Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/compressor/fastlz/fastlz.c
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/compressor/fastlz/fastlz.h
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/php_yac.h
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/serializer/msgpack.c
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/serializer/php.c
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/serializer/yac_serializer.h
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/createfilemapping.c
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/mmap.c
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/posix.c
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/shm.c
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/win32.c
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/yac_allocator.c
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/yac_allocator.h
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.h
Examining data/php-yac-2.2.1+0.9.2/yac-0.9.2/yac.c
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/compressor/fastlz/fastlz.c
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/compressor/fastlz/fastlz.h
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/php_yac.h
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/serializer/igbinary.c
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/serializer/json.c
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/serializer/msgpack.c
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/serializer/php.c
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/serializer/yac_serializer.h
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/allocator/allocators/createfilemapping.c
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/allocator/allocators/mmap.c
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/allocator/allocators/shm.c
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/allocator/yac_allocator.c
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/allocator/yac_allocator.h
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_atomic.h
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.h
Examining data/php-yac-2.2.1+0.9.2/yac-2.2.1/yac.c
FINAL RESULTS:
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/createfilemapping.c:46:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newname[MAXPATHLEN + UNLEN + 4];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/createfilemapping.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uname[UNLEN + 1];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/createfilemapping.c:56:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char windir[MAXPATHLEN+UNLEN + 3 + sizeof("\\\\@")];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/createfilemapping.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uname[UNLEN + 1];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/createfilemapping.c:72:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(mmap_base_file, "r");
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/createfilemapping.c:239:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(mmap_base_file, "w");
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/posix.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shared_segment_name[sizeof("/ZendAccelerator.") + 20];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/posix.c:53:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(shared_segment_name, "/ZendAccelerator.%d", getpid());
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/win32.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ev_msgs[2];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/win32.c:76:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newname[MAXPATHLEN + UNLEN + 4];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/win32.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uname[UNLEN + 1];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/win32.c:87:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char windir[MAXPATHLEN+UNLEN + 3 + sizeof("\\\\@")];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/win32.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uname[UNLEN + 1];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/win32.c:128:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(mmap_base_file, "r");
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/win32.c:296:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(mmap_base_file, "w");
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/yac_allocator.c:59:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&YAC_SG(first_seg), (char *)(&segments[0]), segment_size);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/yac_allocator.c:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, (char *)segments + segment_size, segments_array_size);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crc_contents[YAC_FULL_CRC_THRESHOLD];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:284:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(crc_contents, data, head);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:288:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, p, tail);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:310:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, (char *)k.val->data, YAC_KEY_VLEN(k));
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:350:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, (char *)k.val->data, YAC_KEY_VLEN(k));
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:422:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data, data, size);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:430:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)k.val, (char *)s, sizeof(yac_kv_val) + size - 1);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:433:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k.key, key, len);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:447:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data, data, size);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:452:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)val, (char *)s, msize);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:462:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k.key, key, len);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:514:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data, data, size);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:519:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)val, (char *)s, sizeof(yac_kv_val) + size - 1);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:528:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k.key, key, len);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.c:595:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->key, k.key, YAC_STORAGE_MAX_KEY_LEN);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.h:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.h:51:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[YAC_STORAGE_MAX_KEY_LEN];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/yac_storage.h:63:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[YAC_STORAGE_MAX_KEY_LEN];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/yac.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *msg, buf[YAC_STORAGE_MAX_KEY_LEN];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/yac.c:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *data, *msg, buf[YAC_STORAGE_MAX_KEY_LEN];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/yac.c:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[YAC_STORAGE_MAX_KEY_LEN];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/yac.c:947:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/allocator/allocators/createfilemapping.c:45:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char newname[MAXPATHLEN + UNLEN + 4];
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/allocator/allocators/createfilemapping.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uname[UNLEN + 1];
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/allocator/allocators/createfilemapping.c:56:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char windir[MAXPATHLEN+UNLEN + 3 + sizeof("\\\\@")];
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/allocator/allocators/createfilemapping.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uname[UNLEN + 1];
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/allocator/allocators/createfilemapping.c:72:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(mmap_base_file, "r");
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/allocator/allocators/createfilemapping.c:240:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(mmap_base_file, "w");
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/allocator/yac_allocator.c:56:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&YAC_SG(first_seg), (char *)(&segments[0]), segment_size);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/allocator/yac_allocator.c:63:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, (char *)segments + segment_size, segments_array_size);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crc_contents[YAC_FULL_CRC_THRESHOLD];
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:333:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(crc_contents, data, head);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:337:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, p, tail);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:364:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, (char *)k.val->data, YAC_KEY_VLEN(k));
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:409:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, (char *)k.val->data, YAC_KEY_VLEN(k));
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:495:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data, data, size);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:503:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)k.val, (char *)s, sizeof(yac_kv_val) + size - 1);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:506:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k.key, key, len);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:525:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data, data, size);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:530:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)val, (char *)s, msize);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:540:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k.key, key, len);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:605:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->data, data, size);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:610:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)val, (char *)s, sizeof(yac_kv_val) + size - 1);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:619:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(k.key, key, len);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.c:691:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item->key, k.key, YAC_STORAGE_MAX_KEY_LEN);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.h:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1];
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.h:52:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[YAC_STORAGE_MAX_KEY_LEN];
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/yac_storage.h:64:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[YAC_STORAGE_MAX_KEY_LEN];
data/php-yac-2.2.1+0.9.2/yac-2.2.1/yac.c:48:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char prefix[YAC_STORAGE_MAX_KEY_LEN];
data/php-yac-2.2.1+0.9.2/yac-2.2.1/yac.c:140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(yac->prefix + yac->prefix_len, ZSTR_VAL(name), ZSTR_LEN(name));
data/php-yac-2.2.1+0.9.2/yac-2.2.1/yac.c:556:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(yac->prefix, ZSTR_VAL(prefix), ZSTR_LEN(prefix));
data/php-yac-2.2.1+0.9.2/yac-2.2.1/yac.c:942:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&yac_obj_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-yac-2.2.1+0.9.2/yac-2.2.1/yac.c:997:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/createfilemapping.c:63:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(windir);
data/php-yac-2.2.1+0.9.2/yac-0.9.2/storage/allocator/allocators/win32.c:94:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(windir);
data/php-yac-2.2.1+0.9.2/yac-2.2.1/storage/allocator/allocators/createfilemapping.c:63:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(windir);
ANALYSIS SUMMARY:
Hits = 73
Lines analyzed = 7970 in approximately 0.23 seconds (35326 lines/second)
Physical Source Lines of Code (SLOC) = 5493
Hits@level = [0] 32 [1] 3 [2] 70 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 105 [1+] 73 [2+] 70 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 19.1152 [1+] 13.2896 [2+] 12.7435 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.