2-4.1.4/src/watchdog/wd_if.c:192:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[WD_MAX_PATH_LEN]; data/pgpool2-4.1.4/src/watchdog/wd_if.c:260:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *args[24]; data/pgpool2-4.1.4/src/watchdog/wd_if.c:400:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/pgpool2-4.1.4/src/watchdog/wd_if.c:474:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:545:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wdNode->wd_data_major_version = atoi(ptr); data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:551:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wdNode->wd_data_minor_version = atoi(ptr); data/pgpool2-4.1.4/src/watchdog/wd_lifecheck.c:921:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char conninfo[1024]; data/pgpool2-4.1.4/src/watchdog/wd_ping.c:99:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *args[8]; data/pgpool2-4.1.4/src/watchdog/wd_ping.c:103:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ping_path[WD_MAX_PATH_LEN]; data/pgpool2-4.1.4/src/watchdog/wd_ping.c:178:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[WD_MAX_PING_RESULT]; data/pgpool2-4.1.4/src/watchdog/wd_utils.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[128]; data/pgpool2-4.1.4/src/watchdog/wd_utils.c:173:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pass[(MAX_PASSWORD_SIZE + 1) / 2]; data/pgpool2-4.1.4/src/watchdog/wd_utils.c:174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char username[(MAX_PASSWORD_SIZE + 1) / 2]; data/pgpool2-4.1.4/src/watchdog/wd_utils.c:178:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_buf[(MD5_PASSWD_LEN + 1) * 2]; data/pgpool2-4.1.4/src/watchdog/wd_utils.c:201:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, tmp_buf, MD5_PASSWD_LEN); data/pgpool2-4.1.4/src/watchdog/wd_utils.c:241:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newstr, oldstr, tok - oldstr); data/pgpool2-4.1.4/src/watchdog/wd_utils.c:242:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newstr + (tok - oldstr), replacement, rep_len); data/pgpool2-4.1.4/src/watchdog/wd_utils.c:243:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newstr + (tok - oldstr) + rep_len, tok + pat_len, strlen(oldstr) - pat_len - (tok - oldstr)); data/pgpool2-4.1.4/src/auth/auth-scram.c:364:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (inputlen != strlen(input)) data/pgpool2-4.1.4/src/auth/auth-scram.c:444:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *outputlen = strlen(*output); data/pgpool2-4.1.4/src/auth/auth-scram.c:499:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). salt = palloc(pg_b64_dec_len(strlen(encoded_salt))); data/pgpool2-4.1.4/src/auth/auth-scram.c:500:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). saltlen = pg_b64_decode(encoded_salt, strlen(encoded_salt), salt); data/pgpool2-4.1.4/src/auth/auth-scram.c:574:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). decoded_salt_buf = palloc(pg_b64_dec_len(strlen(salt_str))); data/pgpool2-4.1.4/src/auth/auth-scram.c:575:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). decoded_len = pg_b64_decode(salt_str, strlen(salt_str), decoded_salt_buf); data/pgpool2-4.1.4/src/auth/auth-scram.c:585:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pg_b64_dec_len(strlen(storedkey_str) != SCRAM_KEY_LEN)) data/pgpool2-4.1.4/src/auth/auth-scram.c:587:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). decoded_len = pg_b64_decode(storedkey_str, strlen(storedkey_str), data/pgpool2-4.1.4/src/auth/auth-scram.c:592:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pg_b64_dec_len(strlen(serverkey_str) != SCRAM_KEY_LEN)) data/pgpool2-4.1.4/src/auth/auth-scram.c:594:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). decoded_len = pg_b64_decode(serverkey_str, strlen(serverkey_str), data/pgpool2-4.1.4/src/auth/auth-scram.c:934:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int client_nonce_len = strlen(state->client_nonce); data/pgpool2-4.1.4/src/auth/auth-scram.c:935:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int server_nonce_len = strlen(state->server_nonce); data/pgpool2-4.1.4/src/auth/auth-scram.c:936:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int final_nonce_len = strlen(state->client_final_nonce); data/pgpool2-4.1.4/src/auth/auth-scram.c:965:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->client_first_message_bare)); data/pgpool2-4.1.4/src/auth/auth-scram.c:969:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->server_first_message)); data/pgpool2-4.1.4/src/auth/auth-scram.c:973:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->client_final_message_without_proof)); data/pgpool2-4.1.4/src/auth/auth-scram.c:1110:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). client_proof = palloc(pg_b64_dec_len(strlen(value))); data/pgpool2-4.1.4/src/auth/auth-scram.c:1111:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pg_b64_decode(value, strlen(value), client_proof) != SCRAM_KEY_LEN) data/pgpool2-4.1.4/src/auth/auth-scram.c:1146:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->client_first_message_bare)); data/pgpool2-4.1.4/src/auth/auth-scram.c:1150:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->server_first_message)); data/pgpool2-4.1.4/src/auth/auth-scram.c:1154:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->client_final_message_without_proof)); data/pgpool2-4.1.4/src/auth/auth-scram.c:1208:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_sha256_update(&ctx, (uint8 *) username, strlen(username)); data/pgpool2-4.1.4/src/auth/auth-scram.c:1298:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (inputlen != strlen(input)) data/pgpool2-4.1.4/src/auth/auth-scram.c:1315:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *outputlen = strlen(*output); data/pgpool2-4.1.4/src/auth/auth-scram.c:1329:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *outputlen = strlen(*output); data/pgpool2-4.1.4/src/auth/auth-scram.c:1399:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = 8 + strlen(state->client_nonce) + 1; data/pgpool2-4.1.4/src/auth/auth-scram.c:1477:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(nonce) < strlen(state->client_nonce) || data/pgpool2-4.1.4/src/auth/auth-scram.c:1477:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(nonce) < strlen(state->client_nonce) || data/pgpool2-4.1.4/src/auth/auth-scram.c:1478:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcmp(nonce, state->client_nonce, strlen(state->client_nonce)) != 0) data/pgpool2-4.1.4/src/auth/auth-scram.c:1493:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). state->salt = palloc(pg_b64_dec_len(strlen(encoded_salt))); data/pgpool2-4.1.4/src/auth/auth-scram.c:1496:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(encoded_salt), data/pgpool2-4.1.4/src/auth/auth-scram.c:1554:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(encoded_server_signature), data/pgpool2-4.1.4/src/auth/auth-scram.c:1594:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->client_first_message_bare)); data/pgpool2-4.1.4/src/auth/auth-scram.c:1598:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->server_first_message)); data/pgpool2-4.1.4/src/auth/auth-scram.c:1602:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(client_final_message_without_proof)); data/pgpool2-4.1.4/src/auth/auth-scram.c:1626:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->client_first_message_bare)); data/pgpool2-4.1.4/src/auth/auth-scram.c:1630:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->server_first_message)); data/pgpool2-4.1.4/src/auth/auth-scram.c:1634:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->client_final_message_without_proof)); data/pgpool2-4.1.4/src/auth/md5.c:388:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t passwd_len = strlen(passwd); data/pgpool2-4.1.4/src/auth/md5.c:422:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t passwd_len = strlen(passwd); data/pgpool2-4.1.4/src/auth/pool_auth.c:197:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp("md5", password, 3) && (strlen(password) - 3) == MD5_PASSWD_LEN) data/pgpool2-4.1.4/src/auth/pool_auth.c:200:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_md5_encrypt(password, cp->sp->user, strlen(cp->sp->user), buf1); data/pgpool2-4.1.4/src/auth/pool_auth.c:885:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). messagelen = strlen(MASTER_CONNECTION(cp)->sp->user) + 100; data/pgpool2-4.1.4/src/auth/pool_auth.c:963:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(frontend->username), userPassword); data/pgpool2-4.1.4/src/auth/pool_auth.c:965:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(userPwd); data/pgpool2-4.1.4/src/auth/pool_auth.c:981:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). storedPassword = frontend->passwordMapping->pgpoolUser.password + strlen(PASSWORD_TEXT_PREFIX); data/pgpool2-4.1.4/src/auth/pool_auth.c:1077:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(pwd); data/pgpool2-4.1.4/src/auth/pool_auth.c:1340:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(SCRAM_SHA_256_NAME) + 2); data/pgpool2-4.1.4/src/auth/pool_auth.c:1395:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen(selected_mech) + 1; data/pgpool2-4.1.4/src/auth/pool_auth.c:1573:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(frontend->username), userPassword); data/pgpool2-4.1.4/src/auth/pool_auth.c:1593:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_md5_encrypt(md5 + strlen("md5"), salt, sizeof(salt), encbuf); data/pgpool2-4.1.4/src/auth/pool_auth.c:1714:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *password = frontend->passwordMapping->pgpoolUser.password + strlen(PASSWORD_TEXT_PREFIX); data/pgpool2-4.1.4/src/auth/pool_auth.c:1762:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(frontend->username), userPassword); data/pgpool2-4.1.4/src/auth/pool_auth.c:1818:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_md5_encrypt(pool_passwd + strlen("md5"), salt, sizeof(salt), encbuf); data/pgpool2-4.1.4/src/auth/pool_auth.c:1946:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = htonl(sizeof(size) + strlen(password) + 1); data/pgpool2-4.1.4/src/auth/pool_auth.c:1948:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write_and_flush(backend, password, strlen(password) + 1); data/pgpool2-4.1.4/src/auth/pool_auth.c:2457:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mechanism_buf += strlen(mechanism_buf) + 1; data/pgpool2-4.1.4/src/auth/pool_auth.c:2476:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_msg_len = strlen(selected_mechanism) + 1; data/pgpool2-4.1.4/src/auth/pool_auth.c:2487:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(backend, (void *) selected_mechanism, strlen(selected_mechanism) + 1); data/pgpool2-4.1.4/src/auth/pool_hba.c:1023:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). messagelen = strlen(frontend->username) + 100; data/pgpool2-4.1.4/src/auth/pool_hba.c:1274:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t plen = strlen(pattern); data/pgpool2-4.1.4/src/auth/pool_hba.c:1275:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t hlen = strlen(actual_hostname); data/pgpool2-4.1.4/src/auth/pool_hba.c:1543:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inc_fullname = (char *) palloc(strlen(outer_filename) + 1 + data/pgpool2-4.1.4/src/auth/pool_hba.c:1544:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(inc_filename) + 1); data/pgpool2-4.1.4/src/auth/pool_hba.c:1663:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(rawline) == MAX_LINE - 1) data/pgpool2-4.1.4/src/auth/pool_hba.c:1675:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lineptr = rawline + strlen(rawline) - 1; data/pgpool2-4.1.4/src/auth/pool_hba.c:1882:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). toklen = strlen(token); data/pgpool2-4.1.4/src/auth/pool_hba.c:1944:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(appdata_ptr) == 0) data/pgpool2-4.1.4/src/auth/pool_hba.c:1954:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(passwd) == 0) data/pgpool2-4.1.4/src/auth/pool_passwd.c:63:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(pool_passwd_filename); data/pgpool2-4.1.4/src/auth/pool_passwd.c:112:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(passwd); data/pgpool2-4.1.4/src/auth/pool_passwd.c:127:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(linebuf); data/pgpool2-4.1.4/src/auth/pool_passwd.c:141:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writebuf = repalloc(writebuf, (len + strlen(writebuf) + 1)); data/pgpool2-4.1.4/src/auth/pool_passwd.c:154:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writebuf = repalloc(writebuf, (len + strlen(writebuf) + 1)); data/pgpool2-4.1.4/src/auth/pool_passwd.c:171:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(writebuf, 1, strlen(writebuf), passwd_fd); data/pgpool2-4.1.4/src/auth/pool_passwd.c:210:8: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(passwd_fd); data/pgpool2-4.1.4/src/auth/pool_passwd.c:227:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(passwd_fd)) != EOF && data/pgpool2-4.1.4/src/auth/pool_passwd.c:239:16: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(passwd_fd)) != EOF && data/pgpool2-4.1.4/src/auth/pool_passwd.c:361:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/pgpool2-4.1.4/src/auth/pool_passwd.c:470:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (password_in_config == NULL || strlen(password_in_config) == 0) data/pgpool2-4.1.4/src/auth/pool_passwd.c:516:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). password = (char*)(password + strlen(PASSWORD_TEXT_PREFIX)); data/pgpool2-4.1.4/src/auth/pool_passwd.c:519:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (password && strlen(password) && (passwordType != PASSWORD_TYPE_PLAINTEXT && data/pgpool2-4.1.4/src/auth/pool_passwd.c:557:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((len = strlen(pwd)) == 0) data/pgpool2-4.1.4/src/auth/pool_passwd.c:591:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(shadow_pass, PASSWORD_MD5_PREFIX, strlen(PASSWORD_MD5_PREFIX)) == 0) data/pgpool2-4.1.4/src/auth/pool_passwd.c:593:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(shadow_pass) == MD5_PASSWD_LEN + strlen(PASSWORD_MD5_PREFIX)) data/pgpool2-4.1.4/src/auth/pool_passwd.c:593:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(shadow_pass) == MD5_PASSWD_LEN + strlen(PASSWORD_MD5_PREFIX)) data/pgpool2-4.1.4/src/auth/pool_passwd.c:597:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(shadow_pass, PASSWORD_AES_PREFIX, strlen(PASSWORD_AES_PREFIX)) == 0) data/pgpool2-4.1.4/src/auth/pool_passwd.c:599:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(shadow_pass, PASSWORD_SCRAM_PREFIX, strlen(PASSWORD_SCRAM_PREFIX)) == 0) data/pgpool2-4.1.4/src/auth/pool_passwd.c:601:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(shadow_pass, PASSWORD_TEXT_PREFIX, strlen(PASSWORD_TEXT_PREFIX)) == 0) data/pgpool2-4.1.4/src/auth/pool_passwd.c:621:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(key_file_path) == 0) data/pgpool2-4.1.4/src/auth/pool_passwd.c:656:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/pgpool2-4.1.4/src/config/pool_config.c:649:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/pgpool2-4.1.4/src/config/pool_config.c:1583:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes(yystr,strlen(yystr) ); data/pgpool2-4.1.4/src/config/pool_config.c:1884:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). currItem.pattern = palloc(sizeof(char)*(strlen(s)+3)); data/pgpool2-4.1.4/src/config/pool_config.c:1890:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(currItem.pattern, "^", 2); data/pgpool2-4.1.4/src/config/pool_config.c:1891:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(currItem.pattern, s, strlen(s) + 1); data/pgpool2-4.1.4/src/config/pool_config.c:1891:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(currItem.pattern, s, strlen(s) + 1); data/pgpool2-4.1.4/src/config/pool_config.c:1893:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(currItem.pattern, s, strlen(s) + 1); data/pgpool2-4.1.4/src/config/pool_config.c:1893:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(currItem.pattern, s, strlen(s) + 1); data/pgpool2-4.1.4/src/config/pool_config.c:1895:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s[strlen(s)-1] != '$') { data/pgpool2-4.1.4/src/config/pool_config.c:1896:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(currItem.pattern, "$", 2); data/pgpool2-4.1.4/src/config/pool_config.c:2161:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret[strlen(ret)-1] = '\0'; data/pgpool2-4.1.4/src/config/pool_config.c:2261:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!parse_bool_with_len(str, strlen(str), &result)) data/pgpool2-4.1.4/src/config/pool_config.c:2304:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf+strlen(buf), sizeof(buf), "|ALWAYS_MASTER"); data/pgpool2-4.1.4/src/config/pool_config_variables.c:2379:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int leni = strlen(gconfi->name); data/pgpool2-4.1.4/src/config/pool_config_variables.c:2384:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lenj = strlen(gconfj->name); data/pgpool2-4.1.4/src/config/pool_config_variables.c:2724:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*(input + strlen(input) - 1) != *delimi || *(input + strlen(input) - 2) == '\\') data/pgpool2-4.1.4/src/config/pool_config_variables.c:2724:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*(input + strlen(input) - 1) != *delimi || *(input + strlen(input) - 2) == '\\') data/pgpool2-4.1.4/src/config/pool_config_variables.c:2726:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(input) + 2; data/pgpool2-4.1.4/src/config/pool_config_variables.c:2823:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int index_start_index = strlen(record->name); data/pgpool2-4.1.4/src/config/pool_config_variables.c:2825:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) <= index_start_index) data/pgpool2-4.1.4/src/config/pool_config_variables.c:2862:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int index_start_index = strlen(gconf->name); data/pgpool2-4.1.4/src/config/pool_config_variables.c:3726:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). seplen = strlen(separator); data/pgpool2-4.1.4/src/config/pool_config_variables.c:3810:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (newval == NULL || strlen(newval) == 0) data/pgpool2-4.1.4/src/config/pool_config_variables.c:3830:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (newval == NULL || strlen(newval) == 0) data/pgpool2-4.1.4/src/config/pool_config_variables.c:3936:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (newval == NULL || strlen(newval) == 0) data/pgpool2-4.1.4/src/config/pool_config_variables.c:4081:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buffer+strlen(buffer), sizeof(buffer), "|ALWAYS_MASTER"); data/pgpool2-4.1.4/src/config/pool_config_variables.c:4273:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (newval == NULL || strlen(newval) == 0) data/pgpool2-4.1.4/src/config/pool_config_variables.c:4300:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (newval == NULL || strlen(newval) == 0) data/pgpool2-4.1.4/src/config/pool_config_variables.c:4311:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (newval == NULL || strlen(newval) == 0) data/pgpool2-4.1.4/src/config/pool_config_variables.c:4347:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(node_spec); data/pgpool2-4.1.4/src/context/pool_query_context.c:1796:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stmt = contents + strlen(name) + 1; data/pgpool2-4.1.4/src/context/pool_query_context.c:1798:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *rewritten_len = len - strlen(stmt) + strlen(rewritten_query); data/pgpool2-4.1.4/src/context/pool_query_context.c:1798:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *rewritten_len = len - strlen(stmt) + strlen(rewritten_query); data/pgpool2-4.1.4/src/context/pool_query_context.c:1808:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(rewritten_contents + strlen(name) + 1, rewritten_query); data/pgpool2-4.1.4/src/context/pool_query_context.c:1809:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(rewritten_contents + strlen(name) + strlen(rewritten_query) + 2, data/pgpool2-4.1.4/src/context/pool_query_context.c:1809:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(rewritten_contents + strlen(name) + strlen(rewritten_query) + 2, data/pgpool2-4.1.4/src/context/pool_query_context.c:1810:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stmt + strlen(stmt) + 1, data/pgpool2-4.1.4/src/context/pool_query_context.c:1811:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len - (strlen(name) + strlen(stmt) + 2)); data/pgpool2-4.1.4/src/context/pool_query_context.c:1811:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len - (strlen(name) + strlen(stmt) + 2)); data/pgpool2-4.1.4/src/context/pool_session_context.c:936:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(session_context->prep_where.name[i], name, POOL_MAX_PREPARED_NAME); data/pgpool2-4.1.4/src/context/pool_session_context.c:1236:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). StrNCpy(message->query, message->contents + strlen(message->contents) + 1, sizeof(message->query)); data/pgpool2-4.1.4/src/context/pool_session_context.c:1241:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). StrNCpy(message->statement, message->contents + strlen(message->contents) + 1, sizeof(message->statement)); data/pgpool2-4.1.4/src/include/parser/nodes.h:648:13: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. extern bool equal(const void *a, const void *b); data/pgpool2-4.1.4/src/include/parser/pg_list.h:362:27: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. #define equali(l1, l2) equal(l1, l2) data/pgpool2-4.1.4/src/include/parser/pg_list.h:363:27: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. #define equalo(l1, l2) equal(l1, l2) data/pgpool2-4.1.4/src/include/pool_type.h:404:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_dst, (src), _len); \ data/pgpool2-4.1.4/src/libs/pcp/pcp.c:297:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(username) >= MAX_USER_PASSWD_LEN) data/pgpool2-4.1.4/src/libs/pcp/pcp.c:321:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_md5_hash(password, strlen(password), md5); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:324:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_md5_encrypt(md5, username, strlen(username), data/pgpool2-4.1.4/src/libs/pcp/pcp.c:333:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wsize = htonl((strlen(username) + 1 + strlen(encrypt_buf) + 1) + sizeof(int)); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:333:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wsize = htonl((strlen(username) + 1 + strlen(encrypt_buf) + 1) + sizeof(int)); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:335:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(pcpConn->pcpConn, username, strlen(username) + 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:336:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(pcpConn->pcpConn, encrypt_buf, strlen(encrypt_buf) + 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:539:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e += strlen(e) + 1; data/pgpool2-4.1.4/src/libs/pcp/pcp.c:799:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wsize = htonl(strlen(node_id) + 1 + sizeof(int)); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:801:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(pcpConn->pcpConn, node_id, strlen(node_id) + 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1056:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wsize = htonl(strlen(process_id) + 1 + sizeof(int)); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1058:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(pcpConn->pcpConn, process_id, strlen(process_id) + 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1113:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wsize = htonl(strlen(node_id) + 1 + sizeof(int)); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1115:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(pcpConn->pcpConn, node_id, strlen(node_id) + 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1160:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wsize = htonl(strlen(node_id) + 1 + sizeof(int)); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1162:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(pcpConn->pcpConn, node_id, strlen(node_id) + 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1277:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wsize = htonl(strlen(node_id) + 1 + sizeof(int)); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1279:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(pcpConn->pcpConn, node_id, strlen(node_id) + 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1334:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wsize = htonl(strlen(node_id) + 1 + sizeof(int)); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1336:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(pcpConn->pcpConn, node_id, strlen(node_id) + 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1434:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wd_cluster_info->masterNodeName, ptr, sizeof(wd_cluster_info->masterNodeName) - 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1442:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wd_cluster_info->masterHostName, ptr, sizeof(wd_cluster_info->masterHostName) - 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1469:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wdNodeInfo->nodeName, ptr, sizeof(wdNodeInfo->nodeName) - 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1477:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wdNodeInfo->hostName, ptr, sizeof(wdNodeInfo->hostName) - 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1485:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wdNodeInfo->delegate_ip, ptr, sizeof(wdNodeInfo->delegate_ip) - 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1511:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wdNodeInfo->stateName, ptr, sizeof(wdNodeInfo->stateName) - 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1565:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wsize = htonl(strlen(wd_index) + 1 + sizeof(int)); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1567:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(pcpConn->pcpConn, wd_index, strlen(wd_index) + 1); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1591:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wsize = htonl(strlen(parameter_name) + 1 + data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1592:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(value) + 1 + data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1595:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(pcpConn->pcpConn, parameter_name, strlen(parameter_name)); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1597:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(pcpConn->pcpConn, value, strlen(value)); data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1862:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (username == NULL || strlen(username) == 0) data/pgpool2-4.1.4/src/libs/pcp/pcp.c:1908:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/pgpool2-4.1.4/src/main/health_check.c:505:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, readbuf, sizeof(buf)); data/pgpool2-4.1.4/src/main/health_check.c:506:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(readbuf) > 0 && readbuf[strlen(readbuf) - 1] == '\n') data/pgpool2-4.1.4/src/main/health_check.c:506:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(readbuf) > 0 && readbuf[strlen(readbuf) - 1] == '\n') data/pgpool2-4.1.4/src/main/health_check.c:507:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[strlen(readbuf) - 1] = '\0'; data/pgpool2-4.1.4/src/main/health_check.c:532:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writebuf = malloc(strlen(p) + 1); data/pgpool2-4.1.4/src/main/health_check.c:533:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset(writebuf, 0, strlen(p) + 1); data/pgpool2-4.1.4/src/main/health_check.c:536:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writebuf = realloc(writebuf, strlen(p) + strlen(writebuf) + 1); data/pgpool2-4.1.4/src/main/health_check.c:536:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). writebuf = realloc(writebuf, strlen(p) + strlen(writebuf) + 1); data/pgpool2-4.1.4/src/main/health_check.c:561:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fwrite(writebuf, 1, strlen(writebuf), fd) != strlen(writebuf)) data/pgpool2-4.1.4/src/main/health_check.c:561:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fwrite(writebuf, 1, strlen(writebuf), fd) != strlen(writebuf)) data/pgpool2-4.1.4/src/main/main.c:318:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_passwd_key_file_path) == 0) data/pgpool2-4.1.4/src/main/main.c:374:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(homedir, "USER-HOME-DIR", POOLMAXPATHLEN); data/pgpool2-4.1.4/src/main/main.c:569:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path_size = strlen(conf_dir) + strlen(pool_config->pid_file_name) + 1 + 1; data/pgpool2-4.1.4/src/main/main.c:569:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path_size = strlen(conf_dir) + strlen(pool_config->pid_file_name) + 1 + 1; data/pgpool2-4.1.4/src/main/main.c:611:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((readlen = read(fd, pidbuf, sizeof(pidbuf))) == -1) data/pgpool2-4.1.4/src/main/main.c:658:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, pidbuf, strlen(pidbuf) + 1) == -1) data/pgpool2-4.1.4/src/main/pgpool_main.c:2923:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(pipe_fds[0], &dummy, 1) < 0) data/pgpool2-4.1.4/src/main/pgpool_main.c:2988:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (command_line == NULL || (strlen(command_line) == 0)) data/pgpool2-4.1.4/src/main/pgpool_main.c:3104:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(exec_cmd->data) != 0) data/pgpool2-4.1.4/src/main/pgpool_main.c:3944:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fwrite(buf, 1, strlen(buf), fd) != strlen(buf)) data/pgpool2-4.1.4/src/main/pgpool_main.c:3944:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fwrite(buf, 1, strlen(buf), fd) != strlen(buf)) data/pgpool2-4.1.4/src/parser/gram.c:25810:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/pgpool2-4.1.4/src/parser/gram_minimal.c:25465:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/pgpool2-4.1.4/src/parser/kwlookup.c:50:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/pgpool2-4.1.4/src/parser/list.c:455:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(lfirst(cell), datum)) data/pgpool2-4.1.4/src/parser/list.c:582:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(lfirst(cell), datum)) data/pgpool2-4.1.4/src/parser/outfuncs.c:240:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str), data/pgpool2-4.1.4/src/parser/pool_string.c:36:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string->len = (str != NULL) ? strlen(str) : 0; data/pgpool2-4.1.4/src/parser/pool_string.c:59:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(append_data); data/pgpool2-4.1.4/src/parser/scan.c:1284:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/pgpool2-4.1.4/src/parser/scan.c:2056:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). identlen = strlen(ident); data/pgpool2-4.1.4/src/parser/scan.c:2082:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). identlen = strlen(ident); data/pgpool2-4.1.4/src/parser/scan.c:3150:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return core_yy_scan_bytes(yystr,strlen(yystr) ,yyscanner); data/pgpool2-4.1.4/src/parser/scansup.c:49:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/pgpool2-4.1.4/src/parser/snprintf.c:502:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostr(strvalue, strlen(strvalue), target); data/pgpool2-4.1.4/src/parser/snprintf.c:772:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostr(errm, strlen(errm), target); data/pgpool2-4.1.4/src/parser/snprintf.c:1041:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vallen = strlen(value); data/pgpool2-4.1.4/src/parser/stringinfo.c:167:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). appendBinaryStringInfo(str, s, strlen(s)); data/pgpool2-4.1.4/src/parser/wchar.c:2130:9: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. p += sprintf(p, " "); data/pgpool2-4.1.4/src/parser/wchar.c:2163:9: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. p += sprintf(p, " "); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:414:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(packet_username, buf, MAX_USER_PASSWD_LEN); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:423:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(packet_password, ++index, MAX_USER_PASSWD_LEN); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:476:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(file_password, line + strlen(file_username) + 1, len); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:479:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_md5_encrypt(file_password, file_username, strlen(file_username), data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:631:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(mesg + total_port_len, strlen(process_id) + 1, "%s", process_id); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:632:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total_port_len += strlen(process_id) + 1; data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:637:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(process_count_str) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:642:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, process_count_str, strlen(process_count_str) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:692:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(con_info_size) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:696:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, con_info_size, strlen(con_info_size) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:728:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(proc_pid) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:729:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(pools[i].database) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:730:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(pools[i].username) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:731:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(proc_start_time) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:732:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(proc_create_time) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:733:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(majorversion) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:734:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(minorversion) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:735:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(pool_counter) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:736:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(backend_id) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:737:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(backend_pid) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:738:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(connected) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:742:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, proc_pid, strlen(proc_pid) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:743:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, pools[i].database, strlen(pools[i].database) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:744:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, pools[i].username, strlen(pools[i].username) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:745:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, proc_start_time, strlen(proc_start_time) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:746:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, proc_create_time, strlen(proc_create_time) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:747:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, majorversion, strlen(majorversion) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:748:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, minorversion, strlen(minorversion) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:749:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, pool_counter, strlen(pool_counter) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:750:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, backend_id, strlen(backend_id) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:751:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, backend_pid, strlen(backend_pid) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:752:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, connected, strlen(connected) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:800:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). json_data_len = strlen(json_data); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:869:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(bi->backend_hostname) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:870:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(port_str) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:871:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(status) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:872:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(weight_str) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:873:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(role_str) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:874:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(standby_delay_str) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:875:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(bi->replication_state) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:876:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(bi->replication_sync_state) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:877:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(status_changed_time_str) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:881:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, bi->backend_hostname, strlen(bi->backend_hostname) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:882:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, port_str, strlen(port_str) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:883:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, status, strlen(status) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:884:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, weight_str, strlen(weight_str) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:885:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, role_str, strlen(role_str) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:886:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, standby_delay_str, strlen(standby_delay_str) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:887:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, bi->replication_state, strlen(bi->replication_state) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:888:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, bi->replication_sync_state, strlen(bi->replication_sync_state) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:889:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, status_changed_time_str, strlen(status_changed_time_str) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:906:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(mesg) + 1 + data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:910:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, mesg, strlen(mesg) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:1057:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(status[i].name) + 1 data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:1058:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(status[i].value) + 1 data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:1059:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(status[i].desc) + 1 data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:1064:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, status[i].name, strlen(status[i].name) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:1065:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, status[i].value, strlen(status[i].value) + 1); data/pgpool2-4.1.4/src/pcp_con/pcp_worker.c:1066:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcp_write(frontend, status[i].desc, strlen(status[i].desc) + 1); data/pgpool2-4.1.4/src/pcp_con/recovery.c:239:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(recovery_backend->backend_hostname) == 0 || *(recovery_backend->backend_hostname) == '/') data/pgpool2-4.1.4/src/pcp_con/recovery.c:247:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (script == NULL || strlen(script) == 0) data/pgpool2-4.1.4/src/pcp_con/recovery.c:308:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(backend->backend_hostname) == 0 || *(backend->backend_hostname) == '/') data/pgpool2-4.1.4/src/protocol/child.c:594:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sp->database, sp2->database, SM_DATABASE); data/pgpool2-4.1.4/src/protocol/child.c:597:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sp->user, sp2->user, SM_USER); data/pgpool2-4.1.4/src/protocol/child.c:611:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += (strlen(p) + 1); /* skip option name */ data/pgpool2-4.1.4/src/protocol/child.c:612:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += (strlen(p) + 1); /* skip option value */ data/pgpool2-4.1.4/src/protocol/child.c:621:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += (strlen(p) + 1); /* skip option name */ data/pgpool2-4.1.4/src/protocol/child.c:622:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += (strlen(p) + 1); /* skip option value */ data/pgpool2-4.1.4/src/protocol/child.c:631:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(p, tmpopt ,strlen(tmpopt) + 1); /* memcpy option name */ data/pgpool2-4.1.4/src/protocol/child.c:632:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += (strlen(tmpopt) + 1); data/pgpool2-4.1.4/src/protocol/child.c:633:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpopt += (strlen(tmpopt) + 1); data/pgpool2-4.1.4/src/protocol/child.c:634:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(p, tmpopt ,strlen(tmpopt) + 1); /* memcpy option value */ data/pgpool2-4.1.4/src/protocol/child.c:635:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += (strlen(tmpopt) + 1); data/pgpool2-4.1.4/src/protocol/child.c:649:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += (strlen(p) + 1); data/pgpool2-4.1.4/src/protocol/child.c:654:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += (strlen(p) + 1); data/pgpool2-4.1.4/src/protocol/child.c:668:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += (strlen(p) + 1); data/pgpool2-4.1.4/src/protocol/child.c:676:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += (strlen(p) + 1); data/pgpool2-4.1.4/src/protocol/child.c:679:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += (strlen(p) + 1); data/pgpool2-4.1.4/src/protocol/child.c:1256:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = sizeof(sendlen) + strlen(name) + 1 + strlen(value) + 1; data/pgpool2-4.1.4/src/protocol/child.c:1256:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = sizeof(sendlen) + strlen(name) + 1 + strlen(value) + 1; data/pgpool2-4.1.4/src/protocol/child.c:1259:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, name, strlen(name) + 1); data/pgpool2-4.1.4/src/protocol/child.c:1260:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, value, strlen(value) + 1); data/pgpool2-4.1.4/src/protocol/child.c:1668:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (app_name && strlen(app_name) > 0) data/pgpool2-4.1.4/src/protocol/child.c:2676:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pgversion.version_string, result, sizeof(pgversion.version_string) - 1); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:579:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, notice_message, strlen(notice_message) + 1); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:918:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value = p + strlen(name) + 1; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1026:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (SimpleQuery(NULL, backend, strlen(query) + 1, query) != POOL_CONTINUE) data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1291:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write_and_flush(frontend, message, strlen(message) + 1); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1404:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_simplequery_message(backend, strlen(query) + 1, query, protoMajor); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1613:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_simplequery_message(backend, strlen(error_query) + 1, error_query, major); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1668:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(msg); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1924:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pname_len = strlen(prepared_name) + 1; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1927:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). qlen = strlen(query) + 1; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:1972:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncasecmp(query, "SELECT", strlen("SELECT"))) data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2023:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_simplequery_message(backend, strlen(query) + 1, query, major); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2225:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p) + 1; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:2620:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(seq_rel_name, adsrc + pmatch[1].rm_so, len); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:3351:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value = p + strlen(p) + 1; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:3632:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). parse_tree_list = raw_parser(query_string_buffer, strlen(query_string_buffer), &error, !REPLICATION); data/pgpool2-4.1.4/src/protocol/pool_process_query.c:4291:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e = e + strlen(e) + 1; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:4367:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e += strlen(e) + 1; data/pgpool2-4.1.4/src/protocol/pool_process_query.c:4485:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e = e + strlen(e) + 1; data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:659:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). query_context->rewritten_length = strlen(rewrite_query) + 1; data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:691:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(msg); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:802:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(query) + 1; data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:826:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hexlen = strlen(hex_str); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:935:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(msg); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1041:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stmt = contents + strlen(contents) + 1; data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1051:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). parse_tree_list = raw_parser(stmt, strlen(stmt),&error,!REPLICATION); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1109:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_start_query(query_context, stmt, strlen(stmt) + 1, node); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1194:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int alloc_len = len - strlen(stmt) + strlen(rewrite_query); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1194:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int alloc_len = len - strlen(stmt) + strlen(rewrite_query); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1203:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(contents + strlen(name) + 1, rewrite_query); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1204:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(contents + strlen(name) + strlen(rewrite_query) + 2, data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1204:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(contents + strlen(name) + strlen(rewrite_query) + 2, data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1205:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stmt + strlen(stmt) + 1, data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1206:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len - (strlen(name) + strlen(stmt) + 2)); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1206:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len - (strlen(name) + strlen(stmt) + 2)); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1210:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stmt = contents + strlen(name) + 1; data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1328:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_start_query(error_qc, POOL_ERROR_QUERY, strlen(POOL_ERROR_QUERY) + 1, node); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1401:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pstmt_name = contents + strlen(portal_name) + 1; data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1435:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bind_msg->param_offset = sizeof(char) * (strlen(portal_name) + strlen(pstmt_name) + 2); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:1435:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bind_msg->param_offset = sizeof(char) * (strlen(portal_name) + strlen(pstmt_name) + 2); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:2631:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_start_query(query_context, query, strlen(query) + 1, node); data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:3454:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset = strlen(bind_message->contents) + 1; data/pgpool2-4.1.4/src/protocol/pool_proto_modules.c:3462:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). message_len = 1 + strlen(bind_message->contents + offset) + 1; data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:252:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(query) <= 0) data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:362:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(query) <= 0) data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:459:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(query) <= 0) data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:494:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = memcached_get(memc, tmpkey, strlen(tmpkey), len, &flags, &rc); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:562:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u_length = strlen(backend->info->user); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:567:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d_length = strlen(backend->info->database); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:569:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q_length = strlen(s); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:580:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_md5_hash(strkey, strlen(strkey), buf); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1668:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sts = read(fd, (char *) &buf, len); data/pgpool2-4.1.4/src/query_cache/pool_memqcache.c:1870:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sts = read(fd, (char *) &buf, len); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1072:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ts_len = strlen(ts); data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1083:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). copy_len = strlen(copy_from) + 1; data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1089:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). copy_len = strlen(copy_from) + 1; data/pgpool2-4.1.4/src/rewrite/pool_timestamp.c:1236:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(res->data[0]) + 1; data/pgpool2-4.1.4/src/test/regression/tests/010.rewrite_timestamp/timestamp/main.c:154:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tree = raw_parser(argv[1], strlen(argv[1]), &error, false); data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:863:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(titles[i]); data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:876:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(formatbuf, buf2, sizeof(formatbuf) - strlen(formatbuf) - 2); data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:876:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(formatbuf, buf2, sizeof(formatbuf) - strlen(formatbuf) - 2); data/pgpool2-4.1.4/src/tools/pcp/pcp_frontend_client.c:877:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(formatbuf, "\n"); data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:139:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) > sizeof(username)) data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:174:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:188:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(argv[optind]); data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:219:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:235:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(enc_key) == 0) data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:238:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(key_file_path) == 0) data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:271:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(pg_pass), pool_key, ciphertext); data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:326:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (username == NULL || strlen(username) == 0) data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:339:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int cypher_len = aes_encrypt_with_password((unsigned char *) password, strlen(password), key, ciphertext); data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:349:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = pg_b64_encode((const char *) ciphertext, cypher_len, (char *) b64_enc + strlen(PASSWORD_AES_PREFIX)); data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:355:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(PASSWORD_AES_PREFIX); data/pgpool2-4.1.4/src/tools/pgenc/pg_enc.c:369:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(homedir, "USER-HOME-DIR", POOLMAXPATHLEN); data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:105:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) > MAX_INPUT_SIZE) data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:141:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:170:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(argv[optind]); data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:218:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(username)) data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:221:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_md5_encrypt(password, username, strlen(username), md5); data/pgpool2-4.1.4/src/tools/pgmd5/pg_md5.c:233:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_md5_encrypt(password, pw->pw_name, strlen(pw->pw_name), md5); data/pgpool2-4.1.4/src/tools/pgproto/buffer.c:90:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/pgpool2-4.1.4/src/tools/pgproto/extended_query.c:55:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(stmt) + 1; data/pgpool2-4.1.4/src/tools/pgproto/extended_query.c:61:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(query) + 1; data/pgpool2-4.1.4/src/tools/pgproto/extended_query.c:135:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(portal) + 1; data/pgpool2-4.1.4/src/tools/pgproto/extended_query.c:141:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(stmt) + 1; data/pgpool2-4.1.4/src/tools/pgproto/extended_query.c:266:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(portal) + 1; data/pgpool2-4.1.4/src/tools/pgproto/extended_query.c:309:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(stmt) + 1; data/pgpool2-4.1.4/src/tools/pgproto/extended_query.c:358:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(stmt) + 1; data/pgpool2-4.1.4/src/tools/pgproto/main.c:210:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(conninfo, "host=", n); data/pgpool2-4.1.4/src/tools/pgproto/main.c:211:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n -= strlen(host) + 1; data/pgpool2-4.1.4/src/tools/pgproto/main.c:212:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(conninfo, host, n); data/pgpool2-4.1.4/src/tools/pgproto/main.c:218:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(conninfo, " port=", n); data/pgpool2-4.1.4/src/tools/pgproto/main.c:219:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n -= strlen(port) + 1; data/pgpool2-4.1.4/src/tools/pgproto/main.c:220:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(conninfo, port, n); data/pgpool2-4.1.4/src/tools/pgproto/main.c:226:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(conninfo, " user=", n); data/pgpool2-4.1.4/src/tools/pgproto/main.c:227:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n -= strlen(user) + 1; data/pgpool2-4.1.4/src/tools/pgproto/main.c:234:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(conninfo, " dbname=", n); data/pgpool2-4.1.4/src/tools/pgproto/main.c:235:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n -= strlen(database) + 1; data/pgpool2-4.1.4/src/tools/pgproto/main.c:236:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(conninfo, database, n); data/pgpool2-4.1.4/src/tools/pgproto/main.c:283:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p); data/pgpool2-4.1.4/src/tools/pgproto/main.c:400:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_int(sizeof(int) + strlen(query) + 1, conn); data/pgpool2-4.1.4/src/tools/pgproto/main.c:410:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_int(sizeof(int) + strlen(data), conn); data/pgpool2-4.1.4/src/tools/pgproto/main.c:411:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_byte(data, strlen(data), conn); data/pgpool2-4.1.4/src/tools/pgproto/main.c:426:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send_int(sizeof(int) + strlen(err_msg) + 1, conn); data/pgpool2-4.1.4/src/tools/pgproto/read.c:137:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p) + 1; data/pgpool2-4.1.4/src/tools/pgproto/read.c:225:11: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. (void) usleep(read_nap); data/pgpool2-4.1.4/src/tools/pgproto/read.c:303:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sts = read(PQsocket(conn), buf, len); data/pgpool2-4.1.4/src/tools/pgproto/send.c:70:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write_it(PQsocket(conn), buf, strlen(buf) + 1); data/pgpool2-4.1.4/src/utils/error/elog.c:1514:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/pgpool2-4.1.4/src/utils/error/elog.c:1790:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_send_to_frontend(message, strlen(message), false); data/pgpool2-4.1.4/src/utils/error/elog.c:2473:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write_eventlog(ERROR, errbuf, strlen(errbuf)); data/pgpool2-4.1.4/src/utils/error/elog.c:2478:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write_console(errbuf, strlen(errbuf)); data/pgpool2-4.1.4/src/utils/getopt_long.c:98:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(longopts[i].name) == namelen data/pgpool2-4.1.4/src/utils/mmgr/mcxt.c:648:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Size needed = size + strlen(name) + 1; data/pgpool2-4.1.4/src/utils/mmgr/mcxt.c:1075:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Size len = strlen(string) + 1; data/pgpool2-4.1.4/src/utils/mmgr/mcxt.c:1113:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(in); data/pgpool2-4.1.4/src/utils/pcp/pcp_stream.c:117:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readlen = read(pc->fd, readbuf, READBUFSZ); data/pgpool2-4.1.4/src/utils/pool_ip.c:185:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(node, "???", nodelen); data/pgpool2-4.1.4/src/utils/pool_ip.c:187:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(service, "???", servicelen); data/pgpool2-4.1.4/src/utils/pool_ip.c:280:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) >= sizeof(unp->sun_path)) data/pgpool2-4.1.4/src/utils/pool_params.c:125:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(params->values[pos]) < strlen(value)) data/pgpool2-4.1.4/src/utils/pool_params.c:125:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(params->values[pos]) < strlen(value)) data/pgpool2-4.1.4/src/utils/pool_params.c:127:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). params->values[pos] = repalloc(params->values[pos], strlen(value) + 1); data/pgpool2-4.1.4/src/utils/pool_path.c:137:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p = path + strlen(path) - 1; IS_DIR_SEP(*p) && p > path; p--); data/pgpool2-4.1.4/src/utils/pool_path.c:197:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(ret_path + strlen(ret_path), MAXPGPATH - strlen(ret_path), "/%s", tail); data/pgpool2-4.1.4/src/utils/pool_path.c:197:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(ret_path + strlen(ret_path), MAXPGPATH - strlen(ret_path), "/%s", tail); data/pgpool2-4.1.4/src/utils/pool_path.c:242:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(path); data/pgpool2-4.1.4/src/utils/pool_path.c:285:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = path + strlen(path); data/pgpool2-4.1.4/src/utils/pool_path.c:357:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new = palloc(strlen(cwd) + strlen(path) + 2); data/pgpool2-4.1.4/src/utils/pool_path.c:357:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new = palloc(strlen(cwd) + strlen(path) + 2); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:54:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, cursorname, strlen(cursorname) + 1); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:73:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(field_names[i]) + 1 + 18; data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:85:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, field_names[i], strlen(field_names[i]) + 1); /* field name */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:414:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = POOLCONFIG_MAXVALLEN - strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:415:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(status[i].value, pool_config->reset_query_list[j], len); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:416:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = POOLCONFIG_MAXVALLEN - strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:418:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(status[i].value, ";", len); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:472:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = POOLCONFIG_MAXVALLEN - strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:473:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(status[i].value, pool_config->white_function_list[j], len); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:474:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = POOLCONFIG_MAXVALLEN - strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:476:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(status[i].value, ",", len); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:485:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = POOLCONFIG_MAXVALLEN - strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:486:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(status[i].value, pool_config->black_function_list[j], len); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:487:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = POOLCONFIG_MAXVALLEN - strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:489:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(status[i].value, ",", len); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:498:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = POOLCONFIG_MAXVALLEN - strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:499:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(status[i].value, pool_config->black_query_pattern_list[j], len); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:500:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = POOLCONFIG_MAXVALLEN - strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:502:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(status[i].value, ";", len); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:851:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = POOLCONFIG_MAXVALLEN - strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:852:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(status[i].value, pool_config->wd_monitoring_interfaces_list[j], len); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:853:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = POOLCONFIG_MAXVALLEN - strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:855:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(status[i].value, ",", len); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:938:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = POOLCONFIG_MAXVALLEN - strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:939:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(status[i].value, pool_config->white_memqcache_table_list[j], len); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:940:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = POOLCONFIG_MAXVALLEN - strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:942:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(status[i].value, ",", len); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:951:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = POOLCONFIG_MAXVALLEN - strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:952:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(status[i].value, pool_config->black_memqcache_table_list[j], len); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:953:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = POOLCONFIG_MAXVALLEN - strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:955:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(status[i].value, ",", len); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1069:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(name); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1074:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1079:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(description); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1090:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += 4 + strlen(name); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1091:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += 4 + strlen(value); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1092:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += 4 + strlen(description); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1098:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(name); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1103:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1108:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(description); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1132:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1144:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += 4 + strlen(value); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1150:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1183:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(status[i].name); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1188:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(status[i].value); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1193:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(status[i].desc); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1206:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(status[i].name); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1207:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(status[i].value); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1208:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(status[i].desc); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1214:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(status[i].name)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1216:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, status[i].name, strlen(status[i].name)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1218:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(status[i].value)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1220:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, status[i].value, strlen(status[i].value)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1222:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(status[i].desc)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1224:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, status[i].desc, strlen(status[i].desc)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1250:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). StrNCpy(nodes[i].hostname, bi->backend_hostname, strlen(bi->backend_hostname) + 1); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1323:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(nodes[i].node_id); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1328:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(nodes[i].hostname); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1333:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(nodes[i].port); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1338:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(nodes[i].status); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1343:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(nodes[i].lb_weight); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1348:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(nodes[i].role); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1353:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(nodes[i].select); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1358:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(nodes[i].load_balance_node); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1363:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(nodes[i].delay); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1368:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(nodes[i].rep_state); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1373:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(nodes[i].rep_sync_state); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1378:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(nodes[i].last_status_change); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1391:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(nodes[i].node_id); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1392:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(nodes[i].hostname); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1393:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(nodes[i].port); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1394:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(nodes[i].status); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1395:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(nodes[i].lb_weight); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1396:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(nodes[i].role); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1397:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(nodes[i].select); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1398:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(nodes[i].load_balance_node); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1399:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(nodes[i].delay); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1400:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(nodes[i].rep_state); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1401:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(nodes[i].rep_sync_state); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1402:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(nodes[i].last_status_change); /* int32 + data; */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1408:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(nodes[i].node_id)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1410:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, nodes[i].node_id, strlen(nodes[i].node_id)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1412:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(nodes[i].hostname)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1414:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, nodes[i].hostname, strlen(nodes[i].hostname)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1416:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(nodes[i].port)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1418:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, nodes[i].port, strlen(nodes[i].port)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1420:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(nodes[i].status)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1422:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, nodes[i].status, strlen(nodes[i].status)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1424:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(nodes[i].lb_weight)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1426:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, nodes[i].lb_weight, strlen(nodes[i].lb_weight)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1428:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(nodes[i].role)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1430:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, nodes[i].role, strlen(nodes[i].role)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1432:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(nodes[i].select)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1434:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, nodes[i].select, strlen(nodes[i].select)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1436:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(nodes[i].load_balance_node)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1438:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, nodes[i].load_balance_node, strlen(nodes[i].load_balance_node)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1440:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(nodes[i].delay)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1442:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, nodes[i].delay, strlen(nodes[i].delay)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1444:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(nodes[i].rep_state)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1446:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, nodes[i].rep_state, strlen(nodes[i].rep_state)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1448:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(nodes[i].rep_sync_state)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1450:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, nodes[i].rep_sync_state, strlen(nodes[i].rep_sync_state)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1452:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(nodes[i].last_status_change)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1454:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, nodes[i].last_status_change, strlen(nodes[i].last_status_change)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1495:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pi->connection_info[poolBE].database) == 0) data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1586:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(proc_pid); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1587:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(proc_start_time); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1588:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(pool_id); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1589:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(backend_id); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1590:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(pools[i].database); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1591:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(pools[i].username); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1592:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(proc_create_time); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1593:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(majorversion); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1594:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(minorversion); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1595:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(pool_counter); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1596:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(backend_pid); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1597:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(connected); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1605:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(proc_pid); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1610:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(proc_start_time); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1615:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pool_id); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1620:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(backend_id); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1625:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pools[i].database); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1630:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pools[i].username); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1635:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(proc_create_time); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1640:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(majorversion); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1645:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(minorversion); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1650:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pool_counter); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1655:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(backend_pid); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1660:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(connected); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1697:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pi->connection_info[poolBE].connected && strlen(pi->connection_info[poolBE].database) > 0 && strlen(pi->connection_info[poolBE].user) > 0) data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1697:101: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pi->connection_info[poolBE].connected && strlen(pi->connection_info[poolBE].database) > 0 && strlen(pi->connection_info[poolBE].user) > 0) data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1738:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(processes[i].pool_pid); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1743:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(processes[i].start_time); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1748:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(processes[i].database); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1753:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(processes[i].username); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1758:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(processes[i].create_time); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1763:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(processes[i].pool_counter); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1776:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(processes[i].pool_pid); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1777:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(processes[i].start_time); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1778:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(processes[i].database); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1779:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(processes[i].username); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1780:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(processes[i].create_time); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1781:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(processes[i].pool_counter); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1787:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(processes[i].pool_pid)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1789:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, processes[i].pool_pid, strlen(processes[i].pool_pid)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1791:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(processes[i].start_time)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1793:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, processes[i].start_time, strlen(processes[i].start_time)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1795:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(processes[i].database)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1797:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, processes[i].database, strlen(processes[i].database)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1799:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(processes[i].username)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1801:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, processes[i].username, strlen(processes[i].username)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1803:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(processes[i].create_time)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1805:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, processes[i].create_time, strlen(processes[i].create_time)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1807:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(processes[i].pool_counter)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1809:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, processes[i].pool_counter, strlen(processes[i].pool_counter)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1851:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(version[0].version); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1861:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += 4 + strlen(version[0].version); /* int32 + data */ data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1867:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = htonl(strlen(version[0].version)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1869:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pool_write(frontend, version[0].version, strlen(version[0].version)); data/pgpool2-4.1.4/src/utils/pool_process_reporting.c:1955:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strp[i].len = strlen(strp[i].string); data/pgpool2-4.1.4/src/utils/pool_select_walker.c:292:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/pgpool2-4.1.4/src/utils/pool_select_walker.c:1291:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(tablename, "\""); data/pgpool2-4.1.4/src/utils/pool_select_walker.c:1293:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(tablename, "\""); data/pgpool2-4.1.4/src/utils/pool_select_walker.c:1294:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(tablename, "."); data/pgpool2-4.1.4/src/utils/pool_select_walker.c:1305:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(tablename, "\""); data/pgpool2-4.1.4/src/utils/pool_select_walker.c:1307:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(tablename, "\""); data/pgpool2-4.1.4/src/utils/pool_ssl.c:332:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->ssl_ca_cert)) data/pgpool2-4.1.4/src/utils/pool_ssl.c:334:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->ssl_ca_cert_dir)) data/pgpool2-4.1.4/src/utils/pool_ssl.c:657:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pool_config->ssl_ca_cert && strlen(pool_config->ssl_ca_cert)) data/pgpool2-4.1.4/src/utils/pool_ssl.c:662:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->ssl_ca_cert)) data/pgpool2-4.1.4/src/utils/pool_ssl.c:664:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->ssl_ca_cert_dir)) data/pgpool2-4.1.4/src/utils/pool_stream.c:196:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readlen = read(cp->fd, readbuf, READBUFSZ); data/pgpool2-4.1.4/src/utils/pool_stream.c:364:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readlen = read(cp->fd, buf, len); data/pgpool2-4.1.4/src/utils/pool_stream.c:968:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readlen = read(cp->fd, cp->sbuf + readp, readsize); data/pgpool2-4.1.4/src/utils/pool_stream.c:1414:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(fd, buf + read_len, (len - read_len)); data/pgpool2-4.1.4/src/utils/ps_status.c:148:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end_of_area = argv[i] + strlen(argv[i]); data/pgpool2-4.1.4/src/utils/ps_status.c:164:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end_of_area = environ[i] + strlen(environ[i]); data/pgpool2-4.1.4/src/utils/ps_status.c:273:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ps_buffer_fixed_size = strlen(ps_buffer); data/pgpool2-4.1.4/src/utils/ps_status.c:315:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pstat(PSTAT_SETCMD, pst, strlen(ps_buffer), 0, 0); data/pgpool2-4.1.4/src/utils/ps_status.c:329:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(ps_buffer); data/pgpool2-4.1.4/src/utils/ps_status.c:383:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *displen = strlen(ps_buffer + ps_buffer_fixed_size); data/pgpool2-4.1.4/src/utils/regex_array.c:80:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(pattern); data/pgpool2-4.1.4/src/utils/regex_array.c:92:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(pat, "^", 2); data/pgpool2-4.1.4/src/utils/regex_array.c:93:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(pat, pattern, len + 1); data/pgpool2-4.1.4/src/utils/regex_array.c:97:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pat, pattern, len + 1); data/pgpool2-4.1.4/src/utils/regex_array.c:102:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant character. strncat(pat, "$", 2); data/pgpool2-4.1.4/src/utils/regex_array.c:206:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(token) + 1; data/pgpool2-4.1.4/src/utils/scram-common.c:108:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int password_len = strlen(password); data/pgpool2-4.1.4/src/utils/scram-common.c:165:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scram_HMAC_update(&ctx, "Client Key", strlen("Client Key")); data/pgpool2-4.1.4/src/utils/scram-common.c:178:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scram_HMAC_update(&ctx, "Server Key", strlen("Server Key")); data/pgpool2-4.1.4/src/utils/scram-common.c:218:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen = strlen("SCRAM-SHA-256") + 1 data/pgpool2-4.1.4/src/utils/sprompt.c:158:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(destination); data/pgpool2-4.1.4/src/utils/sprompt.c:169:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(buf); data/pgpool2-4.1.4/src/utils/ssl_utils.c:93:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(password), 1, key, iv)) data/pgpool2-4.1.4/src/utils/ssl_utils.c:233:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). HMAC_Init_ex(ctx, key, strlen(key), EVP_sha256(), NULL); data/pgpool2-4.1.4/src/watchdog/watchdog.c:618:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->wd_authkey) > MAX_PASSWORD_SIZE) data/pgpool2-4.1.4/src/watchdog/watchdog.c:726:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(g_cluster.localNode->hostname, pool_config->wd_hostname, sizeof(g_cluster.localNode->hostname) - 1); data/pgpool2-4.1.4/src/watchdog/watchdog.c:727:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(g_cluster.localNode->delegate_ip, pool_config->delegate_IP, sizeof(g_cluster.localNode->delegate_ip) - 1); data/pgpool2-4.1.4/src/watchdog/watchdog.c:782:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_cluster.ipc_auth_needed = strlen(pool_config->wd_authkey) ? true : false; data/pgpool2-4.1.4/src/watchdog/watchdog.c:940:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hp = gethostbyaddr(hostname, strlen(hostname), AF_INET); data/pgpool2-4.1.4/src/watchdog/watchdog.c:1947:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data_len = strlen(data) + 1; data/pgpool2-4.1.4/src/watchdog/watchdog.c:2359:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal) data/pgpool2-4.1.4/src/watchdog/watchdog.c:3271:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(conn->addr, inet_ntoa(addr.sin_addr), sizeof(conn->addr) - 1); data/pgpool2-4.1.4/src/watchdog/watchdog.c:3498:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define nodeIfNull_str(m,v) node&&strlen(node->m)?node->m:v data/pgpool2-4.1.4/src/watchdog/watchdog.c:3596:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). set_message_data(message, json_data, strlen(json_data)); data/pgpool2-4.1.4/src/watchdog/watchdog.c:3609:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). set_message_data(message, json_data, strlen(json_data)); data/pgpool2-4.1.4/src/watchdog/watchdog.c:3626:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). set_message_data(message, json_data, strlen(json_data)); data/pgpool2-4.1.4/src/watchdog/watchdog.c:3758:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). set_message_data(replyPkt, data, strlen(data)); data/pgpool2-4.1.4/src/watchdog/watchdog.c:3954:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). set_message_data(replyPkt, config_data, strlen(config_data)); data/pgpool2-4.1.4/src/watchdog/watchdog.c:6428:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(g_cluster.localNode->delegate_ip) > 0) data/pgpool2-4.1.4/src/watchdog/watchdog.c:7277:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->wd_authkey)) data/pgpool2-4.1.4/src/watchdog/watchdog.c:7297:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->wd_authkey)) data/pgpool2-4.1.4/src/watchdog/watchdog.c:7884:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(wd_debug_commands[cmd].command) == 0 || wd_debug_commands[cmd].code == 0) data/pgpool2-4.1.4/src/watchdog/watchdog.c:7887:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncasecmp(wd_debug_commands[cmd].command,readbuf,strlen(wd_debug_commands[cmd].command)) == 0) data/pgpool2-4.1.4/src/watchdog/wd_commands.c:86:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). watchdog_ipc_address = pool_shared_memory_create(strlen(wd_ipc_sock_addr) + 1); data/pgpool2-4.1.4/src/watchdog/wd_commands.c:374:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data, strlen(data), true); data/pgpool2-4.1.4/src/watchdog/wd_commands.c:532:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data, strlen(data), true); data/pgpool2-4.1.4/src/watchdog/wd_commands.c:598:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). func, strlen(func), true); data/pgpool2-4.1.4/src/watchdog/wd_commands.c:646:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). func, strlen(func), true); data/pgpool2-4.1.4/src/watchdog/wd_commands.c:691:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pool_config->wd_authkey != NULL && strlen(pool_config->wd_authkey) > 0) data/pgpool2-4.1.4/src/watchdog/wd_commands.c:711:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). json_data, strlen(json_data), true); data/pgpool2-4.1.4/src/watchdog/wd_commands.c:786:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). func, strlen(func), true); data/pgpool2-4.1.4/src/watchdog/wd_commands.c:846:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pool_config->wd_authkey != NULL && strlen(pool_config->wd_authkey) > 0) data/pgpool2-4.1.4/src/watchdog/wd_commands.c:855:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). json_str, strlen(json_str), true); data/pgpool2-4.1.4/src/watchdog/wd_escalation.c:111:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->wd_escalation_command)) data/pgpool2-4.1.4/src/watchdog/wd_escalation.c:136:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->delegate_IP) != 0) data/pgpool2-4.1.4/src/watchdog/wd_escalation.c:187:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->wd_de_escalation_command)) data/pgpool2-4.1.4/src/watchdog/wd_escalation.c:213:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->delegate_IP) != 0) data/pgpool2-4.1.4/src/watchdog/wd_heartbeat.c:277:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!host || !strlen(host)) data/pgpool2-4.1.4/src/watchdog/wd_heartbeat.c:334:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(from_addr, inet_ntoa(senderinfo.sin_addr), WD_MAX_HOST_NAMELEN - 1); data/pgpool2-4.1.4/src/watchdog/wd_heartbeat.c:420:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->wd_authkey)) data/pgpool2-4.1.4/src/watchdog/wd_heartbeat.c:555:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->wd_authkey)) data/pgpool2-4.1.4/src/watchdog/wd_if.c:111:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->delegate_IP) == 0) data/pgpool2-4.1.4/src/watchdog/wd_if.c:195:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->delegate_IP) == 0) data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:137:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(config->backend_desc->backend_info[i].backend_hostname, ptr, sizeof(config->backend_desc->backend_info[i].backend_hostname) - 1); data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:158:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(config->wd_remote_nodes.wd_remote_node_info[i].hostname, ptr, sizeof(config->wd_remote_nodes.wd_remote_node_info[i].hostname) - 1); data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:258:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (authKey != NULL && strlen(authKey) > 0) data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:385:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(backendStatus->nodeName, ptr, sizeof(backendStatus->nodeName) - 1); data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:529:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wdNode->nodeName, ptr, sizeof(wdNode->nodeName) - 1); data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:534:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wdNode->hostname, ptr, sizeof(wdNode->hostname) - 1); data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:539:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wdNode->delegate_ip, ptr, sizeof(wdNode->delegate_ip) - 1); data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:555:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wdNode->pgp_version, ptr, sizeof(wdNode->pgp_version) - 1); data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:623:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (authKey != NULL && strlen(authKey) > 0) data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:696:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wdNodeInfo->nodeName, ptr, sizeof(wdNodeInfo->nodeName) - 1); data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:705:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wdNodeInfo->hostName, ptr, sizeof(wdNodeInfo->hostName) - 1); data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:714:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wdNodeInfo->delegate_ip, ptr, sizeof(wdNodeInfo->delegate_ip) - 1); data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:744:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wdNodeInfo->stateName, ptr, sizeof(wdNodeInfo->stateName) - 1); data/pgpool2-4.1.4/src/watchdog/wd_json_data.c:766:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (authKey != NULL && strlen(authKey) > 0) data/pgpool2-4.1.4/src/watchdog/wd_lifecheck.c:537:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = issue_command_to_watchdog(WD_NODE_STATUS_CHANGE_COMMAND, 0, json_data, strlen(json_data), false); data/pgpool2-4.1.4/src/watchdog/wd_lifecheck.c:562:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). load_watchdog_nodes_from_json(json_data, strlen(json_data)); data/pgpool2-4.1.4/src/watchdog/wd_lifecheck.c:703:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->trusted_servers)) data/pgpool2-4.1.4/src/watchdog/wd_lifecheck.c:854:4: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(100); data/pgpool2-4.1.4/src/watchdog/wd_lifecheck.c:925:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->wd_lifecheck_dbname) == 0) data/pgpool2-4.1.4/src/watchdog/wd_lifecheck.c:932:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->wd_lifecheck_user) == 0) data/pgpool2-4.1.4/src/watchdog/wd_lifecheck.c:1066:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->trusted_servers) <= 0) data/pgpool2-4.1.4/src/watchdog/wd_ping.c:185:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((r_size = read(outfd, &buf, sizeof(buf) - 1)) > 0) data/pgpool2-4.1.4/src/watchdog/wd_utils.c:70:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pool_config->delegate_IP) == 0) data/pgpool2-4.1.4/src/watchdog/wd_utils.c:181:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). authkey_len = strlen(pool_config->wd_authkey); data/pgpool2-4.1.4/src/watchdog/wd_utils.c:193:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!pool_md5_encrypt(pass, username, strlen(username), tmp_buf + MD5_PASSWD_LEN + 1)) data/pgpool2-4.1.4/src/watchdog/wd_utils.c:232:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pat_len = strlen(pattern); data/pgpool2-4.1.4/src/watchdog/wd_utils.c:233:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rep_len = strlen(replacement); data/pgpool2-4.1.4/src/watchdog/wd_utils.c:239:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newstr = palloc(strlen(oldstr) - pat_len + rep_len + 1); data/pgpool2-4.1.4/src/watchdog/wd_utils.c:243:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(newstr + (tok - oldstr) + rep_len, tok + pat_len, strlen(oldstr) - pat_len - (tok - oldstr)); data/pgpool2-4.1.4/src/watchdog/wd_utils.c:245:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset(newstr + strlen(oldstr) - pat_len + rep_len, 0, 1); ANALYSIS SUMMARY: Hits = 1769 Lines analyzed = 224902 in approximately 7.31 seconds (30761 lines/second) Physical Source Lines of Code (SLOC) = 177042 Hits@level = [0] 742 [1] 688 [2] 671 [3] 23 [4] 384 [5] 3 Hits@level+ = [0+] 2511 [1+] 1769 [2+] 1081 [3+] 410 [4+] 387 [5+] 3 Hits/KSLOC@level+ = [0+] 14.1831 [1+] 9.99198 [2+] 6.1059 [3+] 2.31583 [4+] 2.18592 [5+] 0.0169451 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.