Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c
Examining data/pmemkv-1.2/examples/pmemkv_basic_cpp/pmemkv_basic.cpp
Examining data/pmemkv-1.2/examples/pmemkv_comparator_c/pmemkv_comparator.c
Examining data/pmemkv-1.2/examples/pmemkv_comparator_cpp/pmemkv_comparator.cpp
Examining data/pmemkv-1.2/examples/pmemkv_config_c/pmemkv_config.c
Examining data/pmemkv-1.2/examples/pmemkv_open_cpp/pmemkv_open.cpp
Examining data/pmemkv-1.2/examples/pmemkv_pmemobj_cpp/pmemkv_pmemobj.cpp
Examining data/pmemkv-1.2/src/comparator/comparator.h
Examining data/pmemkv-1.2/src/comparator/pmemobj_comparator.h
Examining data/pmemkv-1.2/src/comparator/volatile_comparator.h
Examining data/pmemkv-1.2/src/config.h
Examining data/pmemkv-1.2/src/engine.cc
Examining data/pmemkv-1.2/src/engine.h
Examining data/pmemkv-1.2/src/engines-experimental/caching.cc
Examining data/pmemkv-1.2/src/engines-experimental/caching.h
Examining data/pmemkv-1.2/src/engines-experimental/csmap.cc
Examining data/pmemkv-1.2/src/engines-experimental/csmap.h
Examining data/pmemkv-1.2/src/engines-experimental/stree.cc
Examining data/pmemkv-1.2/src/engines-experimental/stree.h
Examining data/pmemkv-1.2/src/engines-experimental/stree/persistent_b_tree.h
Examining data/pmemkv-1.2/src/engines-experimental/stree/pstring.h
Examining data/pmemkv-1.2/src/engines-experimental/tree3.cc
Examining data/pmemkv-1.2/src/engines-experimental/tree3.h
Examining data/pmemkv-1.2/src/engines/blackhole.cc
Examining data/pmemkv-1.2/src/engines/blackhole.h
Examining data/pmemkv-1.2/src/engines/cmap.cc
Examining data/pmemkv-1.2/src/engines/cmap.h
Examining data/pmemkv-1.2/src/engines/vcmap.cc
Examining data/pmemkv-1.2/src/engines/vcmap.h
Examining data/pmemkv-1.2/src/engines/vsmap.cc
Examining data/pmemkv-1.2/src/engines/vsmap.h
Examining data/pmemkv-1.2/src/exceptions.h
Examining data/pmemkv-1.2/src/libpmemkv.cc
Examining data/pmemkv-1.2/src/libpmemkv.h
Examining data/pmemkv-1.2/src/libpmemkv.hpp
Examining data/pmemkv-1.2/src/libpmemkv_json_config.cc
Examining data/pmemkv-1.2/src/libpmemkv_json_config.h
Examining data/pmemkv-1.2/src/out.cc
Examining data/pmemkv-1.2/src/out.h
Examining data/pmemkv-1.2/src/pmemobj_engine.h
Examining data/pmemkv-1.2/src/polymorphic_string.h
Examining data/pmemkv-1.2/src/valgrind/drd.h
Examining data/pmemkv-1.2/src/valgrind/helgrind.h
Examining data/pmemkv-1.2/src/valgrind/memcheck.h
Examining data/pmemkv-1.2/src/valgrind/pmemcheck.h
Examining data/pmemkv-1.2/src/valgrind/valgrind.h
Examining data/pmemkv-1.2/tests/c_api/null_db_config.c
Examining data/pmemkv-1.2/tests/common/check_is_pmem.cpp
Examining data/pmemkv-1.2/tests/common/test_backtrace.c
Examining data/pmemkv-1.2/tests/common/test_backtrace.h
Examining data/pmemkv-1.2/tests/common/unittest.h
Examining data/pmemkv-1.2/tests/common/unittest.hpp
Examining data/pmemkv-1.2/tests/comparator/basic.c
Examining data/pmemkv-1.2/tests/comparator/basic_persistent.c
Examining data/pmemkv-1.2/tests/comparator/custom_reopen.c
Examining data/pmemkv-1.2/tests/comparator/custom_reopen.cc
Examining data/pmemkv-1.2/tests/comparator/default_reopen.c
Examining data/pmemkv-1.2/tests/comparator/default_reopen.cc
Examining data/pmemkv-1.2/tests/compatibility/cmap.cc
Examining data/pmemkv-1.2/tests/config/config_c.c
Examining data/pmemkv-1.2/tests/config/config_cpp.cc
Examining data/pmemkv-1.2/tests/config/json_to_config.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/all/error_handling_oom.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/all/iterate.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/all/put_get_remove.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/all/put_get_remove_charset_params.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/all/put_get_remove_long_key.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/all/put_get_remove_params.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/all/put_get_std_map.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/all/put_get_std_map.hpp
Examining data/pmemkv-1.2/tests/engine_scenarios/concurrent/iterate_params.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/concurrent/put_get_remove_gen_params.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/concurrent/put_get_remove_params.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/concurrent/put_get_remove_single_op_params.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/memkind/error_handling.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/persistent/not_found_verify.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/persistent/overwrite_verify.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/persistent/put_get_std_map_multiple_reopen.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/persistent/put_remove_verify.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/persistent/put_verify.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/persistent/put_verify_asc_params.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/persistent/put_verify_desc_params.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_create.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_defrag.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_tx.hpp
Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_tx_oid.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_tx_oom.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_tx_path.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/mock_tx_alloc.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/mock_tx_alloc.h
Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/put_get_std_map_defrag.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/pmemobj/put_get_std_map_oid.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/get_above_gen_params.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/get_all_gen_params.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/get_below_gen_params.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/get_between_gen_params.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/get_equal_above_gen_params.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/get_equal_below_gen_params.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/iterate.cc
Examining data/pmemkv-1.2/tests/engine_scenarios/sorted/iterate.hpp
Examining data/pmemkv-1.2/tests/engines-experimental/caching_test.cc
Examining data/pmemkv-1.2/tests/engines/blackhole/blackhole_test.cc
Examining data/pmemkv-1.2/tests/wrong_engine_name_test.cc
FINAL RESULTS:
data/pmemkv-1.2/tests/common/unittest.h:25:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, format, args_list);
data/pmemkv-1.2/tests/common/unittest.h:35:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, args_list);
data/pmemkv-1.2/tests/engine_scenarios/all/put_get_remove_charset_params.cc:229:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(seed);
data/pmemkv-1.2/tests/engine_scenarios/concurrent/put_get_remove_gen_params.cc:121:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(seed);
data/pmemkv-1.2/tests/engine_scenarios/sorted/get_above_gen_params.cc:373:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(seed);
data/pmemkv-1.2/tests/engine_scenarios/sorted/get_all_gen_params.cc:247:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(seed);
data/pmemkv-1.2/tests/engine_scenarios/sorted/get_below_gen_params.cc:345:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(seed);
data/pmemkv-1.2/tests/engine_scenarios/sorted/get_between_gen_params.cc:423:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(seed);
data/pmemkv-1.2/tests/engine_scenarios/sorted/get_equal_above_gen_params.cc:337:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(seed);
data/pmemkv-1.2/tests/engine_scenarios/sorted/get_equal_below_gen_params.cc:349:7: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(seed);
data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[MAX_VAL_LEN];
data/pmemkv-1.2/examples/pmemkv_basic_cpp/pmemkv_basic.cpp:40:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv->open("cmap", std::move(cfg));
data/pmemkv-1.2/examples/pmemkv_comparator_cpp/pmemkv_comparator.cpp:64:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv->open("csmap", std::move(cfg));
data/pmemkv-1.2/examples/pmemkv_config_c/pmemkv_config.c:42:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
assert(((const char *)data)[0] == 'A');
data/pmemkv-1.2/examples/pmemkv_open_cpp/pmemkv_open.cpp:45:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv->open("cmap", std::move(cfg));
data/pmemkv-1.2/examples/pmemkv_pmemobj_cpp/pmemkv_pmemobj.cpp:66:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
status s = kv_1->open("cmap", std::move(cfg_1));
data/pmemkv-1.2/examples/pmemkv_pmemobj_cpp/pmemkv_pmemobj.cpp:74:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv_2->open("cmap", std::move(cfg_2));
data/pmemkv-1.2/src/engines-experimental/caching.cc:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[64] = {0};
data/pmemkv-1.2/src/engines-experimental/caching.cc:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttlTimeStr[80];
data/pmemkv-1.2/src/engines-experimental/stree/persistent_b_tree.h:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding[64];
data/pmemkv-1.2/src/engines-experimental/stree/persistent_b_tree.h:504:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding1[64];
data/pmemkv-1.2/src/engines-experimental/stree/pstring.h:94:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, src, size);
data/pmemkv-1.2/src/engines-experimental/stree/pstring.h:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[BUFFER_SIZE];
data/pmemkv-1.2/src/engines-experimental/tree3.cc:569:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kvptr, key.data(), ksize); // copy key into buffer
data/pmemkv-1.2/src/engines-experimental/tree3.cc:571:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kvptr, value.data(), vsize); // copy value into buffer
data/pmemkv-1.2/src/libpmemkv.cc:472:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->buffer, v, vb);
data/pmemkv-1.2/src/libpmemkv.hpp:220:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
status open(const std::string &engine_name) noexcept;
data/pmemkv-1.2/src/libpmemkv.hpp:221:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
status open(const std::string &engine_name, config &&cfg) noexcept;
data/pmemkv-1.2/src/libpmemkv.hpp:918:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline status db::open(const std::string &engine_name) noexcept
data/pmemkv-1.2/src/libpmemkv.hpp:932:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline status db::open(const std::string &engine_name, config &&cfg) noexcept
data/pmemkv-1.2/src/pmemobj_engine.h:63:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pop = pmem::obj::pool<Root>::open(path, LAYOUT);
data/pmemkv-1.2/tests/c_api/null_db_config.c:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[10];
data/pmemkv-1.2/tests/common/test_backtrace.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char procname[PROCNAMELEN];
data/pmemkv-1.2/tests/common/unittest.hpp:160:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto s = kv.open(engine, std::move(config));
data/pmemkv-1.2/tests/comparator/basic.c:21:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *keys[3];
data/pmemkv-1.2/tests/comparator/basic.c:28:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key_copy, key, kb);
data/pmemkv-1.2/tests/comparator/custom_reopen.cc:45:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open(name, std::move(cfg));
data/pmemkv-1.2/tests/comparator/custom_reopen.cc:66:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open(name, std::move(cfg));
data/pmemkv-1.2/tests/comparator/custom_reopen.cc:88:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open(name, std::move(cfg));
data/pmemkv-1.2/tests/comparator/default_reopen.cc:29:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto s = kv.open(name, std::move(cfg));
data/pmemkv-1.2/tests/comparator/default_reopen.cc:47:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto s = kv.open(name, std::move(cfg));
data/pmemkv-1.2/tests/comparator/default_reopen.cc:68:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open(name, std::move(cfg));
data/pmemkv-1.2/tests/compatibility/cmap.cc:25:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv->open("cmap", std::move(cfg));
data/pmemkv-1.2/tests/compatibility/cmap.cc:39:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv->open("cmap", std::move(cfg));
data/pmemkv-1.2/tests/engine_scenarios/memkind/error_handling.cc:16:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open(engine, std::move(cfg));
data/pmemkv-1.2/tests/engine_scenarios/memkind/error_handling.cc:30:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open(engine, std::move(cfg));
data/pmemkv-1.2/tests/engine_scenarios/memkind/error_handling.cc:42:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open(engine, std::move(cfg));
data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_create.cc:20:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open(engine, std::move(config));
data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_create.cc:38:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open(engine, std::move(config));
data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_create.cc:56:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open(engine, std::move(config));
data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_create.cc:72:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open(engine, std::move(config));
data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_create.cc:93:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open(engine, std::move(config));
data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_create.cc:108:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open(engine, std::move(config));
data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_tx_oid.cc:24:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pmemobj_pool = pmem::obj::pool<Root>::open(pmemobj_pool_path, "pmemkv");
data/pmemkv-1.2/tests/engine_scenarios/pmemobj/error_handling_tx_path.cc:17:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pmemobj_pool = pmem::obj::pool_base::open(pmemobj_pool_path, "pmemkv");
data/pmemkv-1.2/tests/engine_scenarios/pmemobj/put_get_std_map_oid.cc:29:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pmemobj_pool = pmem::obj::pool<Root>::open(pmemobj_pool_path, "pmemkv");
data/pmemkv-1.2/tests/engines-experimental/caching_test.cc:40:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (kv->open(engine, config(cfg)) != status::OK)
data/pmemkv-1.2/tests/engines/blackhole/blackhole_test.cc:11:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto s = kv.open("blackhole");
data/pmemkv-1.2/tests/engines/blackhole/blackhole_test.cc:37:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto s = kv.open("blackhole");
data/pmemkv-1.2/tests/wrong_engine_name_test.cc:18:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return db.open(name) == pmem::kv::status::WRONG_ENGINE_NAME;
data/pmemkv-1.2/tests/wrong_engine_name_test.cc:27:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto s = kv.open("non-existing name");
data/pmemkv-1.2/tests/wrong_engine_name_test.cc:33:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open("non-existing name");
data/pmemkv-1.2/tests/wrong_engine_name_test.cc:35:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
s = kv.open("non-existing name");
data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:55:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_put(db, key1, strlen(key1), value1, strlen(value1));
data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:55:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_put(db, key1, strlen(key1), value1, strlen(value1));
data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:65:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_get_copy(db, key1, strlen(key1), val, MAX_VAL_LEN, NULL);
data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:74:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmemkv_put(db, key2, strlen(key2), value2, strlen(value2));
data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:74:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmemkv_put(db, key2, strlen(key2), value2, strlen(value2));
data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:75:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmemkv_put(db, key3, strlen(key3), value3, strlen(value3));
data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:75:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pmemkv_put(db, key3, strlen(key3), value3, strlen(value3));
data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:79:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_remove(db, key1, strlen(key1));
data/pmemkv-1.2/examples/pmemkv_basic_c/pmemkv_basic.c:81:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(pmemkv_exists(db, key1, strlen(key1)) == PMEMKV_STATUS_NOT_FOUND);
data/pmemkv-1.2/examples/pmemkv_comparator_c/pmemkv_comparator.c:84:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_put(db, key1, strlen(key1), value1, strlen(value1));
data/pmemkv-1.2/examples/pmemkv_comparator_c/pmemkv_comparator.c:84:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_put(db, key1, strlen(key1), value1, strlen(value1));
data/pmemkv-1.2/examples/pmemkv_comparator_c/pmemkv_comparator.c:86:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_put(db, key2, strlen(key2), value2, strlen(value2));
data/pmemkv-1.2/examples/pmemkv_comparator_c/pmemkv_comparator.c:86:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_put(db, key2, strlen(key2), value2, strlen(value2));
data/pmemkv-1.2/examples/pmemkv_comparator_c/pmemkv_comparator.c:88:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_put(db, key3, strlen(key3), value3, strlen(value3));
data/pmemkv-1.2/examples/pmemkv_comparator_c/pmemkv_comparator.c:88:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_put(db, key3, strlen(key3), value3, strlen(value3));
data/pmemkv-1.2/src/engines-experimental/stree/persistent_b_tree.h:1234:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
std::equal(inner->begin(), middle,
data/pmemkv-1.2/src/engines-experimental/stree/persistent_b_tree.h:1239:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
std::equal(middle + 1, inner->end(),
data/pmemkv-1.2/tests/c_api/null_db_config.c:28:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_count_above(NULL, key1, strlen(key1), &cnt);
data/pmemkv-1.2/tests/c_api/null_db_config.c:31:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_count_below(NULL, key1, strlen(key1), &cnt);
data/pmemkv-1.2/tests/c_api/null_db_config.c:34:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_count_between(NULL, key1, strlen(key1), key2, strlen(key2), &cnt);
data/pmemkv-1.2/tests/c_api/null_db_config.c:34:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_count_between(NULL, key1, strlen(key1), key2, strlen(key2), &cnt);
data/pmemkv-1.2/tests/c_api/null_db_config.c:40:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_get_above(NULL, key1, strlen(key1), NULL, NULL);
data/pmemkv-1.2/tests/c_api/null_db_config.c:43:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_get_below(NULL, key1, strlen(key1), NULL, NULL);
data/pmemkv-1.2/tests/c_api/null_db_config.c:46:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_get_between(NULL, key1, strlen(key1), key2, strlen(key2), NULL, NULL);
data/pmemkv-1.2/tests/c_api/null_db_config.c:46:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_get_between(NULL, key1, strlen(key1), key2, strlen(key2), NULL, NULL);
data/pmemkv-1.2/tests/c_api/null_db_config.c:49:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_exists(NULL, key1, strlen(key1));
data/pmemkv-1.2/tests/c_api/null_db_config.c:52:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_get(NULL, key1, strlen(key1), NULL, NULL);
data/pmemkv-1.2/tests/c_api/null_db_config.c:55:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_get_copy(NULL, key1, strlen(key1), val, 10, &cnt);
data/pmemkv-1.2/tests/c_api/null_db_config.c:58:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_put(NULL, key1, strlen(key1), value1, strlen(value1));
data/pmemkv-1.2/tests/c_api/null_db_config.c:58:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_put(NULL, key1, strlen(key1), value1, strlen(value1));
data/pmemkv-1.2/tests/c_api/null_db_config.c:61:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = pmemkv_remove(NULL, key1, strlen(key1));
data/pmemkv-1.2/tests/common/test_backtrace.c:69:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(procname, "?");
data/pmemkv-1.2/tests/engine_scenarios/sorted/iterate.hpp:219:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t charset_size = strlen(charset);
data/pmemkv-1.2/tests/engines-experimental/caching_test.cc:174:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = memcached_set(memc, key, strlen(key), value1, strlen(value1),
data/pmemkv-1.2/tests/engines-experimental/caching_test.cc:174:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = memcached_set(memc, key, strlen(key), value1, strlen(value1),
data/pmemkv-1.2/tests/engines-experimental/caching_test.cc:227:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcached_delete(memc, key, strlen(key), (time_t)0);
data/pmemkv-1.2/tests/engines-experimental/caching_test.cc:228:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return_value = memcached_get(memc, key, strlen(key), &return_value_length,
ANALYSIS SUMMARY:
Hits = 100
Lines analyzed = 25724 in approximately 0.86 seconds (29789 lines/second)
Physical Source Lines of Code (SLOC) = 18666
Hits@level = [0] 26 [1] 37 [2] 53 [3] 8 [4] 2 [5] 0
Hits@level+ = [0+] 126 [1+] 100 [2+] 63 [3+] 10 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 6.75024 [1+] 5.35733 [2+] 3.37512 [3+] 0.535733 [4+] 0.107147 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.