Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/plpgsql-check-1.15.1/src/assign.c Examining data/plpgsql-check-1.15.1/src/catalog.c Examining data/plpgsql-check-1.15.1/src/check_expr.c Examining data/plpgsql-check-1.15.1/src/check_function.c Examining data/plpgsql-check-1.15.1/src/expr_walk.c Examining data/plpgsql-check-1.15.1/src/format.c Examining data/plpgsql-check-1.15.1/src/parse_name.c Examining data/plpgsql-check-1.15.1/src/plpgsql_check.c Examining data/plpgsql-check-1.15.1/src/plpgsql_check.h Examining data/plpgsql-check-1.15.1/src/plpgsql_check_builtins.h Examining data/plpgsql-check-1.15.1/src/pragma.c Examining data/plpgsql-check-1.15.1/src/profiler.c Examining data/plpgsql-check-1.15.1/src/report.c Examining data/plpgsql-check-1.15.1/src/stmtwalk.c Examining data/plpgsql-check-1.15.1/src/tablefunc.c Examining data/plpgsql-check-1.15.1/src/tracer.c Examining data/plpgsql-check-1.15.1/src/typdesc.c FINAL RESULTS: data/plpgsql-check-1.15.1/src/check_function.c:393:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&saved_records[i], rec, sizeof(PLpgSQL_rec)); data/plpgsql-check-1.15.1/src/check_function.c:491:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rec, &saved_records[i], sizeof(PLpgSQL_rec)); data/plpgsql-check-1.15.1/src/check_function.c:1444:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, datum, sizeof(PLpgSQL_var)); data/plpgsql-check-1.15.1/src/check_function.c:1458:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, datum, sizeof(PLpgSQL_rec)); data/plpgsql-check-1.15.1/src/expr_walk.c:200:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1024]; data/plpgsql-check-1.15.1/src/profiler.c:702:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[100]; data/plpgsql-check-1.15.1/src/profiler.c:707:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "exception %d", ++n); data/plpgsql-check-1.15.1/src/profiler.c:770:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[100]; data/plpgsql-check-1.15.1/src/profiler.c:772:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "elsif %d", ++n); data/plpgsql-check-1.15.1/src/profiler.c:842:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[100]; data/plpgsql-check-1.15.1/src/profiler.c:845:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "case when %d", ++n); data/plpgsql-check-1.15.1/src/tracer.c:470:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/plpgsql-check-1.15.1/src/tracer.c:518:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%d", frame_num); data/plpgsql-check-1.15.1/src/tracer.c:546:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/plpgsql-check-1.15.1/src/tracer.c:579:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%d", frame_num); data/plpgsql-check-1.15.1/src/tracer.c:1208:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, mbl); data/plpgsql-check-1.15.1/src/tracer.c:1216:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, " ...", 3); data/plpgsql-check-1.15.1/src/tracer.c:1250:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char printbuf[20]; data/plpgsql-check-1.15.1/src/tracer.c:1251:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exprbuf[200]; data/plpgsql-check-1.15.1/src/tracer.c:1400:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char printbuf[20]; data/plpgsql-check-1.15.1/src/tracer.c:1450:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exprbuf[200]; data/plpgsql-check-1.15.1/src/expr_walk.c:510:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *end_ptr = fmt + strlen(fmt); data/plpgsql-check-1.15.1/src/parse_name.c:98:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(endp, endp + 1, strlen(endp)); data/plpgsql-check-1.15.1/src/parse_name.c:111:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). truncate_identifier(curname, strlen(curname), true); data/plpgsql-check-1.15.1/src/tracer.c:423:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l = strlen(str); data/plpgsql-check-1.15.1/src/tracer.c:621:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((int) strlen(str)) > plpgsql_check_tracer_variable_max_length || data/plpgsql-check-1.15.1/src/tracer.c:747:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((int) strlen(str)) > plpgsql_check_tracer_variable_max_length || data/plpgsql-check-1.15.1/src/tracer.c:868:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((int) strlen(str)) > plpgsql_check_tracer_variable_max_length || data/plpgsql-check-1.15.1/src/tracer.c:957:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((int) strlen(str)) > plpgsql_check_tracer_variable_max_length || ANALYSIS SUMMARY: Hits = 29 Lines analyzed = 15174 in approximately 0.28 seconds (54449 lines/second) Physical Source Lines of Code (SLOC) = 10776 Hits@level = [0] 5 [1] 8 [2] 21 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 34 [1+] 29 [2+] 21 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.15516 [1+] 2.69117 [2+] 1.94878 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.