Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_ascii_protocol.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_binary_protocol.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_consistent_hash.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.h
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_queue.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_queue.h
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_standard_hash.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/php_memcache.h
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_ascii_protocol.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_binary_protocol.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_consistent_hash.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.h
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_queue.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_queue.h
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_standard_hash.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/php_memcache.h
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_ascii_protocol.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_binary_protocol.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_consistent_hash.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.h
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_queue.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_queue.h
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_standard_hash.c
Examining data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/php_memcache.h
FINAL RESULTS:
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache.c:1440:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(message, "VERSION %s", version) == 1) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_ascii_protocol.c:158:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(line, MMC_VALUE_HEADER, req->value.key, &(req->value.flags), &(req->value.length), &(req->value.cas)) < 3) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_consistent_hash.c:149:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
key_len = sprintf(key, "%s:%d-", mmc->host, mmc->tcp.port);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:1006:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
keytmp_len = sprintf(keytmp, "%s-%d", key, (*last_index)++);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache.c:1440:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(message, "VERSION %s", version) == 1) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_ascii_protocol.c:157:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(line, MMC_VALUE_HEADER, req->value.key, &(req->value.flags), &(req->value.length), &(req->value.cas)) < 3) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_consistent_hash.c:149:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
key_len = sprintf(key, "%s:%d-", mmc->host, mmc->tcp.port);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:981:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
keytmp_len = sprintf(keytmp, "%s-%d", key, (*last_index)++);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:1646:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(message, "VERSION %s", version) == 1) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_ascii_protocol.c:157:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(line, MMC_VALUE_HEADER, req->value.key, &(req->value.flags), &(req->value.length), &(req->value.cas)) < 3) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_consistent_hash.c:149:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
key_len = sprintf(key, "%s:%d-", mmc->host, mmc->tcp.port);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:983:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
keytmp_len = sprintf(keytmp, "%s-%d", key, (*last_index)++);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache.c:449:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keytmp[MAX_LENGTH_OF_LONG + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache.c:468:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
key_len = sprintf(keytmp, "%lu", index);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache.c:1197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MMC_MAX_KEY_LEN + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_ascii_protocol.c:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MMC_MAX_KEY_LEN + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_binary_protocol.c:729:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(request->key, "PLAIN", 5 + 1);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_consistent_hash.c:156:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
key_len = sprintf(key, "%d", i);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:118:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, io->buffer.value.c + io->buffer.idx, toread);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:142:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, io->buffer.value.c + io->buffer.idx, *retlen);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *message, buf[1024];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:376:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_tmp[MMC_MAX_KEY_LEN + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:454:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_tmp, key, key_len + 1);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:543:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mmc->host, host, host_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:1001:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keytmp[MMC_MAX_KEY_LEN + MAX_LENGTH_OF_LONG + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:1130:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone->key, request->key, request->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:1135:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone->sendbuf.value.c, request->sendbuf.value.c, request->sendbuf.value.len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:1264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MMC_MAX_KEY_LEN + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:1341:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.h:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MMC_BUFFER_SIZE];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.h:195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MMC_MAX_KEY_LEN + 1]; /* key buffer to use on failover of single-key requests */
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_queue.c:103:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target->items, source->items, sizeof(*source->items) * source->alloc);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:83:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, "file:", sizeof("file:")-1);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:238:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lreq->key, dreq->key, dreq->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:239:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lreq->key + dreq->key_len, ".lock");
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:241:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(areq->key, dreq->key, dreq->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:242:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(areq->key + dreq->key_len, ".lock");
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:391:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lockrequest->key, datarequest->key, datarequest->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:392:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lockrequest->key + datarequest->key_len, ".lock");
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:489:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lockrequest->key, datarequest->key, datarequest->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:490:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lockrequest->key + datarequest->key_len, ".lock");
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache.c:1195:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MMC_MAX_KEY_LEN + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_ascii_protocol.c:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MMC_MAX_KEY_LEN + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_binary_protocol.c:733:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(request->key, "PLAIN", 5 + 1);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_consistent_hash.c:156:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
key_len = sprintf(key, "%d", i);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:119:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, io->buffer.value.c + io->buffer.idx, toread);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:143:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, io->buffer.value.c + io->buffer.idx, *retlen);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *message, buf[1024];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:377:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:453:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_tmp[MMC_MAX_KEY_LEN + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:459:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_tmp, key, key_len + 1);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:549:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mmc->host, host, host_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:976:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keytmp[MMC_MAX_KEY_LEN + MAX_LENGTH_OF_LONG + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:1105:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone->key, request->key, request->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:1110:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone->sendbuf.value.c, request->sendbuf.value.c, request->sendbuf.value.len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:1239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MMC_MAX_KEY_LEN + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:1316:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.h:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MMC_BUFFER_SIZE];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.h:189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MMC_MAX_KEY_LEN + 1]; /* key buffer to use on failover of single-key requests */
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_queue.c:103:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target->items, source->items, sizeof(*source->items) * source->alloc);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c:79:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, "file:", sizeof("file:")-1);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c:233:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lreq->key, dreq->key, dreq->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c:234:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lreq->key + dreq->key_len, ".lock");
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c:236:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(areq->key, dreq->key, dreq->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c:237:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(areq->key + dreq->key_len, ".lock");
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c:386:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lockrequest->key, datarequest->key, datarequest->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c:387:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lockrequest->key + datarequest->key_len, ".lock");
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c:484:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lockrequest->key, datarequest->key, datarequest->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c:485:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lockrequest->key + datarequest->key_len, ".lock");
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dots_ptr[3]={NULL,NULL,NULL};
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:380:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prefix, MEMCACHE_G(session_prefix_static_key), static_key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:383:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prefix + static_key_len, server_name, server_name_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dots_ptr[3]={NULL,NULL,NULL};
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:446:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prefix, MEMCACHE_G(prefix_static_key), static_key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:449:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prefix + static_key_len, server_name, server_name_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:1399:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MMC_MAX_KEY_LEN + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_ascii_protocol.c:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MMC_MAX_KEY_LEN + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_binary_protocol.c:729:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(request->key, "PLAIN", 5 + 1);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_consistent_hash.c:156:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
key_len = sprintf(key, "%d", i);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:121:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, io->buffer.value.c + io->buffer.idx, toread);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:145:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, io->buffer.value.c + io->buffer.idx, *retlen);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *message, buf[1024];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:379:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:459:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_tmp[MMC_MAX_KEY_LEN + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:465:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_tmp, key, key_len + 1);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:555:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mmc->host, host, host_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:978:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keytmp[MMC_MAX_KEY_LEN + MAX_LENGTH_OF_LONG + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:1107:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone->key, request->key, request->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:1112:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clone->sendbuf.value.c, request->sendbuf.value.c, request->sendbuf.value.len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:1241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MMC_MAX_KEY_LEN + 1];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:1318:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.h:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[MMC_BUFFER_SIZE];
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.h:189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MMC_MAX_KEY_LEN + 1]; /* key buffer to use on failover of single-key requests */
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_queue.c:103:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target->items, source->items, sizeof(*source->items) * source->alloc);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c:92:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path2, "file:", sizeof("file:")-1);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c:260:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lreq->key, dreq->key, dreq->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c:261:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lreq->key + dreq->key_len, ".lock");
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c:263:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(areq->key, dreq->key, dreq->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c:264:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(areq->key + dreq->key_len, ".lock");
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c:428:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lockrequest->key, datarequest->key, datarequest->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c:429:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lockrequest->key + datarequest->key_len, ".lock");
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c:527:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lockrequest->key, datarequest->key, datarequest->key_len);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c:528:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lockrequest->key + datarequest->key_len, ".lock");
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache.c:831:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zval *username = zend_read_property(memcache_ce, mmc_object, "username", strlen("username"), 1 TSRMLS_CC);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache.c:832:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zval *password = zend_read_property(memcache_ce, mmc_object, "password", strlen("password"), 1 TSRMLS_CC);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache.c:2044:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_update_property_stringl(memcache_pool_ce, mmc_object, "username", strlen("username"), user, user_length TSRMLS_CC);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache.c:2045:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_update_property_stringl(memcache_pool_ce, mmc_object, "password", strlen("password"), password, password_length TSRMLS_CC);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_ascii_protocol.c:181:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
request->io->read(request->io, request->readbuf.value.c + request->readbuf.idx, req->value.length + 2 - request->readbuf.idx TSRMLS_CC);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_ascii_protocol.c:192:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mmc, request, &(request->readbuf), req->value.key, strlen(req->value.key),
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_binary_protocol.c:219:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
io->input.idx += io->read(io, io->input.value + io->input.idx, bytes - io->input.idx TSRMLS_CC);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_binary_protocol.c:293:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
request->io->read(request->io, request->readbuf.value.c + request->readbuf.idx, req->value.length - request->readbuf.idx TSRMLS_CC);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_binary_protocol.c:376:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
request->io->read(request->io, request->readbuf.value.c + request->readbuf.idx, req->value.length - request->readbuf.idx TSRMLS_CC);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_binary_protocol.c:751:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(header->base).length = htonl(strlen(user) + strlen(password) + key_len + 2);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_binary_protocol.c:751:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(header->base).length = htonl(strlen(user) + strlen(password) + key_len + 2);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_binary_protocol.c:756:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
smart_str_appendl(&(request->sendbuf.value), user, strlen(user));
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_binary_protocol.c:758:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
smart_str_appendl(&(request->sendbuf.value), password, strlen(password));
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_consistent_hash.c:148:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *key = emalloc(strlen(mmc->host) + MAX_LENGTH_OF_LONG * 2 + 3);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:739:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncasecmp("unix://", mmc->host, sizeof("unix://")-1) == 0 && strlen(mmc->host) > sizeof("unix://")-1) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:740:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
io->stream = php_stream_sock_open_unix(mmc->host + sizeof("unix://")-1, strlen(mmc->host + sizeof("unix://")-1), hash_key, &tv);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:743:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
io->stream = php_stream_sock_open_unix(mmc->host, strlen(mmc->host), hash_key, &tv);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:1555:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (mmc->readreq->read != NULL) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.c:1556:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = mmc->readreq->read(mmc, mmc->readreq TSRMLS_CC);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.h:164:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mmc_stream_read read; /* handles reading from stream */
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_pool.h:200:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mmc_request_reader read; /* handles reading (and validating datagrams) */
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:39:12: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
PHPAPI int usleep(unsigned int useconds);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:63:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0,j=0,path_len=strlen(save_path); i<path_len; i=j+1) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:90:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url = php_url_parse_ex(path, strlen(path));
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:167:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mmc = mmc_find_persistent(url->host, strlen(url->host), url->port, udp_port, timeout, retry_interval TSRMLS_CC);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:170:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mmc = mmc_server_new(url->host, strlen(url->host), url->port, udp_port, 0, timeout, retry_interval TSRMLS_CC);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:339:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(timeout);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:381:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mmc_prepare_key_ex(key, strlen(key), datarequest->key, &(datarequest->key_len)) != MMC_OK) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php5/memcache_session.c:479:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mmc_prepare_key_ex(key, strlen(key), datarequest->key, &(datarequest->key_len)) != MMC_OK) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache.c:827:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zval *username = zend_read_property(memcache_ce, mmc_object, "username", strlen("username"), 1, &rv1);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache.c:828:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zval *password = zend_read_property(memcache_ce, mmc_object, "password", strlen("password"), 1, &rv2);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache.c:2038:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_update_property_stringl(memcache_pool_ce, mmc_object, "username", strlen("username"), user, user_length);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache.c:2039:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_update_property_stringl(memcache_pool_ce, mmc_object, "password", strlen("password"), password, password_length);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_ascii_protocol.c:180:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
request->io->read(request->io, request->readbuf.value.c + request->readbuf.idx, req->value.length + 2 - request->readbuf.idx);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_ascii_protocol.c:191:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mmc, request, &(request->readbuf), req->value.key, strlen(req->value.key),
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_binary_protocol.c:226:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
io->input.idx += io->read(io, io->input.value + io->input.idx, bytes - io->input.idx);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_binary_protocol.c:300:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
request->io->read(request->io, request->readbuf.value.c + request->readbuf.idx, req->value.length - request->readbuf.idx);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_binary_protocol.c:381:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
request->io->read(request->io, request->readbuf.value.c + request->readbuf.idx, req->value.length - request->readbuf.idx);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_binary_protocol.c:755:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(header->base).length = htonl(strlen(user) + strlen(password) + key_len + 2);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_binary_protocol.c:755:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(header->base).length = htonl(strlen(user) + strlen(password) + key_len + 2);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_binary_protocol.c:760:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
smart_string_appendl(&(request->sendbuf.value), user, strlen(user));
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_binary_protocol.c:762:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
smart_string_appendl(&(request->sendbuf.value), password, strlen(password));
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_consistent_hash.c:148:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *key = emalloc(strlen(mmc->host) + MAX_LENGTH_OF_LONG * 2 + 3);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:1530:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (mmc->readreq->read != NULL) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.c:1531:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = mmc->readreq->read(mmc, mmc->readreq);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.h:158:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mmc_stream_read read; /* handles reading from stream */
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_pool.h:194:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mmc_request_reader read; /* handles reading (and validating datagrams) */
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c:59:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0,j=0,path_len=strlen(save_path); i<path_len; i=j+1) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c:86:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url = php_url_parse_ex(path, strlen(path));
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c:162:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mmc = mmc_find_persistent(url->host, strlen(url->host), url->port, udp_port, timeout, retry_interval);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c:165:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mmc = mmc_server_new(url->host, strlen(url->host), url->port, udp_port, 0, timeout, retry_interval);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-3.0.9/php7/memcache_session.c:334:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(timeout);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:331:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static_key_len=strlen(MEMCACHE_G(session_prefix_static_key));
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:352:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=strlen(server_name) ; i>0 ; i--) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:369:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
server_name_len=(strlen(server_name));
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:399:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static_key_len=strlen(MEMCACHE_G(prefix_static_key));
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:419:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=strlen(server_name) ; i>0 ; i--) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:435:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
server_name_len=(strlen(server_name));
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:1021:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zval *username = zend_read_property(memcache_ce, mmc_object, "username", strlen("username"), 1, &rv1);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:1022:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zval *password = zend_read_property(memcache_ce, mmc_object, "password", strlen("password"), 1, &rv2);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:2244:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_update_property_stringl(memcache_pool_ce, mmc_object, "username", strlen("username"), user, user_length);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache.c:2245:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_update_property_stringl(memcache_pool_ce, mmc_object, "password", strlen("password"), password, password_length);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_ascii_protocol.c:180:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
request->io->read(request->io, request->readbuf.value.c + request->readbuf.idx, req->value.length + 2 - request->readbuf.idx);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_ascii_protocol.c:191:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mmc, request, &(request->readbuf), req->value.key, strlen(req->value.key),
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_binary_protocol.c:226:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
io->input.idx += io->read(io, io->input.value + io->input.idx, bytes - io->input.idx);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_binary_protocol.c:299:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
request->io->read(request->io, request->readbuf.value.c + request->readbuf.idx, req->value.length - request->readbuf.idx);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_binary_protocol.c:380:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
request->io->read(request->io, request->readbuf.value.c + request->readbuf.idx, req->value.length - request->readbuf.idx);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_binary_protocol.c:750:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(header->base).length = htonl(strlen(user) + strlen(password) + key_len + 2);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_binary_protocol.c:750:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(header->base).length = htonl(strlen(user) + strlen(password) + key_len + 2);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_binary_protocol.c:755:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
smart_string_appendl(&(request->sendbuf.value), user, strlen(user));
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_binary_protocol.c:757:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
smart_string_appendl(&(request->sendbuf.value), password, strlen(password));
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_consistent_hash.c:148:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *key = emalloc(strlen(mmc->host) + MAX_LENGTH_OF_LONG * 2 + 3);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:1532:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (mmc->readreq->read != NULL) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:1533:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = mmc->readreq->read(mmc, mmc->readreq);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.c:1664:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = strlen(prefix);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.h:158:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mmc_stream_read read; /* handles reading from stream */
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_pool.h:194:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mmc_request_reader read; /* handles reading (and validating datagrams) */
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c:72:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i=0,j=0,path_len=strlen(path); i<path_len; i=j+1) {
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c:99:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
url = php_url_parse_ex(path2, strlen(path2));
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c:180:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mmc = mmc_find_persistent(url->host, strlen(url->host), url->port, udp_port, timeout, retry_interval);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c:183:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mmc = mmc_server_new(url->host, strlen(url->host), url->port, udp_port, 0, timeout, retry_interval);
data/php-memcache-4.0.5.2+3.0.9~20170802.e702b5f9/memcache-4.0.5.2/php7/memcache_session.c:371:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(timeout);
ANALYSIS SUMMARY:
Hits = 186
Lines analyzed = 19937 in approximately 0.50 seconds (39919 lines/second)
Physical Source Lines of Code (SLOC) = 13833
Hits@level = [0] 18 [1] 82 [2] 92 [3] 0 [4] 12 [5] 0
Hits@level+ = [0+] 204 [1+] 186 [2+] 104 [3+] 12 [4+] 12 [5+] 0
Hits/KSLOC@level+ = [0+] 14.7473 [1+] 13.4461 [2+] 7.51825 [3+] 0.867491 [4+] 0.867491 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.