Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/postgresql-13-13.1/contrib/tcn/tcn.c Examining data/postgresql-13-13.1/contrib/sslinfo/sslinfo.c Examining data/postgresql-13-13.1/contrib/unaccent/unaccent.c Examining data/postgresql-13-13.1/contrib/cube/cubeparse.c Examining data/postgresql-13-13.1/contrib/cube/cube.c Examining data/postgresql-13-13.1/contrib/cube/cubedata.h Examining data/postgresql-13-13.1/contrib/cube/cubescan.c Examining data/postgresql-13-13.1/contrib/adminpack/adminpack.c Examining data/postgresql-13-13.1/contrib/dblink/dblink.c Examining data/postgresql-13-13.1/contrib/hstore/hstore_io.c Examining data/postgresql-13-13.1/contrib/hstore/hstore_op.c Examining data/postgresql-13-13.1/contrib/hstore/hstore.h Examining data/postgresql-13-13.1/contrib/hstore/hstore_gist.c Examining data/postgresql-13-13.1/contrib/hstore/hstore_gin.c Examining data/postgresql-13-13.1/contrib/hstore/hstore_compat.c Examining data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c Examining data/postgresql-13-13.1/contrib/bool_plperl/bool_plperl.c Examining data/postgresql-13-13.1/contrib/pg_prewarm/autoprewarm.c Examining data/postgresql-13-13.1/contrib/pg_prewarm/pg_prewarm.c Examining data/postgresql-13-13.1/contrib/xml2/xpath.c Examining data/postgresql-13-13.1/contrib/xml2/xslt_proc.c Examining data/postgresql-13-13.1/contrib/ltree_plpython/ltree_plpython.c Examining data/postgresql-13-13.1/contrib/test_decoding/test_decoding.c Examining data/postgresql-13-13.1/contrib/file_fdw/file_fdw.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_utils_var.h Examining data/postgresql-13-13.1/contrib/btree_gist/btree_ts.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_utils_num.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_int8.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_macaddr8.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_time.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_text.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_enum.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_uuid.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_int2.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_int4.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_cash.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_utils_num.h Examining data/postgresql-13-13.1/contrib/btree_gist/btree_bytea.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_gist.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_float8.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_inet.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_interval.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_utils_var.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_bit.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_date.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_oid.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_gist.h Examining data/postgresql-13-13.1/contrib/btree_gist/btree_macaddr.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_numeric.c Examining data/postgresql-13-13.1/contrib/btree_gist/btree_float4.c Examining data/postgresql-13-13.1/contrib/lo/lo.c Examining data/postgresql-13-13.1/contrib/spi/autoinc.c Examining data/postgresql-13-13.1/contrib/spi/insert_username.c Examining data/postgresql-13-13.1/contrib/spi/refint.c Examining data/postgresql-13-13.1/contrib/spi/moddatetime.c Examining data/postgresql-13-13.1/contrib/jsonb_plpython/jsonb_plpython.c Examining data/postgresql-13-13.1/contrib/passwordcheck/passwordcheck.c Examining data/postgresql-13-13.1/contrib/pgcrypto/internal.c Examining data/postgresql-13-13.1/contrib/pgcrypto/pgcrypto.c Examining data/postgresql-13-13.1/contrib/pgcrypto/blf.c Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp-encrypt.c Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp-decrypt.c Examining data/postgresql-13-13.1/contrib/pgcrypto/px.h Examining data/postgresql-13-13.1/contrib/pgcrypto/md5.h Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp-pubenc.c Examining data/postgresql-13-13.1/contrib/pgcrypto/md5.c Examining data/postgresql-13-13.1/contrib/pgcrypto/crypt-gensalt.c Examining data/postgresql-13-13.1/contrib/pgcrypto/internal-sha2.c Examining data/postgresql-13-13.1/contrib/pgcrypto/px-crypt.c Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp-mpi-internal.c Examining data/postgresql-13-13.1/contrib/pgcrypto/blf.h Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp-mpi-openssl.c Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c Examining data/postgresql-13-13.1/contrib/pgcrypto/openssl.c Examining data/postgresql-13-13.1/contrib/pgcrypto/rijndael.h Examining data/postgresql-13-13.1/contrib/pgcrypto/sha1.h Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp.c Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp-mpi.c Examining data/postgresql-13-13.1/contrib/pgcrypto/px-hmac.c Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp-pubkey.c Examining data/postgresql-13-13.1/contrib/pgcrypto/crypt-blowfish.c Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp.h Examining data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp-compress.c Examining data/postgresql-13-13.1/contrib/pgcrypto/imath.c Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp-info.c Examining data/postgresql-13-13.1/contrib/pgcrypto/imath.h Examining data/postgresql-13-13.1/contrib/pgcrypto/rijndael.c Examining data/postgresql-13-13.1/contrib/pgcrypto/pgcrypto.h Examining data/postgresql-13-13.1/contrib/pgcrypto/mbuf.c Examining data/postgresql-13-13.1/contrib/pgcrypto/px-crypt.h Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp-pubdec.c Examining data/postgresql-13-13.1/contrib/pgcrypto/sha1.c Examining data/postgresql-13-13.1/contrib/pgcrypto/crypt-des.c Examining data/postgresql-13-13.1/contrib/pgcrypto/mbuf.h Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp-armor.c Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp-cfb.c Examining data/postgresql-13-13.1/contrib/pgcrypto/px.c Examining data/postgresql-13-13.1/contrib/pgcrypto/pgp-s2k.c Examining data/postgresql-13-13.1/contrib/oid2name/oid2name.c Examining data/postgresql-13-13.1/contrib/pg_visibility/pg_visibility.c Examining data/postgresql-13-13.1/contrib/ltree/ltree_op.c Examining data/postgresql-13-13.1/contrib/ltree/_ltree_gist.c Examining data/postgresql-13-13.1/contrib/ltree/ltree.h Examining data/postgresql-13-13.1/contrib/ltree/ltxtquery_io.c Examining data/postgresql-13-13.1/contrib/ltree/_ltree_op.c Examining data/postgresql-13-13.1/contrib/ltree/ltxtquery_op.c Examining data/postgresql-13-13.1/contrib/ltree/lquery_op.c Examining data/postgresql-13-13.1/contrib/ltree/crc32.c Examining data/postgresql-13-13.1/contrib/ltree/ltree_gist.c Examining data/postgresql-13-13.1/contrib/ltree/ltree_io.c Examining data/postgresql-13-13.1/contrib/ltree/crc32.h Examining data/postgresql-13-13.1/contrib/pgstattuple/pgstatapprox.c Examining data/postgresql-13-13.1/contrib/pgstattuple/pgstattuple.c Examining data/postgresql-13-13.1/contrib/pgstattuple/pgstatindex.c Examining data/postgresql-13-13.1/contrib/pg_freespacemap/pg_freespacemap.c Examining data/postgresql-13-13.1/contrib/tablefunc/tablefunc.h Examining data/postgresql-13-13.1/contrib/tablefunc/tablefunc.c Examining data/postgresql-13-13.1/contrib/bloom/bloom.h Examining data/postgresql-13-13.1/contrib/bloom/blvacuum.c Examining data/postgresql-13-13.1/contrib/bloom/blutils.c Examining data/postgresql-13-13.1/contrib/bloom/blinsert.c Examining data/postgresql-13-13.1/contrib/bloom/blscan.c Examining data/postgresql-13-13.1/contrib/bloom/blcost.c Examining data/postgresql-13-13.1/contrib/bloom/blvalidate.c Examining data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c Examining data/postgresql-13-13.1/contrib/isn/isn.h Examining data/postgresql-13-13.1/contrib/isn/ISSN.h Examining data/postgresql-13-13.1/contrib/isn/ISMN.h Examining data/postgresql-13-13.1/contrib/isn/ISBN.h Examining data/postgresql-13-13.1/contrib/isn/EAN13.h Examining data/postgresql-13-13.1/contrib/isn/UPC.h Examining data/postgresql-13-13.1/contrib/isn/isn.c Examining data/postgresql-13-13.1/contrib/hstore_plperl/hstore_plperl.c Examining data/postgresql-13-13.1/contrib/auto_explain/auto_explain.c Examining data/postgresql-13-13.1/contrib/dict_xsyn/dict_xsyn.c Examining data/postgresql-13-13.1/contrib/tsm_system_rows/tsm_system_rows.c Examining data/postgresql-13-13.1/contrib/hstore_plpython/hstore_plpython.c Examining data/postgresql-13-13.1/contrib/citext/citext.c Examining data/postgresql-13-13.1/contrib/auth_delay/auth_delay.c Examining data/postgresql-13-13.1/contrib/jsonb_plperl/jsonb_plperl.c Examining data/postgresql-13-13.1/contrib/amcheck/verify_nbtree.c Examining data/postgresql-13-13.1/contrib/btree_gin/btree_gin.c Examining data/postgresql-13-13.1/contrib/intarray/_int_gin.c Examining data/postgresql-13-13.1/contrib/intarray/_int_gist.c Examining data/postgresql-13-13.1/contrib/intarray/_int_selfuncs.c Examining data/postgresql-13-13.1/contrib/intarray/_intbig_gist.c Examining data/postgresql-13-13.1/contrib/intarray/_int_tool.c Examining data/postgresql-13-13.1/contrib/intarray/_int_op.c Examining data/postgresql-13-13.1/contrib/intarray/_int_bool.c Examining data/postgresql-13-13.1/contrib/intarray/_int.h Examining data/postgresql-13-13.1/contrib/pg_trgm/trgm_op.c Examining data/postgresql-13-13.1/contrib/pg_trgm/trgm_gist.c Examining data/postgresql-13-13.1/contrib/pg_trgm/trgm_regexp.c Examining data/postgresql-13-13.1/contrib/pg_trgm/trgm_gin.c Examining data/postgresql-13-13.1/contrib/pg_trgm/trgm.h Examining data/postgresql-13-13.1/contrib/tsm_system_time/tsm_system_time.c Examining data/postgresql-13-13.1/contrib/sepgsql/uavc.c Examining data/postgresql-13-13.1/contrib/sepgsql/database.c Examining data/postgresql-13-13.1/contrib/sepgsql/label.c Examining data/postgresql-13-13.1/contrib/sepgsql/hooks.c Examining data/postgresql-13-13.1/contrib/sepgsql/dml.c Examining data/postgresql-13-13.1/contrib/sepgsql/sepgsql.h Examining data/postgresql-13-13.1/contrib/sepgsql/selinux.c Examining data/postgresql-13-13.1/contrib/sepgsql/relation.c Examining data/postgresql-13-13.1/contrib/sepgsql/schema.c Examining data/postgresql-13-13.1/contrib/sepgsql/proc.c Examining data/postgresql-13-13.1/contrib/pageinspect/ginfuncs.c Examining data/postgresql-13-13.1/contrib/pageinspect/btreefuncs.c Examining data/postgresql-13-13.1/contrib/pageinspect/pageinspect.h Examining data/postgresql-13-13.1/contrib/pageinspect/hashfuncs.c Examining data/postgresql-13-13.1/contrib/pageinspect/heapfuncs.c Examining data/postgresql-13-13.1/contrib/pageinspect/fsmfuncs.c Examining data/postgresql-13-13.1/contrib/pageinspect/brinfuncs.c Examining data/postgresql-13-13.1/contrib/pageinspect/rawpage.c Examining data/postgresql-13-13.1/contrib/earthdistance/earthdistance.c Examining data/postgresql-13-13.1/contrib/uuid-ossp/uuid-ossp.c Examining data/postgresql-13-13.1/contrib/dict_int/dict_int.c Examining data/postgresql-13-13.1/contrib/seg/segscan.c Examining data/postgresql-13-13.1/contrib/seg/segparse.c Examining data/postgresql-13-13.1/contrib/seg/seg.c Examining data/postgresql-13-13.1/contrib/seg/segdata.h Examining data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c Examining data/postgresql-13-13.1/contrib/pgrowlocks/pgrowlocks.c Examining data/postgresql-13-13.1/contrib/fuzzystrmatch/fuzzystrmatch.c Examining data/postgresql-13-13.1/contrib/fuzzystrmatch/dmetaphone.c Examining data/postgresql-13-13.1/contrib/pg_buffercache/pg_buffercache_pages.c Examining data/postgresql-13-13.1/contrib/postgres_fdw/postgres_fdw.c Examining data/postgresql-13-13.1/contrib/postgres_fdw/shippable.c Examining data/postgresql-13-13.1/contrib/postgres_fdw/deparse.c Examining data/postgresql-13-13.1/contrib/postgres_fdw/option.c Examining data/postgresql-13-13.1/contrib/postgres_fdw/connection.c Examining data/postgresql-13-13.1/contrib/postgres_fdw/postgres_fdw.h Examining data/postgresql-13-13.1/src/include/snowball/header.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_1_french.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_finnish.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_turkish.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_1_portuguese.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_1_norwegian.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_porter.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_lithuanian.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/api.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_spanish.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_1_swedish.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_portuguese.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_1_irish.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_hungarian.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_1_spanish.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_1_indonesian.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_romanian.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_2_romanian.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_1_porter.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_tamil.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_french.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/header.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_norwegian.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_1_finnish.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_indonesian.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_russian.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_nepali.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_german.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_dutch.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_1_english.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_1_german.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_2_hungarian.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_danish.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_KOI8_R_russian.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_1_danish.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_1_dutch.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_italian.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_irish.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_swedish.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_arabic.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_greek.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_ISO_8859_1_italian.h Examining data/postgresql-13-13.1/src/include/snowball/libstemmer/stem_UTF_8_english.h Examining data/postgresql-13-13.1/src/include/bootstrap/bootstrap.h Examining data/postgresql-13-13.1/src/include/pg_trace.h Examining data/postgresql-13-13.1/src/include/rewrite/prs2lock.h Examining data/postgresql-13-13.1/src/include/rewrite/rewriteRemove.h Examining data/postgresql-13-13.1/src/include/rewrite/rowsecurity.h Examining data/postgresql-13-13.1/src/include/rewrite/rewriteManip.h Examining data/postgresql-13-13.1/src/include/rewrite/rewriteSupport.h Examining data/postgresql-13-13.1/src/include/rewrite/rewriteHandler.h Examining data/postgresql-13-13.1/src/include/rewrite/rewriteDefine.h Examining data/postgresql-13-13.1/src/include/storage/predicate_internals.h Examining data/postgresql-13-13.1/src/include/storage/pmsignal.h Examining data/postgresql-13-13.1/src/include/storage/off.h Examining data/postgresql-13-13.1/src/include/storage/sinvaladt.h Examining data/postgresql-13-13.1/src/include/storage/sync.h Examining data/postgresql-13-13.1/src/include/storage/bufpage.h Examining data/postgresql-13-13.1/src/include/storage/dsm.h Examining data/postgresql-13-13.1/src/include/storage/sinval.h Examining data/postgresql-13-13.1/src/include/storage/sharedfileset.h Examining data/postgresql-13-13.1/src/include/storage/lmgr.h Examining data/postgresql-13-13.1/src/include/storage/ipc.h Examining data/postgresql-13-13.1/src/include/storage/proc.h Examining data/postgresql-13-13.1/src/include/storage/dsm_impl.h Examining data/postgresql-13-13.1/src/include/storage/barrier.h Examining data/postgresql-13-13.1/src/include/storage/standby.h Examining data/postgresql-13-13.1/src/include/storage/pg_sema.h Examining data/postgresql-13-13.1/src/include/storage/spin.h Examining data/postgresql-13-13.1/src/include/storage/bufmgr.h Examining data/postgresql-13-13.1/src/include/storage/item.h Examining data/postgresql-13-13.1/src/include/storage/backendid.h Examining data/postgresql-13-13.1/src/include/storage/buf_internals.h Examining data/postgresql-13-13.1/src/include/storage/procarray.h Examining data/postgresql-13-13.1/src/include/storage/predicate.h Examining data/postgresql-13-13.1/src/include/storage/condition_variable.h Examining data/postgresql-13-13.1/src/include/storage/fd.h Examining data/postgresql-13-13.1/src/include/storage/proclist.h Examining data/postgresql-13-13.1/src/include/storage/shm_mq.h Examining data/postgresql-13-13.1/src/include/storage/s_lock.h Examining data/postgresql-13-13.1/src/include/storage/md.h Examining data/postgresql-13-13.1/src/include/storage/relfilenode.h Examining data/postgresql-13-13.1/src/include/storage/reinit.h Examining data/postgresql-13-13.1/src/include/storage/buffile.h Examining data/postgresql-13-13.1/src/include/storage/lwlock.h Examining data/postgresql-13-13.1/src/include/storage/pg_shmem.h Examining data/postgresql-13-13.1/src/include/storage/latch.h Examining data/postgresql-13-13.1/src/include/storage/block.h Examining data/postgresql-13-13.1/src/include/storage/smgr.h Examining data/postgresql-13-13.1/src/include/storage/proclist_types.h Examining data/postgresql-13-13.1/src/include/storage/lock.h Examining data/postgresql-13-13.1/src/include/storage/checksum.h Examining data/postgresql-13-13.1/src/include/storage/procsignal.h Examining data/postgresql-13-13.1/src/include/storage/checksum_impl.h Examining data/postgresql-13-13.1/src/include/storage/copydir.h Examining data/postgresql-13-13.1/src/include/storage/fsm_internals.h Examining data/postgresql-13-13.1/src/include/storage/buf.h Examining data/postgresql-13-13.1/src/include/storage/freespace.h Examining data/postgresql-13-13.1/src/include/storage/itemptr.h Examining data/postgresql-13-13.1/src/include/storage/indexfsm.h Examining data/postgresql-13-13.1/src/include/storage/shm_toc.h Examining data/postgresql-13-13.1/src/include/storage/large_object.h Examining data/postgresql-13-13.1/src/include/storage/itemid.h Examining data/postgresql-13-13.1/src/include/storage/shmem.h Examining data/postgresql-13-13.1/src/include/storage/standbydefs.h Examining data/postgresql-13-13.1/src/include/storage/lockdefs.h Examining data/postgresql-13-13.1/src/include/postgres.h Examining data/postgresql-13-13.1/src/include/parser/parse_coerce.h Examining data/postgresql-13-13.1/src/include/parser/parse_type.h Examining data/postgresql-13-13.1/src/include/parser/parse_param.h Examining data/postgresql-13-13.1/src/include/parser/scansup.h Examining data/postgresql-13-13.1/src/include/parser/parse_func.h Examining data/postgresql-13-13.1/src/include/parser/parse_utilcmd.h Examining data/postgresql-13-13.1/src/include/parser/gramparse.h Examining data/postgresql-13-13.1/src/include/parser/parse_agg.h Examining data/postgresql-13-13.1/src/include/parser/parse_clause.h Examining data/postgresql-13-13.1/src/include/parser/kwlist.h Examining data/postgresql-13-13.1/src/include/parser/parser.h Examining data/postgresql-13-13.1/src/include/parser/parse_relation.h Examining data/postgresql-13-13.1/src/include/parser/parse_expr.h Examining data/postgresql-13-13.1/src/include/parser/parse_collate.h Examining data/postgresql-13-13.1/src/include/parser/parse_enr.h Examining data/postgresql-13-13.1/src/include/parser/parse_target.h Examining data/postgresql-13-13.1/src/include/parser/scanner.h Examining data/postgresql-13-13.1/src/include/parser/parse_oper.h Examining data/postgresql-13-13.1/src/include/parser/parse_cte.h Examining data/postgresql-13-13.1/src/include/parser/parse_node.h Examining data/postgresql-13-13.1/src/include/parser/parsetree.h Examining data/postgresql-13-13.1/src/include/parser/analyze.h Examining data/postgresql-13-13.1/src/include/lib/pairingheap.h Examining data/postgresql-13-13.1/src/include/lib/binaryheap.h Examining data/postgresql-13-13.1/src/include/lib/qunique.h Examining data/postgresql-13-13.1/src/include/lib/ilist.h Examining data/postgresql-13-13.1/src/include/lib/dshash.h Examining data/postgresql-13-13.1/src/include/lib/bipartite_match.h Examining data/postgresql-13-13.1/src/include/lib/integerset.h Examining data/postgresql-13-13.1/src/include/lib/knapsack.h Examining data/postgresql-13-13.1/src/include/lib/simplehash.h Examining data/postgresql-13-13.1/src/include/lib/stringinfo.h Examining data/postgresql-13-13.1/src/include/lib/hyperloglog.h Examining data/postgresql-13-13.1/src/include/lib/rbtree.h Examining data/postgresql-13-13.1/src/include/lib/bloomfilter.h Examining data/postgresql-13-13.1/src/include/miscadmin.h Examining data/postgresql-13-13.1/src/include/libpq/libpq.h Examining data/postgresql-13-13.1/src/include/libpq/pqmq.h Examining data/postgresql-13-13.1/src/include/libpq/pqformat.h Examining data/postgresql-13-13.1/src/include/libpq/auth.h Examining data/postgresql-13-13.1/src/include/libpq/be-gssapi-common.h Examining data/postgresql-13-13.1/src/include/libpq/pqsignal.h Examining data/postgresql-13-13.1/src/include/libpq/libpq-fs.h Examining data/postgresql-13-13.1/src/include/libpq/crypt.h Examining data/postgresql-13-13.1/src/include/libpq/scram.h Examining data/postgresql-13-13.1/src/include/libpq/pqcomm.h Examining data/postgresql-13-13.1/src/include/libpq/be-fsstubs.h Examining data/postgresql-13-13.1/src/include/libpq/ifaddr.h Examining data/postgresql-13-13.1/src/include/libpq/hba.h Examining data/postgresql-13-13.1/src/include/libpq/libpq-be.h Examining data/postgresql-13-13.1/src/include/mb/stringinfo_mb.h Examining data/postgresql-13-13.1/src/include/mb/pg_wchar.h Examining data/postgresql-13-13.1/src/include/pgstat.h Examining data/postgresql-13-13.1/src/include/replication/slot.h Examining data/postgresql-13-13.1/src/include/replication/walreceiver.h Examining data/postgresql-13-13.1/src/include/replication/syncrep.h Examining data/postgresql-13-13.1/src/include/replication/snapbuild.h Examining data/postgresql-13-13.1/src/include/replication/reorderbuffer.h Examining data/postgresql-13-13.1/src/include/replication/backup_manifest.h Examining data/postgresql-13-13.1/src/include/replication/logicalproto.h Examining data/postgresql-13-13.1/src/include/replication/logicallauncher.h Examining data/postgresql-13-13.1/src/include/replication/message.h Examining data/postgresql-13-13.1/src/include/replication/basebackup.h Examining data/postgresql-13-13.1/src/include/replication/origin.h Examining data/postgresql-13-13.1/src/include/replication/walsender_private.h Examining data/postgresql-13-13.1/src/include/replication/pgoutput.h Examining data/postgresql-13-13.1/src/include/replication/logical.h Examining data/postgresql-13-13.1/src/include/replication/logicalrelation.h Examining data/postgresql-13-13.1/src/include/replication/output_plugin.h Examining data/postgresql-13-13.1/src/include/replication/worker_internal.h Examining data/postgresql-13-13.1/src/include/replication/walsender.h Examining data/postgresql-13-13.1/src/include/replication/decode.h Examining data/postgresql-13-13.1/src/include/replication/logicalworker.h Examining data/postgresql-13-13.1/src/include/jit/jit.h Examining data/postgresql-13-13.1/src/include/jit/llvmjit_emit.h Examining data/postgresql-13-13.1/src/include/jit/llvmjit.h Examining data/postgresql-13-13.1/src/include/statistics/extended_stats_internal.h Examining data/postgresql-13-13.1/src/include/statistics/statistics.h Examining data/postgresql-13-13.1/src/include/port.h Examining data/postgresql-13-13.1/src/include/windowapi.h Examining data/postgresql-13-13.1/src/include/getaddrinfo.h Examining data/postgresql-13-13.1/src/include/executor/nodeAppend.h Examining data/postgresql-13-13.1/src/include/executor/nodeSort.h Examining data/postgresql-13-13.1/src/include/executor/nodeAgg.h Examining data/postgresql-13-13.1/src/include/executor/nodeTidscan.h Examining data/postgresql-13-13.1/src/include/executor/nodeIndexscan.h Examining data/postgresql-13-13.1/src/include/executor/nodeFunctionscan.h Examining data/postgresql-13-13.1/src/include/executor/nodeGatherMerge.h Examining data/postgresql-13-13.1/src/include/executor/nodeNamedtuplestorescan.h Examining data/postgresql-13-13.1/src/include/executor/execdesc.h Examining data/postgresql-13-13.1/src/include/executor/execParallel.h Examining data/postgresql-13-13.1/src/include/executor/tqueue.h Examining data/postgresql-13-13.1/src/include/executor/spi.h Examining data/postgresql-13-13.1/src/include/executor/nodeForeignscan.h Examining data/postgresql-13-13.1/src/include/executor/nodeHash.h Examining data/postgresql-13-13.1/src/include/executor/execExpr.h Examining data/postgresql-13-13.1/src/include/executor/nodeWindowAgg.h Examining data/postgresql-13-13.1/src/include/executor/nodeGroup.h Examining data/postgresql-13-13.1/src/include/executor/spi_priv.h Examining data/postgresql-13-13.1/src/include/executor/hashjoin.h Examining data/postgresql-13-13.1/src/include/executor/tstoreReceiver.h Examining data/postgresql-13-13.1/src/include/executor/nodeSeqscan.h Examining data/postgresql-13-13.1/src/include/executor/execdebug.h Examining data/postgresql-13-13.1/src/include/executor/executor.h Examining data/postgresql-13-13.1/src/include/executor/nodeMaterial.h Examining data/postgresql-13-13.1/src/include/executor/nodeLimit.h Examining data/postgresql-13-13.1/src/include/executor/nodeTableFuncscan.h Examining data/postgresql-13-13.1/src/include/executor/nodeRecursiveunion.h Examining data/postgresql-13-13.1/src/include/executor/nodeMergeAppend.h Examining data/postgresql-13-13.1/src/include/executor/nodeLockRows.h Examining data/postgresql-13-13.1/src/include/executor/nodeCtescan.h Examining data/postgresql-13-13.1/src/include/executor/nodeSubqueryscan.h Examining data/postgresql-13-13.1/src/include/executor/nodeSamplescan.h Examining data/postgresql-13-13.1/src/include/executor/nodeIndexonlyscan.h Examining data/postgresql-13-13.1/src/include/executor/nodeBitmapHeapscan.h Examining data/postgresql-13-13.1/src/include/executor/nodeBitmapIndexscan.h Examining data/postgresql-13-13.1/src/include/executor/tablefunc.h Examining data/postgresql-13-13.1/src/include/executor/nodeMergejoin.h Examining data/postgresql-13-13.1/src/include/executor/nodeBitmapAnd.h Examining data/postgresql-13-13.1/src/include/executor/nodeSetOp.h Examining data/postgresql-13-13.1/src/include/executor/nodeGather.h Examining data/postgresql-13-13.1/src/include/executor/nodeUnique.h Examining data/postgresql-13-13.1/src/include/executor/nodeSubplan.h Examining data/postgresql-13-13.1/src/include/executor/nodeResult.h Examining data/postgresql-13-13.1/src/include/executor/nodeCustom.h Examining data/postgresql-13-13.1/src/include/executor/nodeHashjoin.h Examining data/postgresql-13-13.1/src/include/executor/nodeValuesscan.h Examining data/postgresql-13-13.1/src/include/executor/execPartition.h Examining data/postgresql-13-13.1/src/include/executor/nodeNestloop.h Examining data/postgresql-13-13.1/src/include/executor/tuptable.h Examining data/postgresql-13-13.1/src/include/executor/nodeBitmapOr.h Examining data/postgresql-13-13.1/src/include/executor/nodeIncrementalSort.h Examining data/postgresql-13-13.1/src/include/executor/nodeProjectSet.h Examining data/postgresql-13-13.1/src/include/executor/nodeWorktablescan.h Examining data/postgresql-13-13.1/src/include/executor/nodeModifyTable.h Examining data/postgresql-13-13.1/src/include/executor/instrument.h Examining data/postgresql-13-13.1/src/include/executor/functions.h Examining data/postgresql-13-13.1/src/include/getopt_long.h Examining data/postgresql-13-13.1/src/include/tsearch/ts_cache.h Examining data/postgresql-13-13.1/src/include/tsearch/ts_public.h Examining data/postgresql-13-13.1/src/include/tsearch/ts_utils.h Examining data/postgresql-13-13.1/src/include/tsearch/ts_type.h Examining data/postgresql-13-13.1/src/include/tsearch/ts_locale.h Examining data/postgresql-13-13.1/src/include/tsearch/dicts/regis.h Examining data/postgresql-13-13.1/src/include/tsearch/dicts/spell.h Examining data/postgresql-13-13.1/src/include/fmgr.h Examining data/postgresql-13-13.1/src/include/portability/mem.h Examining data/postgresql-13-13.1/src/include/portability/instr_time.h Examining data/postgresql-13-13.1/src/include/datatype/timestamp.h Examining data/postgresql-13-13.1/src/include/utils/timestamp.h Examining data/postgresql-13-13.1/src/include/utils/freepage.h Examining data/postgresql-13-13.1/src/include/utils/rls.h Examining data/postgresql-13-13.1/src/include/utils/jsonpath.h Examining data/postgresql-13-13.1/src/include/utils/builtins.h Examining data/postgresql-13-13.1/src/include/utils/help_config.h Examining data/postgresql-13-13.1/src/include/utils/catcache.h Examining data/postgresql-13-13.1/src/include/utils/timeout.h Examining data/postgresql-13-13.1/src/include/utils/palloc.h Examining data/postgresql-13-13.1/src/include/utils/resowner.h Examining data/postgresql-13-13.1/src/include/utils/dynahash.h Examining data/postgresql-13-13.1/src/include/utils/relcache.h Examining data/postgresql-13-13.1/src/include/utils/rel.h Examining data/postgresql-13-13.1/src/include/utils/pidfile.h Examining data/postgresql-13-13.1/src/include/utils/hsearch.h Examining data/postgresql-13-13.1/src/include/utils/inval.h Examining data/postgresql-13-13.1/src/include/utils/bytea.h Examining data/postgresql-13-13.1/src/include/utils/relptr.h Examining data/postgresql-13-13.1/src/include/utils/typcache.h Examining data/postgresql-13-13.1/src/include/utils/arrayaccess.h Examining data/postgresql-13-13.1/src/include/utils/guc_tables.h Examining data/postgresql-13-13.1/src/include/utils/ruleutils.h Examining data/postgresql-13-13.1/src/include/utils/sharedtuplestore.h Examining data/postgresql-13-13.1/src/include/utils/cash.h Examining data/postgresql-13-13.1/src/include/utils/reltrigger.h Examining data/postgresql-13-13.1/src/include/utils/jsonb.h Examining data/postgresql-13-13.1/src/include/utils/rangetypes.h Examining data/postgresql-13-13.1/src/include/utils/acl.h Examining data/postgresql-13-13.1/src/include/utils/xid8.h Examining data/postgresql-13-13.1/src/include/utils/regproc.h Examining data/postgresql-13-13.1/src/include/utils/logtape.h Examining data/postgresql-13-13.1/src/include/utils/dsa.h Examining data/postgresql-13-13.1/src/include/utils/sortsupport.h Examining data/postgresql-13-13.1/src/include/utils/ps_status.h Examining data/postgresql-13-13.1/src/include/utils/elog.h Examining data/postgresql-13-13.1/src/include/utils/sampling.h Examining data/postgresql-13-13.1/src/include/utils/varbit.h Examining data/postgresql-13-13.1/src/include/utils/datum.h Examining data/postgresql-13-13.1/src/include/utils/relmapper.h Examining data/postgresql-13-13.1/src/include/utils/plancache.h Examining data/postgresql-13-13.1/src/include/utils/expandeddatum.h Examining data/postgresql-13-13.1/src/include/utils/evtcache.h Examining data/postgresql-13-13.1/src/include/utils/selfuncs.h Examining data/postgresql-13-13.1/src/include/utils/tzparser.h Examining data/postgresql-13-13.1/src/include/utils/pg_crc.h Examining data/postgresql-13-13.1/src/include/utils/attoptcache.h Examining data/postgresql-13-13.1/src/include/utils/pg_rusage.h Examining data/postgresql-13-13.1/src/include/utils/inet.h Examining data/postgresql-13-13.1/src/include/utils/numeric.h Examining data/postgresql-13-13.1/src/include/utils/date.h Examining data/postgresql-13-13.1/src/include/utils/index_selfuncs.h Examining data/postgresql-13-13.1/src/include/utils/snapshot.h Examining data/postgresql-13-13.1/src/include/utils/queryenvironment.h Examining data/postgresql-13-13.1/src/include/utils/partcache.h Examining data/postgresql-13-13.1/src/include/utils/datetime.h Examining data/postgresql-13-13.1/src/include/utils/formatting.h Examining data/postgresql-13-13.1/src/include/utils/aclchk_internal.h Examining data/postgresql-13-13.1/src/include/utils/xml.h Examining data/postgresql-13-13.1/src/include/utils/jsonfuncs.h Examining data/postgresql-13-13.1/src/include/utils/tuplesort.h Examining data/postgresql-13-13.1/src/include/utils/float.h Examining data/postgresql-13-13.1/src/include/utils/geo_decls.h Examining data/postgresql-13-13.1/src/include/utils/spccache.h Examining data/postgresql-13-13.1/src/include/utils/snapmgr.h Examining data/postgresql-13-13.1/src/include/utils/int8.h Examining data/postgresql-13-13.1/src/include/utils/memdebug.h Examining data/postgresql-13-13.1/src/include/utils/pg_lsn.h Examining data/postgresql-13-13.1/src/include/utils/ascii.h Examining data/postgresql-13-13.1/src/include/utils/resowner_private.h Examining data/postgresql-13-13.1/src/include/utils/expandedrecord.h Examining data/postgresql-13-13.1/src/include/utils/combocid.h Examining data/postgresql-13-13.1/src/include/utils/syscache.h Examining data/postgresql-13-13.1/src/include/utils/varlena.h Examining data/postgresql-13-13.1/src/include/utils/memutils.h Examining data/postgresql-13-13.1/src/include/utils/array.h Examining data/postgresql-13-13.1/src/include/utils/fmgrtab.h Examining data/postgresql-13-13.1/src/include/utils/relfilenodemap.h Examining data/postgresql-13-13.1/src/include/utils/portal.h Examining data/postgresql-13-13.1/src/include/utils/tuplestore.h Examining data/postgresql-13-13.1/src/include/utils/pg_locale.h Examining data/postgresql-13-13.1/src/include/utils/uuid.h Examining data/postgresql-13-13.1/src/include/utils/lsyscache.h Examining data/postgresql-13-13.1/src/include/utils/json.h Examining data/postgresql-13-13.1/src/include/utils/guc.h Examining data/postgresql-13-13.1/src/include/optimizer/optimizer.h Examining data/postgresql-13-13.1/src/include/optimizer/plancat.h Examining data/postgresql-13-13.1/src/include/optimizer/geqo_selection.h Examining data/postgresql-13-13.1/src/include/optimizer/cost.h Examining data/postgresql-13-13.1/src/include/optimizer/prep.h Examining data/postgresql-13-13.1/src/include/optimizer/inherit.h Examining data/postgresql-13-13.1/src/include/optimizer/pathnode.h Examining data/postgresql-13-13.1/src/include/optimizer/clauses.h Examining data/postgresql-13-13.1/src/include/optimizer/paths.h Examining data/postgresql-13-13.1/src/include/optimizer/joininfo.h Examining data/postgresql-13-13.1/src/include/optimizer/geqo_misc.h Examining data/postgresql-13-13.1/src/include/optimizer/geqo_mutation.h Examining data/postgresql-13-13.1/src/include/optimizer/appendinfo.h Examining data/postgresql-13-13.1/src/include/optimizer/planmain.h Examining data/postgresql-13-13.1/src/include/optimizer/orclauses.h Examining data/postgresql-13-13.1/src/include/optimizer/geqo_gene.h Examining data/postgresql-13-13.1/src/include/optimizer/geqo_random.h Examining data/postgresql-13-13.1/src/include/optimizer/tlist.h Examining data/postgresql-13-13.1/src/include/optimizer/geqo_copy.h Examining data/postgresql-13-13.1/src/include/optimizer/planner.h Examining data/postgresql-13-13.1/src/include/optimizer/geqo_pool.h Examining data/postgresql-13-13.1/src/include/optimizer/paramassign.h Examining data/postgresql-13-13.1/src/include/optimizer/placeholder.h Examining data/postgresql-13-13.1/src/include/optimizer/geqo.h Examining data/postgresql-13-13.1/src/include/optimizer/subselect.h Examining data/postgresql-13-13.1/src/include/optimizer/geqo_recombination.h Examining data/postgresql-13-13.1/src/include/optimizer/restrictinfo.h Examining data/postgresql-13-13.1/src/include/nodes/plannodes.h Examining data/postgresql-13-13.1/src/include/nodes/replnodes.h Examining data/postgresql-13-13.1/src/include/nodes/lockoptions.h Examining data/postgresql-13-13.1/src/include/nodes/pathnodes.h Examining data/postgresql-13-13.1/src/include/nodes/primnodes.h Examining data/postgresql-13-13.1/src/include/nodes/parsenodes.h Examining data/postgresql-13-13.1/src/include/nodes/nodeFuncs.h Examining data/postgresql-13-13.1/src/include/nodes/execnodes.h Examining data/postgresql-13-13.1/src/include/nodes/readfuncs.h Examining data/postgresql-13-13.1/src/include/nodes/params.h Examining data/postgresql-13-13.1/src/include/nodes/makefuncs.h Examining data/postgresql-13-13.1/src/include/nodes/tidbitmap.h Examining data/postgresql-13-13.1/src/include/nodes/bitmapset.h Examining data/postgresql-13-13.1/src/include/nodes/memnodes.h Examining data/postgresql-13-13.1/src/include/nodes/supportnodes.h Examining data/postgresql-13-13.1/src/include/nodes/value.h Examining data/postgresql-13-13.1/src/include/nodes/print.h Examining data/postgresql-13-13.1/src/include/nodes/pg_list.h Examining data/postgresql-13-13.1/src/include/nodes/nodes.h Examining data/postgresql-13-13.1/src/include/nodes/extensible.h Examining data/postgresql-13-13.1/src/include/regex/regexport.h Examining data/postgresql-13-13.1/src/include/regex/regex.h Examining data/postgresql-13-13.1/src/include/regex/regerrs.h Examining data/postgresql-13-13.1/src/include/regex/regcustom.h Examining data/postgresql-13-13.1/src/include/regex/regguts.h Examining data/postgresql-13-13.1/src/include/pgtar.h Examining data/postgresql-13-13.1/src/include/pg_getopt.h Examining data/postgresql-13-13.1/src/include/fe_utils/psqlscan.h Examining data/postgresql-13-13.1/src/include/fe_utils/string_utils.h Examining data/postgresql-13-13.1/src/include/fe_utils/psqlscan_int.h Examining data/postgresql-13-13.1/src/include/fe_utils/simple_list.h Examining data/postgresql-13-13.1/src/include/fe_utils/conditional.h Examining data/postgresql-13-13.1/src/include/fe_utils/cancel.h Examining data/postgresql-13-13.1/src/include/fe_utils/archive.h Examining data/postgresql-13-13.1/src/include/fe_utils/mbprint.h Examining data/postgresql-13-13.1/src/include/fe_utils/recovery_gen.h Examining data/postgresql-13-13.1/src/include/fe_utils/print.h Examining data/postgresql-13-13.1/src/include/catalog/partition.h Examining data/postgresql-13-13.1/src/include/catalog/pg_auth_members.h Examining data/postgresql-13-13.1/src/include/catalog/pg_description.h Examining data/postgresql-13-13.1/src/include/catalog/pg_enum.h Examining data/postgresql-13-13.1/src/include/catalog/pg_statistic.h Examining data/postgresql-13-13.1/src/include/catalog/indexing.h Examining data/postgresql-13-13.1/src/include/catalog/pg_statistic_ext_data.h Examining data/postgresql-13-13.1/src/include/catalog/pg_constraint.h Examining data/postgresql-13-13.1/src/include/catalog/binary_upgrade.h Examining data/postgresql-13-13.1/src/include/catalog/pg_ts_dict.h Examining data/postgresql-13-13.1/src/include/catalog/pg_default_acl.h Examining data/postgresql-13-13.1/src/include/catalog/pg_rewrite.h Examining data/postgresql-13-13.1/src/include/catalog/pg_db_role_setting.h Examining data/postgresql-13-13.1/src/include/catalog/pg_language.h Examining data/postgresql-13-13.1/src/include/catalog/heap.h Examining data/postgresql-13-13.1/src/include/catalog/pg_event_trigger.h Examining data/postgresql-13-13.1/src/include/catalog/pg_aggregate.h Examining data/postgresql-13-13.1/src/include/catalog/pg_type.h Examining data/postgresql-13-13.1/src/include/catalog/pg_user_mapping.h Examining data/postgresql-13-13.1/src/include/catalog/pg_class.h Examining data/postgresql-13-13.1/src/include/catalog/pg_sequence.h Examining data/postgresql-13-13.1/src/include/catalog/opfam_internal.h Examining data/postgresql-13-13.1/src/include/catalog/pg_trigger.h Examining data/postgresql-13-13.1/src/include/catalog/pg_amop.h Examining data/postgresql-13-13.1/src/include/catalog/catalog.h Examining data/postgresql-13-13.1/src/include/catalog/pg_proc.h Examining data/postgresql-13-13.1/src/include/catalog/pg_largeobject.h Examining data/postgresql-13-13.1/src/include/catalog/pg_authid.h Examining data/postgresql-13-13.1/src/include/catalog/pg_collation.h Examining data/postgresql-13-13.1/src/include/catalog/pg_foreign_data_wrapper.h Examining data/postgresql-13-13.1/src/include/catalog/pg_ts_parser.h Examining data/postgresql-13-13.1/src/include/catalog/pg_shdescription.h Examining data/postgresql-13-13.1/src/include/catalog/pg_inherits.h Examining data/postgresql-13-13.1/src/include/catalog/genbki.h Examining data/postgresql-13-13.1/src/include/catalog/pg_attribute.h Examining data/postgresql-13-13.1/src/include/catalog/index.h Examining data/postgresql-13-13.1/src/include/catalog/dependency.h Examining data/postgresql-13-13.1/src/include/catalog/pg_shdepend.h Examining data/postgresql-13-13.1/src/include/catalog/pg_range.h Examining data/postgresql-13-13.1/src/include/catalog/pg_opclass.h Examining data/postgresql-13-13.1/src/include/catalog/pg_shseclabel.h Examining data/postgresql-13-13.1/src/include/catalog/pg_attrdef.h Examining data/postgresql-13-13.1/src/include/catalog/pg_opfamily.h Examining data/postgresql-13-13.1/src/include/catalog/pg_ts_config_map.h Examining data/postgresql-13-13.1/src/include/catalog/pg_init_privs.h Examining data/postgresql-13-13.1/src/include/catalog/objectaddress.h Examining data/postgresql-13-13.1/src/include/catalog/catversion.h Examining data/postgresql-13-13.1/src/include/catalog/pg_foreign_table.h Examining data/postgresql-13-13.1/src/include/catalog/pg_largeobject_metadata.h Examining data/postgresql-13-13.1/src/include/catalog/pg_replication_origin.h Examining data/postgresql-13-13.1/src/include/catalog/pg_extension.h Examining data/postgresql-13-13.1/src/include/catalog/objectaccess.h Examining data/postgresql-13-13.1/src/include/catalog/pg_foreign_server.h Examining data/postgresql-13-13.1/src/include/catalog/pg_depend.h Examining data/postgresql-13-13.1/src/include/catalog/pg_operator.h Examining data/postgresql-13-13.1/src/include/catalog/pg_seclabel.h Examining data/postgresql-13-13.1/src/include/catalog/pg_ts_config.h Examining data/postgresql-13-13.1/src/include/catalog/storage_xlog.h Examining data/postgresql-13-13.1/src/include/catalog/pg_conversion.h Examining data/postgresql-13-13.1/src/include/catalog/pg_transform.h Examining data/postgresql-13-13.1/src/include/catalog/pg_ts_template.h Examining data/postgresql-13-13.1/src/include/catalog/pg_partitioned_table.h Examining data/postgresql-13-13.1/src/include/catalog/namespace.h Examining data/postgresql-13-13.1/src/include/catalog/pg_am.h Examining data/postgresql-13-13.1/src/include/catalog/pg_amproc.h Examining data/postgresql-13-13.1/src/include/catalog/pg_publication_rel.h Examining data/postgresql-13-13.1/src/include/catalog/pg_subscription_rel.h Examining data/postgresql-13-13.1/src/include/catalog/pg_control.h Examining data/postgresql-13-13.1/src/include/catalog/pg_subscription.h Examining data/postgresql-13-13.1/src/include/catalog/pg_namespace.h Examining data/postgresql-13-13.1/src/include/catalog/pg_index.h Examining data/postgresql-13-13.1/src/include/catalog/pg_statistic_ext.h Examining data/postgresql-13-13.1/src/include/catalog/toasting.h Examining data/postgresql-13-13.1/src/include/catalog/pg_database.h Examining data/postgresql-13-13.1/src/include/catalog/pg_tablespace.h Examining data/postgresql-13-13.1/src/include/catalog/storage.h Examining data/postgresql-13-13.1/src/include/catalog/pg_cast.h Examining data/postgresql-13-13.1/src/include/catalog/pg_publication.h Examining data/postgresql-13-13.1/src/include/catalog/pg_policy.h Examining data/postgresql-13-13.1/src/include/pgtime.h Examining data/postgresql-13-13.1/src/include/port/pg_bswap.h Examining data/postgresql-13-13.1/src/include/port/solaris.h Examining data/postgresql-13-13.1/src/include/port/hpux.h Examining data/postgresql-13-13.1/src/include/port/darwin.h Examining data/postgresql-13-13.1/src/include/port/linux.h Examining data/postgresql-13-13.1/src/include/port/win32_msvc/dirent.h Examining data/postgresql-13-13.1/src/include/port/win32_msvc/unistd.h Examining data/postgresql-13-13.1/src/include/port/win32_msvc/sys/time.h Examining data/postgresql-13-13.1/src/include/port/win32_msvc/sys/param.h Examining data/postgresql-13-13.1/src/include/port/win32_msvc/sys/file.h Examining data/postgresql-13-13.1/src/include/port/win32_msvc/utime.h Examining data/postgresql-13-13.1/src/include/port/aix.h Examining data/postgresql-13-13.1/src/include/port/netbsd.h Examining data/postgresql-13-13.1/src/include/port/win32.h Examining data/postgresql-13-13.1/src/include/port/freebsd.h Examining data/postgresql-13-13.1/src/include/port/atomics/generic.h Examining data/postgresql-13-13.1/src/include/port/atomics/generic-msvc.h Examining data/postgresql-13-13.1/src/include/port/atomics/arch-hppa.h Examining data/postgresql-13-13.1/src/include/port/atomics/arch-x86.h Examining data/postgresql-13-13.1/src/include/port/atomics/generic-gcc.h Examining data/postgresql-13-13.1/src/include/port/atomics/arch-arm.h Examining data/postgresql-13-13.1/src/include/port/atomics/arch-ppc.h Examining data/postgresql-13-13.1/src/include/port/atomics/fallback.h Examining data/postgresql-13-13.1/src/include/port/atomics/arch-ia64.h Examining data/postgresql-13-13.1/src/include/port/atomics/generic-sunpro.h Examining data/postgresql-13-13.1/src/include/port/atomics/generic-acc.h Examining data/postgresql-13-13.1/src/include/port/openbsd.h Examining data/postgresql-13-13.1/src/include/port/atomics.h Examining data/postgresql-13-13.1/src/include/port/pg_bitutils.h Examining data/postgresql-13-13.1/src/include/port/win32/pwd.h Examining data/postgresql-13-13.1/src/include/port/win32/arpa/inet.h Examining data/postgresql-13-13.1/src/include/port/win32/netinet/in.h Examining data/postgresql-13-13.1/src/include/port/win32/sys/wait.h Examining data/postgresql-13-13.1/src/include/port/win32/sys/socket.h Examining data/postgresql-13-13.1/src/include/port/win32/grp.h Examining data/postgresql-13-13.1/src/include/port/win32/dlfcn.h Examining data/postgresql-13-13.1/src/include/port/win32/netdb.h Examining data/postgresql-13-13.1/src/include/port/win32_port.h Examining data/postgresql-13-13.1/src/include/port/pg_crc32c.h Examining data/postgresql-13-13.1/src/include/port/cygwin.h Examining data/postgresql-13-13.1/src/include/postgres_ext.h Examining data/postgresql-13-13.1/src/include/common/hashfn.h Examining data/postgresql-13-13.1/src/include/common/unicode_norm.h Examining data/postgresql-13-13.1/src/include/common/md5.h Examining data/postgresql-13-13.1/src/include/common/sha2.h Examining data/postgresql-13-13.1/src/include/common/unicode_norm_table.h Examining data/postgresql-13-13.1/src/include/common/restricted_token.h Examining data/postgresql-13-13.1/src/include/common/jsonapi.h Examining data/postgresql-13-13.1/src/include/common/username.h Examining data/postgresql-13-13.1/src/include/common/keywords.h Examining data/postgresql-13-13.1/src/include/common/scram-common.h Examining data/postgresql-13-13.1/src/include/common/checksum_helper.h Examining data/postgresql-13-13.1/src/include/common/int128.h Examining data/postgresql-13-13.1/src/include/common/relpath.h Examining data/postgresql-13-13.1/src/include/common/link-canary.h Examining data/postgresql-13-13.1/src/include/common/saslprep.h Examining data/postgresql-13-13.1/src/include/common/pg_lzcompress.h Examining data/postgresql-13-13.1/src/include/common/shortest_dec.h Examining data/postgresql-13-13.1/src/include/common/unicode_combining_table.h Examining data/postgresql-13-13.1/src/include/common/unicode_normprops_table.h Examining data/postgresql-13-13.1/src/include/common/config_info.h Examining data/postgresql-13-13.1/src/include/common/fe_memutils.h Examining data/postgresql-13-13.1/src/include/common/base64.h Examining data/postgresql-13-13.1/src/include/common/file_utils.h Examining data/postgresql-13-13.1/src/include/common/connect.h Examining data/postgresql-13-13.1/src/include/common/int.h Examining data/postgresql-13-13.1/src/include/common/openssl.h Examining data/postgresql-13-13.1/src/include/common/kwlookup.h Examining data/postgresql-13-13.1/src/include/common/logging.h Examining data/postgresql-13-13.1/src/include/common/archive.h Examining data/postgresql-13-13.1/src/include/common/file_perm.h Examining data/postgresql-13-13.1/src/include/common/string.h Examining data/postgresql-13-13.1/src/include/common/controldata_utils.h Examining data/postgresql-13-13.1/src/include/common/ip.h Examining data/postgresql-13-13.1/src/include/rusagestub.h Examining data/postgresql-13-13.1/src/include/access/gin.h Examining data/postgresql-13-13.1/src/include/access/bufmask.h Examining data/postgresql-13-13.1/src/include/access/genam.h Examining data/postgresql-13-13.1/src/include/access/reloptions.h Examining data/postgresql-13-13.1/src/include/access/stratnum.h Examining data/postgresql-13-13.1/src/include/access/toast_internals.h Examining data/postgresql-13-13.1/src/include/access/attmap.h Examining data/postgresql-13-13.1/src/include/access/htup_details.h Examining data/postgresql-13-13.1/src/include/access/itup.h Examining data/postgresql-13-13.1/src/include/access/htup.h Examining data/postgresql-13-13.1/src/include/access/skey.h Examining data/postgresql-13-13.1/src/include/access/tupmacs.h Examining data/postgresql-13-13.1/src/include/access/hash_xlog.h Examining data/postgresql-13-13.1/src/include/access/rmgrlist.h Examining data/postgresql-13-13.1/src/include/access/hio.h Examining data/postgresql-13-13.1/src/include/access/brin_tuple.h Examining data/postgresql-13-13.1/src/include/access/multixact.h Examining data/postgresql-13-13.1/src/include/access/hash.h Examining data/postgresql-13-13.1/src/include/access/timeline.h Examining data/postgresql-13-13.1/src/include/access/brin_page.h Examining data/postgresql-13-13.1/src/include/access/gist_private.h Examining data/postgresql-13-13.1/src/include/access/sysattr.h Examining data/postgresql-13-13.1/src/include/access/brin_internal.h Examining data/postgresql-13-13.1/src/include/access/spgist.h Examining data/postgresql-13-13.1/src/include/access/tupdesc.h Examining data/postgresql-13-13.1/src/include/access/printtup.h Examining data/postgresql-13-13.1/src/include/access/ginxlog.h Examining data/postgresql-13-13.1/src/include/access/session.h Examining data/postgresql-13-13.1/src/include/access/sdir.h Examining data/postgresql-13-13.1/src/include/access/xlogarchive.h Examining data/postgresql-13-13.1/src/include/access/valid.h Examining data/postgresql-13-13.1/src/include/access/xloginsert.h Examining data/postgresql-13-13.1/src/include/access/xlog_internal.h Examining data/postgresql-13-13.1/src/include/access/tupconvert.h Examining data/postgresql-13-13.1/src/include/access/gin_private.h Examining data/postgresql-13-13.1/src/include/access/tsmapi.h Examining data/postgresql-13-13.1/src/include/access/gistxlog.h Examining data/postgresql-13-13.1/src/include/access/brin_xlog.h Examining data/postgresql-13-13.1/src/include/access/twophase.h Examining data/postgresql-13-13.1/src/include/access/subtrans.h Examining data/postgresql-13-13.1/src/include/access/rewriteheap.h Examining data/postgresql-13-13.1/src/include/access/tupdesc_details.h Examining data/postgresql-13-13.1/src/include/access/transam.h Examining data/postgresql-13-13.1/src/include/access/ginblock.h Examining data/postgresql-13-13.1/src/include/access/xlogdefs.h Examining data/postgresql-13-13.1/src/include/access/amapi.h Examining data/postgresql-13-13.1/src/include/access/nbtree.h Examining data/postgresql-13-13.1/src/include/access/detoast.h Examining data/postgresql-13-13.1/src/include/access/slru.h Examining data/postgresql-13-13.1/src/include/access/heapam.h Examining data/postgresql-13-13.1/src/include/access/rmgr.h Examining data/postgresql-13-13.1/src/include/access/generic_xlog.h Examining data/postgresql-13-13.1/src/include/access/gistscan.h Examining data/postgresql-13-13.1/src/include/access/spgist_private.h Examining data/postgresql-13-13.1/src/include/access/printsimple.h Examining data/postgresql-13-13.1/src/include/access/spgxlog.h Examining data/postgresql-13-13.1/src/include/access/toast_helper.h Examining data/postgresql-13-13.1/src/include/access/clog.h Examining data/postgresql-13-13.1/src/include/access/heaptoast.h Examining data/postgresql-13-13.1/src/include/access/xlogreader.h Examining data/postgresql-13-13.1/src/include/access/parallel.h Examining data/postgresql-13-13.1/src/include/access/relation.h Examining data/postgresql-13-13.1/src/include/access/twophase_rmgr.h Examining data/postgresql-13-13.1/src/include/access/visibilitymap.h Examining data/postgresql-13-13.1/src/include/access/gist.h Examining data/postgresql-13-13.1/src/include/access/amvalidate.h Examining data/postgresql-13-13.1/src/include/access/xact.h Examining data/postgresql-13-13.1/src/include/access/xlogutils.h Examining data/postgresql-13-13.1/src/include/access/brin.h Examining data/postgresql-13-13.1/src/include/access/tableam.h Examining data/postgresql-13-13.1/src/include/access/commit_ts.h Examining data/postgresql-13-13.1/src/include/access/brin_revmap.h Examining data/postgresql-13-13.1/src/include/access/nbtxlog.h Examining data/postgresql-13-13.1/src/include/access/heapam_xlog.h Examining data/postgresql-13-13.1/src/include/access/table.h Examining data/postgresql-13-13.1/src/include/access/attnum.h Examining data/postgresql-13-13.1/src/include/access/xlog.h Examining data/postgresql-13-13.1/src/include/access/xlogrecord.h Examining data/postgresql-13-13.1/src/include/access/relscan.h Examining data/postgresql-13-13.1/src/include/access/brin_pageops.h Examining data/postgresql-13-13.1/src/include/tcop/deparse_utility.h Examining data/postgresql-13-13.1/src/include/tcop/pquery.h Examining data/postgresql-13-13.1/src/include/tcop/dest.h Examining data/postgresql-13-13.1/src/include/tcop/fastpath.h Examining data/postgresql-13-13.1/src/include/tcop/cmdtaglist.h Examining data/postgresql-13-13.1/src/include/tcop/utility.h Examining data/postgresql-13-13.1/src/include/tcop/tcopprot.h Examining data/postgresql-13-13.1/src/include/tcop/cmdtag.h Examining data/postgresql-13-13.1/src/include/c.h Examining data/postgresql-13-13.1/src/include/partitioning/partprune.h Examining data/postgresql-13-13.1/src/include/partitioning/partdefs.h Examining data/postgresql-13-13.1/src/include/partitioning/partdesc.h Examining data/postgresql-13-13.1/src/include/partitioning/partbounds.h Examining data/postgresql-13-13.1/src/include/funcapi.h Examining data/postgresql-13-13.1/src/include/commands/matview.h Examining data/postgresql-13-13.1/src/include/commands/variable.h Examining data/postgresql-13-13.1/src/include/commands/seclabel.h Examining data/postgresql-13-13.1/src/include/commands/prepare.h Examining data/postgresql-13-13.1/src/include/commands/policy.h Examining data/postgresql-13-13.1/src/include/commands/conversioncmds.h Examining data/postgresql-13-13.1/src/include/commands/schemacmds.h Examining data/postgresql-13-13.1/src/include/commands/typecmds.h Examining data/postgresql-13-13.1/src/include/commands/user.h Examining data/postgresql-13-13.1/src/include/commands/async.h Examining data/postgresql-13-13.1/src/include/commands/discard.h Examining data/postgresql-13-13.1/src/include/commands/tablespace.h Examining data/postgresql-13-13.1/src/include/commands/explain.h Examining data/postgresql-13-13.1/src/include/commands/lockcmds.h Examining data/postgresql-13-13.1/src/include/commands/copy.h Examining data/postgresql-13-13.1/src/include/commands/cluster.h Examining data/postgresql-13-13.1/src/include/commands/createas.h Examining data/postgresql-13-13.1/src/include/commands/progress.h Examining data/postgresql-13-13.1/src/include/commands/event_trigger.h Examining data/postgresql-13-13.1/src/include/commands/collationcmds.h Examining data/postgresql-13-13.1/src/include/commands/tablecmds.h Examining data/postgresql-13-13.1/src/include/commands/portalcmds.h Examining data/postgresql-13-13.1/src/include/commands/proclang.h Examining data/postgresql-13-13.1/src/include/commands/dbcommands_xlog.h Examining data/postgresql-13-13.1/src/include/commands/publicationcmds.h Examining data/postgresql-13-13.1/src/include/commands/trigger.h Examining data/postgresql-13-13.1/src/include/commands/vacuum.h Examining data/postgresql-13-13.1/src/include/commands/extension.h Examining data/postgresql-13-13.1/src/include/commands/sequence.h Examining data/postgresql-13-13.1/src/include/commands/alter.h Examining data/postgresql-13-13.1/src/include/commands/dbcommands.h Examining data/postgresql-13-13.1/src/include/commands/view.h Examining data/postgresql-13-13.1/src/include/commands/subscriptioncmds.h Examining data/postgresql-13-13.1/src/include/commands/defrem.h Examining data/postgresql-13-13.1/src/include/commands/comment.h Examining data/postgresql-13-13.1/src/include/foreign/foreign.h Examining data/postgresql-13-13.1/src/include/foreign/fdwapi.h Examining data/postgresql-13-13.1/src/include/postmaster/bgwriter.h Examining data/postgresql-13-13.1/src/include/postmaster/bgworker.h Examining data/postgresql-13-13.1/src/include/postmaster/interrupt.h Examining data/postgresql-13-13.1/src/include/postmaster/bgworker_internals.h Examining data/postgresql-13-13.1/src/include/postmaster/syslogger.h Examining data/postgresql-13-13.1/src/include/postmaster/startup.h Examining data/postgresql-13-13.1/src/include/postmaster/walwriter.h Examining data/postgresql-13-13.1/src/include/postmaster/postmaster.h Examining data/postgresql-13-13.1/src/include/postmaster/fork_process.h Examining data/postgresql-13-13.1/src/include/postmaster/pgarch.h Examining data/postgresql-13-13.1/src/include/postmaster/autovacuum.h Examining data/postgresql-13-13.1/src/include/postgres_fe.h Examining data/postgresql-13-13.1/src/include/pg_config_manual.h Examining data/postgresql-13-13.1/src/test/locale/test-ctype.c Examining data/postgresql-13-13.1/src/test/isolation/isolationtester.h Examining data/postgresql-13-13.1/src/test/isolation/specscanner.c Examining data/postgresql-13-13.1/src/test/isolation/isolationtester.c Examining data/postgresql-13-13.1/src/test/isolation/specparse.c Examining data/postgresql-13-13.1/src/test/isolation/isolation_main.c Examining data/postgresql-13-13.1/src/test/examples/testlibpq4.c Examining data/postgresql-13-13.1/src/test/examples/testlo.c Examining data/postgresql-13-13.1/src/test/examples/testlibpq2.c Examining data/postgresql-13-13.1/src/test/examples/testlo64.c Examining data/postgresql-13-13.1/src/test/examples/testlibpq3.c Examining data/postgresql-13-13.1/src/test/examples/testlibpq.c Examining data/postgresql-13-13.1/src/test/thread/thread_test.c Examining data/postgresql-13-13.1/src/test/regress/pg_regress.c Examining data/postgresql-13-13.1/src/test/regress/pg_regress_main.c Examining data/postgresql-13-13.1/src/test/regress/pg_regress.h Examining data/postgresql-13-13.1/src/test/regress/regress.c Examining data/postgresql-13-13.1/src/test/modules/test_rls_hooks/test_rls_hooks.c Examining data/postgresql-13-13.1/src/test/modules/test_rls_hooks/test_rls_hooks.h Examining data/postgresql-13-13.1/src/test/modules/test_rbtree/test_rbtree.c Examining data/postgresql-13-13.1/src/test/modules/worker_spi/worker_spi.c Examining data/postgresql-13-13.1/src/test/modules/test_parser/test_parser.c Examining data/postgresql-13-13.1/src/test/modules/test_integerset/test_integerset.c Examining data/postgresql-13-13.1/src/test/modules/ssl_passphrase_callback/ssl_passphrase_func.c Examining data/postgresql-13-13.1/src/test/modules/dummy_seclabel/dummy_seclabel.c Examining data/postgresql-13-13.1/src/test/modules/test_bloomfilter/test_bloomfilter.c Examining data/postgresql-13-13.1/src/test/modules/test_ddl_deparse/test_ddl_deparse.c Examining data/postgresql-13-13.1/src/test/modules/test_predtest/test_predtest.c Examining data/postgresql-13-13.1/src/test/modules/test_shm_mq/worker.c Examining data/postgresql-13-13.1/src/test/modules/test_shm_mq/test.c Examining data/postgresql-13-13.1/src/test/modules/test_shm_mq/setup.c Examining data/postgresql-13-13.1/src/test/modules/test_shm_mq/test_shm_mq.h Examining data/postgresql-13-13.1/src/test/modules/test_ginpostinglist/test_ginpostinglist.c Examining data/postgresql-13-13.1/src/test/modules/dummy_index_am/dummy_index_am.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/ecpgerrno.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/sql3types.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/pgtypes_timestamp.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/pgtypes_interval.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/pgtypes_numeric.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/sqlda.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/sqlca.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/ecpg_informix.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/ecpg-pthread-win32.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/pgtypes.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/ecpgtype.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/datetime.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/pgtypes_error.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/sqlda-native.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/sqlda-compat.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/sqltypes.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/pgtypes_date.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/ecpglib.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/include/decimal.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/fetch.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/dynalloc2.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/prepareas.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/quote.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/parser.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/dyntest.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/indicators.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/createtableas.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/func.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/twophase.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/bytea.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/insupd.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/desc.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/define.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/code100.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/array.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/binary.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/copystdout.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/show.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/dynalloc.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test1.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test4.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test2.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test5.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test3.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_oracle/char_array.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-desc.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-rfmtlong.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-strings.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-outofscope.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-comment.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-nan_test.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-rfmtdate.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-prepareas.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-rnull.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-show.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-charfuncs.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-quote.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-alloc.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-test_informix.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-descriptor.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-func.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dynalloc2.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-bytea.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test3.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-thread_implicit.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_oracle-char_array.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-autoprep.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-thread.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-define.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-indicators.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-array.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-define.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-num_test2.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-binary.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-copystdout.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-fetch.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-createtableas.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test4.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test1.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-whenever.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-num_test.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-prep.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-array_of_struct.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-init.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-pointer_to_struct.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-whenever_do_continue.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-twophase.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test5.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-code100.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test2.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dynalloc.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dyntest.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-parser.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-type.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-insupd.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/thread/descriptor.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/thread/thread_implicit.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/thread/alloc.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/thread/thread.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/thread/prep.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/pg_regress_ecpg.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/variable.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/autoprep.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/type.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/pointer_to_struct.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/outofscope.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/array_of_struct.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/define.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/struct.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/whenever.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/comment.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/init.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/strings.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/strings.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/test_informix.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/rfmtdate.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/dec_test.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/test_informix2.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/rfmtlong.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/rnull.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/charfuncs.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/pgtypeslib/dt_test.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/pgtypeslib/num_test2.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/pgtypeslib/nan_test.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/pgtypeslib/dt_test2.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/pgtypeslib/num_test.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/regression.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/performance/perftest.pgc Examining data/postgresql-13-13.1/src/interfaces/ecpg/test/printf_hack.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/descriptor.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/ecpglib_extern.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/data.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/sqlda.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/memory.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/prepare.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/misc.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/typename.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/keywords.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/c_keywords.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/descriptor.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg_kwlist_d.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/c_kwlist.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg_kwlist.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc_extern.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/output.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/parser.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/c_kwlist_d.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg_keywords.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/common.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/pgtypeslib_extern.h Examining data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/numeric.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/timestamp.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c Examining data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c Examining data/postgresql-13-13.1/src/interfaces/libpq/pthread-win32.c Examining data/postgresql-13-13.1/src/interfaces/libpq/test/uri-regress.c Examining data/postgresql-13-13.1/src/interfaces/libpq/pqexpbuffer.h Examining data/postgresql-13-13.1/src/interfaces/libpq/libpq-events.c Examining data/postgresql-13-13.1/src/interfaces/libpq/libpq-int.h Examining data/postgresql-13-13.1/src/interfaces/libpq/win32.c Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.h Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c Examining data/postgresql-13-13.1/src/interfaces/libpq/libpq-fe.h Examining data/postgresql-13-13.1/src/interfaces/libpq/pqexpbuffer.c Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-gssapi-common.h Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-secure.c Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-gssapi-common.c Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-lobj.c Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-misc.c Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c Examining data/postgresql-13-13.1/src/interfaces/libpq/win32.h Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c Examining data/postgresql-13-13.1/src/interfaces/libpq/libpq-events.h Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-common.h Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-common.c Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c Examining data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-gssapi.c Examining data/postgresql-13-13.1/src/interfaces/libpq/legacy-pqsignal.c Examining data/postgresql-13-13.1/src/backend/snowball/dict_snowball.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_1_norwegian.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_indonesian.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_french.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_irish.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_swedish.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_KOI8_R_russian.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_arabic.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_romanian.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_norwegian.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/api.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_1_dutch.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_1_italian.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_turkish.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_german.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_danish.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_1_english.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_1_portuguese.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_hungarian.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_dutch.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_1_danish.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_tamil.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_1_swedish.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_spanish.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_2_hungarian.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_porter.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_1_indonesian.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_1_spanish.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_russian.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_1_porter.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_1_finnish.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_1_irish.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_italian.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_english.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_1_german.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/utilities.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_portuguese.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_1_french.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_greek.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_nepali.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_lithuanian.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_ISO_8859_2_romanian.c Examining data/postgresql-13-13.1/src/backend/snowball/libstemmer/stem_UTF_8_finnish.c Examining data/postgresql-13-13.1/src/backend/bootstrap/bootscanner.c Examining data/postgresql-13-13.1/src/backend/bootstrap/bootparse.c Examining data/postgresql-13-13.1/src/backend/bootstrap/bootstrap.c Examining data/postgresql-13-13.1/src/backend/rewrite/rewriteRemove.c Examining data/postgresql-13-13.1/src/backend/rewrite/rewriteHandler.c Examining data/postgresql-13-13.1/src/backend/rewrite/rewriteSupport.c Examining data/postgresql-13-13.1/src/backend/rewrite/rowsecurity.c Examining data/postgresql-13-13.1/src/backend/rewrite/rewriteDefine.c Examining data/postgresql-13-13.1/src/backend/rewrite/rewriteManip.c Examining data/postgresql-13-13.1/src/backend/storage/lmgr/lock.c Examining data/postgresql-13-13.1/src/backend/storage/lmgr/lmgr.c Examining data/postgresql-13-13.1/src/backend/storage/lmgr/spin.c Examining data/postgresql-13-13.1/src/backend/storage/lmgr/deadlock.c Examining data/postgresql-13-13.1/src/backend/storage/lmgr/lwlocknames.c Examining data/postgresql-13-13.1/src/backend/storage/lmgr/condition_variable.c Examining data/postgresql-13-13.1/src/backend/storage/lmgr/s_lock.c Examining data/postgresql-13-13.1/src/backend/storage/lmgr/lwlocknames.h Examining data/postgresql-13-13.1/src/backend/storage/lmgr/predicate.c Examining data/postgresql-13-13.1/src/backend/storage/lmgr/lwlock.c Examining data/postgresql-13-13.1/src/backend/storage/lmgr/proc.c Examining data/postgresql-13-13.1/src/backend/storage/page/bufpage.c Examining data/postgresql-13-13.1/src/backend/storage/page/itemptr.c Examining data/postgresql-13-13.1/src/backend/storage/page/checksum.c Examining data/postgresql-13-13.1/src/backend/storage/smgr/smgr.c Examining data/postgresql-13-13.1/src/backend/storage/smgr/md.c Examining data/postgresql-13-13.1/src/backend/storage/freespace/freespace.c Examining data/postgresql-13-13.1/src/backend/storage/freespace/fsmpage.c Examining data/postgresql-13-13.1/src/backend/storage/freespace/indexfsm.c Examining data/postgresql-13-13.1/src/backend/storage/buffer/bufmgr.c Examining data/postgresql-13-13.1/src/backend/storage/buffer/freelist.c Examining data/postgresql-13-13.1/src/backend/storage/buffer/buf_init.c Examining data/postgresql-13-13.1/src/backend/storage/buffer/localbuf.c Examining data/postgresql-13-13.1/src/backend/storage/buffer/buf_table.c Examining data/postgresql-13-13.1/src/backend/storage/sync/sync.c Examining data/postgresql-13-13.1/src/backend/storage/large_object/inv_api.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/dsm.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/sinval.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/ipci.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/procsignal.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/latch.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/shm_mq.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/pmsignal.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/shmqueue.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/shmem.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/procarray.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/dsm_impl.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/sinvaladt.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/signalfuncs.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/shm_toc.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/ipc.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/standby.c Examining data/postgresql-13-13.1/src/backend/storage/ipc/barrier.c Examining data/postgresql-13-13.1/src/backend/storage/file/sharedfileset.c Examining data/postgresql-13-13.1/src/backend/storage/file/fd.c Examining data/postgresql-13-13.1/src/backend/storage/file/copydir.c Examining data/postgresql-13-13.1/src/backend/storage/file/buffile.c Examining data/postgresql-13-13.1/src/backend/storage/file/reinit.c Examining data/postgresql-13-13.1/src/backend/parser/parse_func.c Examining data/postgresql-13-13.1/src/backend/parser/parse_coerce.c Examining data/postgresql-13-13.1/src/backend/parser/parse_target.c Examining data/postgresql-13-13.1/src/backend/parser/parse_oper.c Examining data/postgresql-13-13.1/src/backend/parser/parse_cte.c Examining data/postgresql-13-13.1/src/backend/parser/parse_node.c Examining data/postgresql-13-13.1/src/backend/parser/parse_clause.c Examining data/postgresql-13-13.1/src/backend/parser/parse_expr.c Examining data/postgresql-13-13.1/src/backend/parser/parse_agg.c Examining data/postgresql-13-13.1/src/backend/parser/scansup.c Examining data/postgresql-13-13.1/src/backend/parser/parse_param.c Examining data/postgresql-13-13.1/src/backend/parser/gram.h Examining data/postgresql-13-13.1/src/backend/parser/parser.c Examining data/postgresql-13-13.1/src/backend/parser/parse_enr.c Examining data/postgresql-13-13.1/src/backend/parser/gram.c Examining data/postgresql-13-13.1/src/backend/parser/parse_utilcmd.c Examining data/postgresql-13-13.1/src/backend/parser/scan.c Examining data/postgresql-13-13.1/src/backend/parser/parse_collate.c Examining data/postgresql-13-13.1/src/backend/parser/parse_type.c Examining data/postgresql-13-13.1/src/backend/parser/parse_relation.c Examining data/postgresql-13-13.1/src/backend/parser/analyze.c Examining data/postgresql-13-13.1/src/backend/lib/integerset.c Examining data/postgresql-13-13.1/src/backend/lib/bipartite_match.c Examining data/postgresql-13-13.1/src/backend/lib/binaryheap.c Examining data/postgresql-13-13.1/src/backend/lib/dshash.c Examining data/postgresql-13-13.1/src/backend/lib/ilist.c Examining data/postgresql-13-13.1/src/backend/lib/rbtree.c Examining data/postgresql-13-13.1/src/backend/lib/pairingheap.c Examining data/postgresql-13-13.1/src/backend/lib/hyperloglog.c Examining data/postgresql-13-13.1/src/backend/lib/bloomfilter.c Examining data/postgresql-13-13.1/src/backend/lib/knapsack.c Examining data/postgresql-13-13.1/src/backend/libpq/ifaddr.c Examining data/postgresql-13-13.1/src/backend/libpq/pqformat.c Examining data/postgresql-13-13.1/src/backend/libpq/be-secure.c Examining data/postgresql-13-13.1/src/backend/libpq/auth.c Examining data/postgresql-13-13.1/src/backend/libpq/be-secure-gssapi.c Examining data/postgresql-13-13.1/src/backend/libpq/be-gssapi-common.c Examining data/postgresql-13-13.1/src/backend/libpq/pqmq.c Examining data/postgresql-13-13.1/src/backend/libpq/be-fsstubs.c Examining data/postgresql-13-13.1/src/backend/libpq/crypt.c Examining data/postgresql-13-13.1/src/backend/libpq/pqcomm.c Examining data/postgresql-13-13.1/src/backend/libpq/hba.c Examining data/postgresql-13-13.1/src/backend/libpq/pqsignal.c Examining data/postgresql-13-13.1/src/backend/libpq/auth-scram.c Examining data/postgresql-13-13.1/src/backend/libpq/be-secure-common.c Examining data/postgresql-13-13.1/src/backend/libpq/be-secure-openssl.c Examining data/postgresql-13-13.1/src/backend/replication/walreceiverfuncs.c Examining data/postgresql-13-13.1/src/backend/replication/pgoutput/pgoutput.c Examining data/postgresql-13-13.1/src/backend/replication/logical/launcher.c Examining data/postgresql-13-13.1/src/backend/replication/logical/message.c Examining data/postgresql-13-13.1/src/backend/replication/logical/tablesync.c Examining data/postgresql-13-13.1/src/backend/replication/logical/origin.c Examining data/postgresql-13-13.1/src/backend/replication/logical/logicalfuncs.c Examining data/postgresql-13-13.1/src/backend/replication/logical/worker.c Examining data/postgresql-13-13.1/src/backend/replication/logical/proto.c Examining data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c Examining data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c Examining data/postgresql-13-13.1/src/backend/replication/logical/logical.c Examining data/postgresql-13-13.1/src/backend/replication/logical/decode.c Examining data/postgresql-13-13.1/src/backend/replication/logical/relation.c Examining data/postgresql-13-13.1/src/backend/replication/walsender.c Examining data/postgresql-13-13.1/src/backend/replication/syncrep.c Examining data/postgresql-13-13.1/src/backend/replication/basebackup.c Examining data/postgresql-13-13.1/src/backend/replication/syncrep_gram.c Examining data/postgresql-13-13.1/src/backend/replication/walreceiver.c Examining data/postgresql-13-13.1/src/backend/replication/slot.c Examining data/postgresql-13-13.1/src/backend/replication/backup_manifest.c Examining data/postgresql-13-13.1/src/backend/replication/repl_gram.c Examining data/postgresql-13-13.1/src/backend/replication/slotfuncs.c Examining data/postgresql-13-13.1/src/backend/replication/syncrep_scanner.c Examining data/postgresql-13-13.1/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c Examining data/postgresql-13-13.1/src/backend/replication/repl_scanner.c Examining data/postgresql-13-13.1/src/backend/jit/llvm/llvmjit_error.cpp Examining data/postgresql-13-13.1/src/backend/jit/llvm/llvmjit.c Examining data/postgresql-13-13.1/src/backend/jit/llvm/llvmjit_types.c Examining data/postgresql-13-13.1/src/backend/jit/llvm/llvmjit_inline.cpp Examining data/postgresql-13-13.1/src/backend/jit/llvm/llvmjit_deform.c Examining data/postgresql-13-13.1/src/backend/jit/llvm/llvmjit_wrap.cpp Examining data/postgresql-13-13.1/src/backend/jit/llvm/llvmjit_expr.c Examining data/postgresql-13-13.1/src/backend/jit/jit.c Examining data/postgresql-13-13.1/src/backend/statistics/mcv.c Examining data/postgresql-13-13.1/src/backend/statistics/mvdistinct.c Examining data/postgresql-13-13.1/src/backend/statistics/dependencies.c Examining data/postgresql-13-13.1/src/backend/statistics/extended_stats.c Examining data/postgresql-13-13.1/src/backend/executor/nodeIncrementalSort.c Examining data/postgresql-13-13.1/src/backend/executor/nodeSamplescan.c Examining data/postgresql-13-13.1/src/backend/executor/nodeHash.c Examining data/postgresql-13-13.1/src/backend/executor/execIndexing.c Examining data/postgresql-13-13.1/src/backend/executor/instrument.c Examining data/postgresql-13-13.1/src/backend/executor/nodeGatherMerge.c Examining data/postgresql-13-13.1/src/backend/executor/nodeBitmapAnd.c Examining data/postgresql-13-13.1/src/backend/executor/execExpr.c Examining data/postgresql-13-13.1/src/backend/executor/nodeTidscan.c Examining data/postgresql-13-13.1/src/backend/executor/nodeCustom.c Examining data/postgresql-13-13.1/src/backend/executor/execProcnode.c Examining data/postgresql-13-13.1/src/backend/executor/nodeHashjoin.c Examining data/postgresql-13-13.1/src/backend/executor/execJunk.c Examining data/postgresql-13-13.1/src/backend/executor/nodeSubplan.c Examining data/postgresql-13-13.1/src/backend/executor/execCurrent.c Examining data/postgresql-13-13.1/src/backend/executor/nodeIndexonlyscan.c Examining data/postgresql-13-13.1/src/backend/executor/nodeMaterial.c Examining data/postgresql-13-13.1/src/backend/executor/nodeNamedtuplestorescan.c Examining data/postgresql-13-13.1/src/backend/executor/execMain.c Examining data/postgresql-13-13.1/src/backend/executor/nodeForeignscan.c Examining data/postgresql-13-13.1/src/backend/executor/nodeFunctionscan.c Examining data/postgresql-13-13.1/src/backend/executor/nodeValuesscan.c Examining data/postgresql-13-13.1/src/backend/executor/nodeLimit.c Examining data/postgresql-13-13.1/src/backend/executor/execExprInterp.c Examining data/postgresql-13-13.1/src/backend/executor/nodeResult.c Examining data/postgresql-13-13.1/src/backend/executor/execAmi.c Examining data/postgresql-13-13.1/src/backend/executor/nodeBitmapHeapscan.c Examining data/postgresql-13-13.1/src/backend/executor/nodeWindowAgg.c Examining data/postgresql-13-13.1/src/backend/executor/tqueue.c Examining data/postgresql-13-13.1/src/backend/executor/nodeBitmapIndexscan.c Examining data/postgresql-13-13.1/src/backend/executor/nodeNestloop.c Examining data/postgresql-13-13.1/src/backend/executor/nodeTableFuncscan.c Examining data/postgresql-13-13.1/src/backend/executor/execPartition.c Examining data/postgresql-13-13.1/src/backend/executor/nodeBitmapOr.c Examining data/postgresql-13-13.1/src/backend/executor/execUtils.c Examining data/postgresql-13-13.1/src/backend/executor/execParallel.c Examining data/postgresql-13-13.1/src/backend/executor/execScan.c Examining data/postgresql-13-13.1/src/backend/executor/nodeRecursiveunion.c Examining data/postgresql-13-13.1/src/backend/executor/nodeSeqscan.c Examining data/postgresql-13-13.1/src/backend/executor/nodeMergejoin.c Examining data/postgresql-13-13.1/src/backend/executor/tstoreReceiver.c Examining data/postgresql-13-13.1/src/backend/executor/nodeModifyTable.c Examining data/postgresql-13-13.1/src/backend/executor/execSRF.c Examining data/postgresql-13-13.1/src/backend/executor/spi.c Examining data/postgresql-13-13.1/src/backend/executor/nodeGather.c Examining data/postgresql-13-13.1/src/backend/executor/nodeUnique.c Examining data/postgresql-13-13.1/src/backend/executor/nodeAgg.c Examining data/postgresql-13-13.1/src/backend/executor/nodeIndexscan.c Examining data/postgresql-13-13.1/src/backend/executor/nodeMergeAppend.c Examining data/postgresql-13-13.1/src/backend/executor/nodeAppend.c Examining data/postgresql-13-13.1/src/backend/executor/nodeGroup.c Examining data/postgresql-13-13.1/src/backend/executor/nodeSort.c Examining data/postgresql-13-13.1/src/backend/executor/nodeProjectSet.c Examining data/postgresql-13-13.1/src/backend/executor/execTuples.c Examining data/postgresql-13-13.1/src/backend/executor/functions.c Examining data/postgresql-13-13.1/src/backend/executor/nodeWorktablescan.c Examining data/postgresql-13-13.1/src/backend/executor/execGrouping.c Examining data/postgresql-13-13.1/src/backend/executor/nodeCtescan.c Examining data/postgresql-13-13.1/src/backend/executor/nodeSetOp.c Examining data/postgresql-13-13.1/src/backend/executor/nodeSubqueryscan.c Examining data/postgresql-13-13.1/src/backend/executor/nodeLockRows.c Examining data/postgresql-13-13.1/src/backend/executor/execReplication.c Examining data/postgresql-13-13.1/src/backend/tsearch/regis.c Examining data/postgresql-13-13.1/src/backend/tsearch/to_tsany.c Examining data/postgresql-13-13.1/src/backend/tsearch/ts_typanalyze.c Examining data/postgresql-13-13.1/src/backend/tsearch/wparser.c Examining data/postgresql-13-13.1/src/backend/tsearch/wparser_def.c Examining data/postgresql-13-13.1/src/backend/tsearch/ts_selfuncs.c Examining data/postgresql-13-13.1/src/backend/tsearch/dict.c Examining data/postgresql-13-13.1/src/backend/tsearch/dict_synonym.c Examining data/postgresql-13-13.1/src/backend/tsearch/spell.c Examining data/postgresql-13-13.1/src/backend/tsearch/dict_ispell.c Examining data/postgresql-13-13.1/src/backend/tsearch/ts_utils.c Examining data/postgresql-13-13.1/src/backend/tsearch/dict_thesaurus.c Examining data/postgresql-13-13.1/src/backend/tsearch/ts_locale.c Examining data/postgresql-13-13.1/src/backend/tsearch/ts_parse.c Examining data/postgresql-13-13.1/src/backend/tsearch/dict_simple.c Examining data/postgresql-13-13.1/src/backend/utils/adt/numutils.c Examining data/postgresql-13-13.1/src/backend/utils/adt/dbsize.c Examining data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_typanalyze.c Examining data/postgresql-13-13.1/src/backend/utils/adt/cash.c Examining data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/tid.c Examining data/postgresql-13-13.1/src/backend/utils/adt/like_match.c Examining data/postgresql-13-13.1/src/backend/utils/adt/int.c Examining data/postgresql-13-13.1/src/backend/utils/adt/partitionfuncs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/windowfuncs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/genfile.c Examining data/postgresql-13-13.1/src/backend/utils/adt/lockfuncs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/like_support.c Examining data/postgresql-13-13.1/src/backend/utils/adt/oid.c Examining data/postgresql-13-13.1/src/backend/utils/adt/cryptohashes.c Examining data/postgresql-13-13.1/src/backend/utils/adt/datetime.c Examining data/postgresql-13-13.1/src/backend/utils/adt/bool.c Examining data/postgresql-13-13.1/src/backend/utils/adt/array_expanded.c Examining data/postgresql-13-13.1/src/backend/utils/adt/tsquery_gist.c Examining data/postgresql-13-13.1/src/backend/utils/adt/tsvector.c Examining data/postgresql-13-13.1/src/backend/utils/adt/quote.c Examining data/postgresql-13-13.1/src/backend/utils/adt/format_type.c Examining data/postgresql-13-13.1/src/backend/utils/adt/orderedsetaggs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/float.c Examining data/postgresql-13-13.1/src/backend/utils/adt/ascii.c Examining data/postgresql-13-13.1/src/backend/utils/adt/expandedrecord.c Examining data/postgresql-13-13.1/src/backend/utils/adt/levenshtein.c Examining data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c Examining data/postgresql-13-13.1/src/backend/utils/adt/geo_spgist.c Examining data/postgresql-13-13.1/src/backend/utils/adt/name.c Examining data/postgresql-13-13.1/src/backend/utils/adt/enum.c Examining data/postgresql-13-13.1/src/backend/utils/adt/tsquery_op.c Examining data/postgresql-13-13.1/src/backend/utils/adt/pseudotypes.c Examining data/postgresql-13-13.1/src/backend/utils/adt/xid8funcs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/varchar.c Examining data/postgresql-13-13.1/src/backend/utils/adt/array_selfuncs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_scan.c Examining data/postgresql-13-13.1/src/backend/utils/adt/jsonb_op.c Examining data/postgresql-13-13.1/src/backend/utils/adt/tsrank.c Examining data/postgresql-13-13.1/src/backend/utils/adt/array_typanalyze.c Examining data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_spgist.c Examining data/postgresql-13-13.1/src/backend/utils/adt/amutils.c Examining data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c Examining data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_gram.c Examining data/postgresql-13-13.1/src/backend/utils/adt/rangetypes.c Examining data/postgresql-13-13.1/src/backend/utils/adt/tsvector_parser.c Examining data/postgresql-13-13.1/src/backend/utils/adt/datum.c Examining data/postgresql-13-13.1/src/backend/utils/adt/uuid.c Examining data/postgresql-13-13.1/src/backend/utils/adt/regexp.c Examining data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_exec.c Examining data/postgresql-13-13.1/src/backend/utils/adt/regproc.c Examining data/postgresql-13-13.1/src/backend/utils/adt/network.c Examining data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c Examining data/postgresql-13-13.1/src/backend/utils/adt/tsquery_rewrite.c Examining data/postgresql-13-13.1/src/backend/utils/adt/numeric.c Examining data/postgresql-13-13.1/src/backend/utils/adt/tsquery_util.c Examining data/postgresql-13-13.1/src/backend/utils/adt/xid.c Examining data/postgresql-13-13.1/src/backend/utils/adt/formatting.c Examining data/postgresql-13-13.1/src/backend/utils/adt/acl.c Examining data/postgresql-13-13.1/src/backend/utils/adt/jsonb_util.c Examining data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c Examining data/postgresql-13-13.1/src/backend/utils/adt/oracle_compat.c Examining data/postgresql-13-13.1/src/backend/utils/adt/jsonb_gin.c Examining data/postgresql-13-13.1/src/backend/utils/adt/tsgistidx.c Examining data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/tsquery_cleanup.c Examining data/postgresql-13-13.1/src/backend/utils/adt/char.c Examining data/postgresql-13-13.1/src/backend/utils/adt/pg_upgrade_support.c Examining data/postgresql-13-13.1/src/backend/utils/adt/json.c Examining data/postgresql-13-13.1/src/backend/utils/adt/tsginidx.c Examining data/postgresql-13-13.1/src/backend/utils/adt/rowtypes.c Examining data/postgresql-13-13.1/src/backend/utils/adt/int8.c Examining data/postgresql-13-13.1/src/backend/utils/adt/pgstatfuncs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/date.c Examining data/postgresql-13-13.1/src/backend/utils/adt/like.c Examining data/postgresql-13-13.1/src/backend/utils/adt/xml.c Examining data/postgresql-13-13.1/src/backend/utils/adt/inet_net_pton.c Examining data/postgresql-13-13.1/src/backend/utils/adt/pg_lsn.c Examining data/postgresql-13-13.1/src/backend/utils/adt/array_userfuncs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c Examining data/postgresql-13-13.1/src/backend/utils/adt/arrayutils.c Examining data/postgresql-13-13.1/src/backend/utils/adt/trigfuncs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/version.c Examining data/postgresql-13-13.1/src/backend/utils/adt/misc.c Examining data/postgresql-13-13.1/src/backend/utils/adt/expandeddatum.c Examining data/postgresql-13-13.1/src/backend/utils/adt/mac.c Examining data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c Examining data/postgresql-13-13.1/src/backend/utils/adt/network_selfuncs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/geo_selfuncs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_gist.c Examining data/postgresql-13-13.1/src/backend/utils/adt/encode.c Examining data/postgresql-13-13.1/src/backend/utils/adt/mac8.c Examining data/postgresql-13-13.1/src/backend/utils/adt/varlena.c Examining data/postgresql-13-13.1/src/backend/utils/adt/inet_cidr_ntop.c Examining data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/selfuncs.c Examining data/postgresql-13-13.1/src/backend/utils/adt/network_gist.c Examining data/postgresql-13-13.1/src/backend/utils/adt/jsonpath.c Examining data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c Examining data/postgresql-13-13.1/src/backend/utils/adt/network_spgist.c Examining data/postgresql-13-13.1/src/backend/utils/adt/varbit.c Examining data/postgresql-13-13.1/src/backend/utils/adt/geo_ops.c Examining data/postgresql-13-13.1/src/backend/utils/adt/domains.c Examining data/postgresql-13-13.1/src/backend/utils/fmgr/funcapi.c Examining data/postgresql-13-13.1/src/backend/utils/fmgr/fmgr.c Examining data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c Examining data/postgresql-13-13.1/src/backend/utils/misc/pg_config.c Examining data/postgresql-13-13.1/src/backend/utils/misc/rls.c Examining data/postgresql-13-13.1/src/backend/utils/misc/queryenvironment.c Examining data/postgresql-13-13.1/src/backend/utils/misc/superuser.c Examining data/postgresql-13-13.1/src/backend/utils/misc/pg_rusage.c Examining data/postgresql-13-13.1/src/backend/utils/misc/help_config.c Examining data/postgresql-13-13.1/src/backend/utils/misc/pg_controldata.c Examining data/postgresql-13-13.1/src/backend/utils/misc/sampling.c Examining data/postgresql-13-13.1/src/backend/utils/misc/ps_status.c Examining data/postgresql-13-13.1/src/backend/utils/misc/timeout.c Examining data/postgresql-13-13.1/src/backend/utils/misc/guc-file.c Examining data/postgresql-13-13.1/src/backend/utils/misc/tzparser.c Examining data/postgresql-13-13.1/src/backend/utils/misc/guc.c Examining data/postgresql-13-13.1/src/backend/utils/mb/iso.c Examining data/postgresql-13-13.1/src/backend/utils/mb/stringinfo_mb.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conv.c Examining data/postgresql-13-13.1/src/backend/utils/mb/wstrcmp.c Examining data/postgresql-13-13.1/src/backend/utils/mb/win866.c Examining data/postgresql-13-13.1/src/backend/utils/mb/win1251.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_big5/utf8_and_big5.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_iso8859_1/utf8_and_iso8859_1.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_uhc/utf8_and_uhc.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/euc_jp_and_sjis/euc_jp_and_sjis.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_sjis2004/utf8_and_sjis2004.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_euc_cn/utf8_and_euc_cn.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/latin_and_mic/latin_and_mic.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_euc_jp/utf8_and_euc_jp.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_sjis/utf8_and_sjis.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/euc2004_sjis2004/euc2004_sjis2004.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/euc_cn_and_mic/euc_cn_and_mic.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_iso8859/utf8_and_iso8859.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_gb18030/utf8_and_gb18030.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_euc_kr/utf8_and_euc_kr.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_cyrillic/utf8_and_cyrillic.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/latin2_and_win1250/latin2_and_win1250.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_euc2004/utf8_and_euc2004.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_win/utf8_and_win.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_euc_tw/utf8_and_euc_tw.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_gbk/utf8_and_gbk.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/euc_tw_and_big5/big5.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/euc_tw_and_big5/euc_tw_and_big5.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/euc_kr_and_mic/euc_kr_and_mic.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/cyrillic_and_mic/cyrillic_and_mic.c Examining data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/utf8_and_johab/utf8_and_johab.c Examining data/postgresql-13-13.1/src/backend/utils/mb/wstrncmp.c Examining data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c Examining data/postgresql-13-13.1/src/backend/utils/errcodes.h Examining data/postgresql-13-13.1/src/backend/utils/fmgrtab.c Examining data/postgresql-13-13.1/src/backend/utils/init/postinit.c Examining data/postgresql-13-13.1/src/backend/utils/init/miscinit.c Examining data/postgresql-13-13.1/src/backend/utils/init/globals.c Examining data/postgresql-13-13.1/src/backend/utils/mmgr/mcxt.c Examining data/postgresql-13-13.1/src/backend/utils/mmgr/memdebug.c Examining data/postgresql-13-13.1/src/backend/utils/mmgr/generation.c Examining data/postgresql-13-13.1/src/backend/utils/mmgr/portalmem.c Examining data/postgresql-13-13.1/src/backend/utils/mmgr/slab.c Examining data/postgresql-13-13.1/src/backend/utils/mmgr/freepage.c Examining data/postgresql-13-13.1/src/backend/utils/mmgr/dsa.c Examining data/postgresql-13-13.1/src/backend/utils/mmgr/aset.c Examining data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c Examining data/postgresql-13-13.1/src/backend/utils/time/combocid.c Examining data/postgresql-13-13.1/src/backend/utils/cache/lsyscache.c Examining data/postgresql-13-13.1/src/backend/utils/cache/spccache.c Examining data/postgresql-13-13.1/src/backend/utils/cache/syscache.c Examining data/postgresql-13-13.1/src/backend/utils/cache/ts_cache.c Examining data/postgresql-13-13.1/src/backend/utils/cache/partcache.c Examining data/postgresql-13-13.1/src/backend/utils/cache/catcache.c Examining data/postgresql-13-13.1/src/backend/utils/cache/plancache.c Examining data/postgresql-13-13.1/src/backend/utils/cache/typcache.c Examining data/postgresql-13-13.1/src/backend/utils/cache/relmapper.c Examining data/postgresql-13-13.1/src/backend/utils/cache/attoptcache.c Examining data/postgresql-13-13.1/src/backend/utils/cache/evtcache.c Examining data/postgresql-13-13.1/src/backend/utils/cache/relfilenodemap.c Examining data/postgresql-13-13.1/src/backend/utils/cache/inval.c Examining data/postgresql-13-13.1/src/backend/utils/cache/relcache.c Examining data/postgresql-13-13.1/src/backend/utils/hash/pg_crc.c Examining data/postgresql-13-13.1/src/backend/utils/hash/dynahash.c Examining data/postgresql-13-13.1/src/backend/utils/sort/qsort_tuple.c Examining data/postgresql-13-13.1/src/backend/utils/sort/logtape.c Examining data/postgresql-13-13.1/src/backend/utils/sort/sharedtuplestore.c Examining data/postgresql-13-13.1/src/backend/utils/sort/tuplestore.c Examining data/postgresql-13-13.1/src/backend/utils/sort/sortsupport.c Examining data/postgresql-13-13.1/src/backend/utils/sort/tuplesort.c Examining data/postgresql-13-13.1/src/backend/utils/fmgrprotos.h Examining data/postgresql-13-13.1/src/backend/utils/resowner/resowner.c Examining data/postgresql-13-13.1/src/backend/utils/error/assert.c Examining data/postgresql-13-13.1/src/backend/utils/error/elog.c Examining data/postgresql-13-13.1/src/backend/utils/fmgroids.h Examining data/postgresql-13-13.1/src/backend/optimizer/prep/prepjointree.c Examining data/postgresql-13-13.1/src/backend/optimizer/prep/prepqual.c Examining data/postgresql-13-13.1/src/backend/optimizer/prep/prepunion.c Examining data/postgresql-13-13.1/src/backend/optimizer/prep/preptlist.c Examining data/postgresql-13-13.1/src/backend/optimizer/util/clauses.c Examining data/postgresql-13-13.1/src/backend/optimizer/util/relnode.c Examining data/postgresql-13-13.1/src/backend/optimizer/util/tlist.c Examining data/postgresql-13-13.1/src/backend/optimizer/util/predtest.c Examining data/postgresql-13-13.1/src/backend/optimizer/util/paramassign.c Examining data/postgresql-13-13.1/src/backend/optimizer/util/plancat.c Examining data/postgresql-13-13.1/src/backend/optimizer/util/var.c Examining data/postgresql-13-13.1/src/backend/optimizer/util/restrictinfo.c Examining data/postgresql-13-13.1/src/backend/optimizer/util/pathnode.c Examining data/postgresql-13-13.1/src/backend/optimizer/util/joininfo.c Examining data/postgresql-13-13.1/src/backend/optimizer/util/appendinfo.c Examining data/postgresql-13-13.1/src/backend/optimizer/util/placeholder.c Examining data/postgresql-13-13.1/src/backend/optimizer/util/inherit.c Examining data/postgresql-13-13.1/src/backend/optimizer/util/orclauses.c Examining data/postgresql-13-13.1/src/backend/optimizer/plan/initsplan.c Examining data/postgresql-13-13.1/src/backend/optimizer/plan/createplan.c Examining data/postgresql-13-13.1/src/backend/optimizer/plan/analyzejoins.c Examining data/postgresql-13-13.1/src/backend/optimizer/plan/planagg.c Examining data/postgresql-13-13.1/src/backend/optimizer/plan/subselect.c Examining data/postgresql-13-13.1/src/backend/optimizer/plan/planmain.c Examining data/postgresql-13-13.1/src/backend/optimizer/plan/planner.c Examining data/postgresql-13-13.1/src/backend/optimizer/plan/setrefs.c Examining data/postgresql-13-13.1/src/backend/optimizer/path/costsize.c Examining data/postgresql-13-13.1/src/backend/optimizer/path/allpaths.c Examining data/postgresql-13-13.1/src/backend/optimizer/path/joinrels.c Examining data/postgresql-13-13.1/src/backend/optimizer/path/joinpath.c Examining data/postgresql-13-13.1/src/backend/optimizer/path/clausesel.c Examining data/postgresql-13-13.1/src/backend/optimizer/path/indxpath.c Examining data/postgresql-13-13.1/src/backend/optimizer/path/pathkeys.c Examining data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c Examining data/postgresql-13-13.1/src/backend/optimizer/path/tidpath.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_px.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_misc.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_cx.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_recombination.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_ox1.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_ox2.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_copy.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_pool.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_erx.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_main.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_mutation.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_eval.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_pmx.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_random.c Examining data/postgresql-13-13.1/src/backend/optimizer/geqo/geqo_selection.c Examining data/postgresql-13-13.1/src/backend/main/main.c Examining data/postgresql-13-13.1/src/backend/nodes/tidbitmap.c Examining data/postgresql-13-13.1/src/backend/nodes/read.c Examining data/postgresql-13-13.1/src/backend/nodes/outfuncs.c Examining data/postgresql-13-13.1/src/backend/nodes/nodeFuncs.c Examining data/postgresql-13-13.1/src/backend/nodes/copyfuncs.c Examining data/postgresql-13-13.1/src/backend/nodes/value.c Examining data/postgresql-13-13.1/src/backend/nodes/readfuncs.c Examining data/postgresql-13-13.1/src/backend/nodes/list.c Examining data/postgresql-13-13.1/src/backend/nodes/extensible.c Examining data/postgresql-13-13.1/src/backend/nodes/print.c Examining data/postgresql-13-13.1/src/backend/nodes/makefuncs.c Examining data/postgresql-13-13.1/src/backend/nodes/params.c Examining data/postgresql-13-13.1/src/backend/nodes/equalfuncs.c Examining data/postgresql-13-13.1/src/backend/nodes/nodes.c Examining data/postgresql-13-13.1/src/backend/nodes/bitmapset.c Examining data/postgresql-13-13.1/src/backend/regex/regc_lex.c Examining data/postgresql-13-13.1/src/backend/regex/regexport.c Examining data/postgresql-13-13.1/src/backend/regex/regcomp.c Examining data/postgresql-13-13.1/src/backend/regex/regerror.c Examining data/postgresql-13-13.1/src/backend/regex/regc_locale.c Examining data/postgresql-13-13.1/src/backend/regex/regc_cvec.c Examining data/postgresql-13-13.1/src/backend/regex/regfree.c Examining data/postgresql-13-13.1/src/backend/regex/regc_pg_locale.c Examining data/postgresql-13-13.1/src/backend/regex/rege_dfa.c Examining data/postgresql-13-13.1/src/backend/regex/regprefix.c Examining data/postgresql-13-13.1/src/backend/regex/regexec.c Examining data/postgresql-13-13.1/src/backend/regex/regc_color.c Examining data/postgresql-13-13.1/src/backend/regex/regc_nfa.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_tablespace_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_constraint_d.h Examining data/postgresql-13-13.1/src/backend/catalog/objectaddress.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_publication_rel_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_ts_parser_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_type.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_proc_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_amproc_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_authid_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_replication_origin_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_cast.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_extension_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_type_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_attribute_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_ts_config_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_statistic_ext_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_collation_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_auth_members_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_user_mapping_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_transform_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_publication_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_database_d.h Examining data/postgresql-13-13.1/src/backend/catalog/indexing.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_cast_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_shseclabel_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_ts_config_map_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_inherits_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_shdescription_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_largeobject.c Examining data/postgresql-13-13.1/src/backend/catalog/toasting.c Examining data/postgresql-13-13.1/src/backend/catalog/storage.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_sequence_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_foreign_server_d.h Examining data/postgresql-13-13.1/src/backend/catalog/partition.c Examining data/postgresql-13-13.1/src/backend/catalog/heap.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_subscription.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_amop_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_default_acl_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_shdepend.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_aggregate.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_subscription_rel_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_class_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_attrdef_d.h Examining data/postgresql-13-13.1/src/backend/catalog/schemapg.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_enum_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_event_trigger_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_depend_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_enum.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_partitioned_table_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_description_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_publication.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_collation.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_rewrite_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_depend.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_init_privs_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_range_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_conversion.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_seclabel_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_range.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_conversion_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_am_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_opfamily_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_policy_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_aggregate_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_ts_dict_d.h Examining data/postgresql-13-13.1/src/backend/catalog/aclchk.c Examining data/postgresql-13-13.1/src/backend/catalog/namespace.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_statistic_ext_data_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_namespace_d.h Examining data/postgresql-13-13.1/src/backend/catalog/catalog.c Examining data/postgresql-13-13.1/src/backend/catalog/index.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_language_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_inherits.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_ts_template_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_largeobject_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_operator.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_proc.c Examining data/postgresql-13-13.1/src/backend/catalog/objectaccess.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_shdepend_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_largeobject_metadata_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_operator_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_namespace.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_constraint.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_statistic_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_trigger_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_foreign_data_wrapper_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_db_role_setting_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_opclass_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_index_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_foreign_table_d.h Examining data/postgresql-13-13.1/src/backend/catalog/pg_db_role_setting.c Examining data/postgresql-13-13.1/src/backend/catalog/pg_subscription_d.h Examining data/postgresql-13-13.1/src/backend/catalog/dependency.c Examining data/postgresql-13-13.1/src/backend/port/win32_shmem.c Examining data/postgresql-13-13.1/src/backend/port/win32_sema.c Examining data/postgresql-13-13.1/src/backend/port/sysv_sema.c Examining data/postgresql-13-13.1/src/backend/port/posix_sema.c Examining data/postgresql-13-13.1/src/backend/port/sysv_shmem.c Examining data/postgresql-13-13.1/src/backend/port/win32/timer.c Examining data/postgresql-13-13.1/src/backend/port/win32/signal.c Examining data/postgresql-13-13.1/src/backend/port/win32/socket.c Examining data/postgresql-13-13.1/src/backend/port/win32/crashdump.c Examining data/postgresql-13-13.1/src/backend/port/atomics.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/gindesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/logicalmsgdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/spgdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/relmapdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/nbtdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/xlogdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/standbydesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/committsdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/seqdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/heapdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/replorigindesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/brindesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/tblspcdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/xactdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/clogdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/gistdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/dbasedesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/smgrdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/genericdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/hashdesc.c Examining data/postgresql-13-13.1/src/backend/access/rmgrdesc/mxactdesc.c Examining data/postgresql-13-13.1/src/backend/access/gist/gistsplit.c Examining data/postgresql-13-13.1/src/backend/access/gist/gistbuild.c Examining data/postgresql-13-13.1/src/backend/access/gist/gistproc.c Examining data/postgresql-13-13.1/src/backend/access/gist/gistxlog.c Examining data/postgresql-13-13.1/src/backend/access/gist/gistvacuum.c Examining data/postgresql-13-13.1/src/backend/access/gist/gistget.c Examining data/postgresql-13-13.1/src/backend/access/gist/gistscan.c Examining data/postgresql-13-13.1/src/backend/access/gist/gist.c Examining data/postgresql-13-13.1/src/backend/access/gist/gistbuildbuffers.c Examining data/postgresql-13-13.1/src/backend/access/gist/gistutil.c Examining data/postgresql-13-13.1/src/backend/access/gist/gistvalidate.c Examining data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c Examining data/postgresql-13-13.1/src/backend/access/transam/clog.c Examining data/postgresql-13-13.1/src/backend/access/transam/parallel.c Examining data/postgresql-13-13.1/src/backend/access/transam/twophase.c Examining data/postgresql-13-13.1/src/backend/access/transam/xloginsert.c Examining data/postgresql-13-13.1/src/backend/access/transam/commit_ts.c Examining data/postgresql-13-13.1/src/backend/access/transam/rmgr.c Examining data/postgresql-13-13.1/src/backend/access/transam/multixact.c Examining data/postgresql-13-13.1/src/backend/access/transam/xact.c Examining data/postgresql-13-13.1/src/backend/access/transam/varsup.c Examining data/postgresql-13-13.1/src/backend/access/transam/xlog.c Examining data/postgresql-13-13.1/src/backend/access/transam/xlogutils.c Examining data/postgresql-13-13.1/src/backend/access/transam/generic_xlog.c Examining data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c Examining data/postgresql-13-13.1/src/backend/access/transam/transam.c Examining data/postgresql-13-13.1/src/backend/access/transam/twophase_rmgr.c Examining data/postgresql-13-13.1/src/backend/access/transam/slru.c Examining data/postgresql-13-13.1/src/backend/access/transam/subtrans.c Examining data/postgresql-13-13.1/src/backend/access/transam/xlogfuncs.c Examining data/postgresql-13-13.1/src/backend/access/transam/timeline.c Examining data/postgresql-13-13.1/src/backend/access/spgist/spgvalidate.c Examining data/postgresql-13-13.1/src/backend/access/spgist/spginsert.c Examining data/postgresql-13-13.1/src/backend/access/spgist/spgquadtreeproc.c Examining data/postgresql-13-13.1/src/backend/access/spgist/spgtextproc.c Examining data/postgresql-13-13.1/src/backend/access/spgist/spgutils.c Examining data/postgresql-13-13.1/src/backend/access/spgist/spgxlog.c Examining data/postgresql-13-13.1/src/backend/access/spgist/spgscan.c Examining data/postgresql-13-13.1/src/backend/access/spgist/spgdoinsert.c Examining data/postgresql-13-13.1/src/backend/access/spgist/spgproc.c Examining data/postgresql-13-13.1/src/backend/access/spgist/spgvacuum.c Examining data/postgresql-13-13.1/src/backend/access/spgist/spgkdtreeproc.c Examining data/postgresql-13-13.1/src/backend/access/heap/heapam_visibility.c Examining data/postgresql-13-13.1/src/backend/access/heap/hio.c Examining data/postgresql-13-13.1/src/backend/access/heap/pruneheap.c Examining data/postgresql-13-13.1/src/backend/access/heap/syncscan.c Examining data/postgresql-13-13.1/src/backend/access/heap/heapam_handler.c Examining data/postgresql-13-13.1/src/backend/access/heap/heapam.c Examining data/postgresql-13-13.1/src/backend/access/heap/rewriteheap.c Examining data/postgresql-13-13.1/src/backend/access/heap/vacuumlazy.c Examining data/postgresql-13-13.1/src/backend/access/heap/visibilitymap.c Examining data/postgresql-13-13.1/src/backend/access/heap/heaptoast.c Examining data/postgresql-13-13.1/src/backend/access/nbtree/nbtree.c Examining data/postgresql-13-13.1/src/backend/access/nbtree/nbtxlog.c Examining data/postgresql-13-13.1/src/backend/access/nbtree/nbtsort.c Examining data/postgresql-13-13.1/src/backend/access/nbtree/nbtutils.c Examining data/postgresql-13-13.1/src/backend/access/nbtree/nbtpage.c Examining data/postgresql-13-13.1/src/backend/access/nbtree/nbtcompare.c Examining data/postgresql-13-13.1/src/backend/access/nbtree/nbtinsert.c Examining data/postgresql-13-13.1/src/backend/access/nbtree/nbtsplitloc.c Examining data/postgresql-13-13.1/src/backend/access/nbtree/nbtsearch.c Examining data/postgresql-13-13.1/src/backend/access/nbtree/nbtdedup.c Examining data/postgresql-13-13.1/src/backend/access/nbtree/nbtvalidate.c Examining data/postgresql-13-13.1/src/backend/access/index/amapi.c Examining data/postgresql-13-13.1/src/backend/access/index/amvalidate.c Examining data/postgresql-13-13.1/src/backend/access/index/genam.c Examining data/postgresql-13-13.1/src/backend/access/index/indexam.c Examining data/postgresql-13-13.1/src/backend/access/table/toast_helper.c Examining data/postgresql-13-13.1/src/backend/access/table/table.c Examining data/postgresql-13-13.1/src/backend/access/table/tableamapi.c Examining data/postgresql-13-13.1/src/backend/access/table/tableam.c Examining data/postgresql-13-13.1/src/backend/access/gin/ginvalidate.c Examining data/postgresql-13-13.1/src/backend/access/gin/ginutil.c Examining data/postgresql-13-13.1/src/backend/access/gin/ginxlog.c Examining data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c Examining data/postgresql-13-13.1/src/backend/access/gin/ginfast.c Examining data/postgresql-13-13.1/src/backend/access/gin/gininsert.c Examining data/postgresql-13-13.1/src/backend/access/gin/ginscan.c Examining data/postgresql-13-13.1/src/backend/access/gin/ginbulk.c Examining data/postgresql-13-13.1/src/backend/access/gin/ginlogic.c Examining data/postgresql-13-13.1/src/backend/access/gin/ginarrayproc.c Examining data/postgresql-13-13.1/src/backend/access/gin/ginget.c Examining data/postgresql-13-13.1/src/backend/access/gin/ginvacuum.c Examining data/postgresql-13-13.1/src/backend/access/gin/ginbtree.c Examining data/postgresql-13-13.1/src/backend/access/gin/ginpostinglist.c Examining data/postgresql-13-13.1/src/backend/access/gin/ginentrypage.c Examining data/postgresql-13-13.1/src/backend/access/hash/hashinsert.c Examining data/postgresql-13-13.1/src/backend/access/hash/hashpage.c Examining data/postgresql-13-13.1/src/backend/access/hash/hashsort.c Examining data/postgresql-13-13.1/src/backend/access/hash/hashutil.c Examining data/postgresql-13-13.1/src/backend/access/hash/hashvalidate.c Examining data/postgresql-13-13.1/src/backend/access/hash/hash.c Examining data/postgresql-13-13.1/src/backend/access/hash/hashfunc.c Examining data/postgresql-13-13.1/src/backend/access/hash/hashsearch.c Examining data/postgresql-13-13.1/src/backend/access/hash/hashovfl.c Examining data/postgresql-13-13.1/src/backend/access/hash/hash_xlog.c Examining data/postgresql-13-13.1/src/backend/access/common/session.c Examining data/postgresql-13-13.1/src/backend/access/common/printsimple.c Examining data/postgresql-13-13.1/src/backend/access/common/scankey.c Examining data/postgresql-13-13.1/src/backend/access/common/tupconvert.c Examining data/postgresql-13-13.1/src/backend/access/common/heaptuple.c Examining data/postgresql-13-13.1/src/backend/access/common/indextuple.c Examining data/postgresql-13-13.1/src/backend/access/common/bufmask.c Examining data/postgresql-13-13.1/src/backend/access/common/tupdesc.c Examining data/postgresql-13-13.1/src/backend/access/common/detoast.c Examining data/postgresql-13-13.1/src/backend/access/common/reloptions.c Examining data/postgresql-13-13.1/src/backend/access/common/toast_internals.c Examining data/postgresql-13-13.1/src/backend/access/common/attmap.c Examining data/postgresql-13-13.1/src/backend/access/common/printtup.c Examining data/postgresql-13-13.1/src/backend/access/common/relation.c Examining data/postgresql-13-13.1/src/backend/access/tablesample/system.c Examining data/postgresql-13-13.1/src/backend/access/tablesample/tablesample.c Examining data/postgresql-13-13.1/src/backend/access/tablesample/bernoulli.c Examining data/postgresql-13-13.1/src/backend/access/brin/brin_validate.c Examining data/postgresql-13-13.1/src/backend/access/brin/brin_xlog.c Examining data/postgresql-13-13.1/src/backend/access/brin/brin_pageops.c Examining data/postgresql-13-13.1/src/backend/access/brin/brin.c Examining data/postgresql-13-13.1/src/backend/access/brin/brin_revmap.c Examining data/postgresql-13-13.1/src/backend/access/brin/brin_inclusion.c Examining data/postgresql-13-13.1/src/backend/access/brin/brin_minmax.c Examining data/postgresql-13-13.1/src/backend/access/brin/brin_tuple.c Examining data/postgresql-13-13.1/src/backend/tcop/utility.c Examining data/postgresql-13-13.1/src/backend/tcop/fastpath.c Examining data/postgresql-13-13.1/src/backend/tcop/cmdtag.c Examining data/postgresql-13-13.1/src/backend/tcop/dest.c Examining data/postgresql-13-13.1/src/backend/tcop/postgres.c Examining data/postgresql-13-13.1/src/backend/tcop/pquery.c Examining data/postgresql-13-13.1/src/backend/partitioning/partprune.c Examining data/postgresql-13-13.1/src/backend/partitioning/partbounds.c Examining data/postgresql-13-13.1/src/backend/partitioning/partdesc.c Examining data/postgresql-13-13.1/src/backend/commands/aggregatecmds.c Examining data/postgresql-13-13.1/src/backend/commands/explain.c Examining data/postgresql-13-13.1/src/backend/commands/lockcmds.c Examining data/postgresql-13-13.1/src/backend/commands/alter.c Examining data/postgresql-13-13.1/src/backend/commands/conversioncmds.c Examining data/postgresql-13-13.1/src/backend/commands/proclang.c Examining data/postgresql-13-13.1/src/backend/commands/tablecmds.c Examining data/postgresql-13-13.1/src/backend/commands/createas.c Examining data/postgresql-13-13.1/src/backend/commands/event_trigger.c Examining data/postgresql-13-13.1/src/backend/commands/view.c Examining data/postgresql-13-13.1/src/backend/commands/collationcmds.c Examining data/postgresql-13-13.1/src/backend/commands/subscriptioncmds.c Examining data/postgresql-13-13.1/src/backend/commands/tsearchcmds.c Examining data/postgresql-13-13.1/src/backend/commands/operatorcmds.c Examining data/postgresql-13-13.1/src/backend/commands/matview.c Examining data/postgresql-13-13.1/src/backend/commands/publicationcmds.c Examining data/postgresql-13-13.1/src/backend/commands/seclabel.c Examining data/postgresql-13-13.1/src/backend/commands/statscmds.c Examining data/postgresql-13-13.1/src/backend/commands/portalcmds.c Examining data/postgresql-13-13.1/src/backend/commands/discard.c Examining data/postgresql-13-13.1/src/backend/commands/tablespace.c Examining data/postgresql-13-13.1/src/backend/commands/foreigncmds.c Examining data/postgresql-13-13.1/src/backend/commands/vacuum.c Examining data/postgresql-13-13.1/src/backend/commands/user.c Examining data/postgresql-13-13.1/src/backend/commands/cluster.c Examining data/postgresql-13-13.1/src/backend/commands/dbcommands.c Examining data/postgresql-13-13.1/src/backend/commands/constraint.c Examining data/postgresql-13-13.1/src/backend/commands/prepare.c Examining data/postgresql-13-13.1/src/backend/commands/trigger.c Examining data/postgresql-13-13.1/src/backend/commands/define.c Examining data/postgresql-13-13.1/src/backend/commands/copy.c Examining data/postgresql-13-13.1/src/backend/commands/opclasscmds.c Examining data/postgresql-13-13.1/src/backend/commands/amcmds.c Examining data/postgresql-13-13.1/src/backend/commands/comment.c Examining data/postgresql-13-13.1/src/backend/commands/sequence.c Examining data/postgresql-13-13.1/src/backend/commands/indexcmds.c Examining data/postgresql-13-13.1/src/backend/commands/policy.c Examining data/postgresql-13-13.1/src/backend/commands/dropcmds.c Examining data/postgresql-13-13.1/src/backend/commands/async.c Examining data/postgresql-13-13.1/src/backend/commands/analyze.c Examining data/postgresql-13-13.1/src/backend/commands/typecmds.c Examining data/postgresql-13-13.1/src/backend/commands/variable.c Examining data/postgresql-13-13.1/src/backend/commands/functioncmds.c Examining data/postgresql-13-13.1/src/backend/commands/schemacmds.c Examining data/postgresql-13-13.1/src/backend/commands/extension.c Examining data/postgresql-13-13.1/src/backend/foreign/foreign.c Examining data/postgresql-13-13.1/src/backend/postmaster/postmaster.c Examining data/postgresql-13-13.1/src/backend/postmaster/bgworker.c Examining data/postgresql-13-13.1/src/backend/postmaster/syslogger.c Examining data/postgresql-13-13.1/src/backend/postmaster/bgwriter.c Examining data/postgresql-13-13.1/src/backend/postmaster/interrupt.c Examining data/postgresql-13-13.1/src/backend/postmaster/pgstat.c Examining data/postgresql-13-13.1/src/backend/postmaster/startup.c Examining data/postgresql-13-13.1/src/backend/postmaster/autovacuum.c Examining data/postgresql-13-13.1/src/backend/postmaster/checkpointer.c Examining data/postgresql-13-13.1/src/backend/postmaster/pgarch.c Examining data/postgresql-13-13.1/src/backend/postmaster/walwriter.c Examining data/postgresql-13-13.1/src/backend/postmaster/fork_process.c Examining data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c Examining data/postgresql-13-13.1/src/bin/pg_waldump/pg_waldump.c Examining data/postgresql-13-13.1/src/bin/pg_waldump/rmgrdesc.h Examining data/postgresql-13-13.1/src/bin/pg_waldump/rmgrdesc.c Examining data/postgresql-13-13.1/src/bin/pg_waldump/compat.c Examining data/postgresql-13-13.1/src/bin/pg_resetwal/pg_resetwal.c Examining data/postgresql-13-13.1/src/bin/pgevent/pgevent.c Examining data/postgresql-13-13.1/src/bin/pgevent/pgmsgevent.h Examining data/postgresql-13-13.1/src/bin/pg_verifybackup/parse_manifest.h Examining data/postgresql-13-13.1/src/bin/pg_verifybackup/parse_manifest.c Examining data/postgresql-13-13.1/src/bin/pg_verifybackup/pg_verifybackup.c Examining data/postgresql-13-13.1/src/bin/pg_test_timing/pg_test_timing.c Examining data/postgresql-13-13.1/src/bin/pgbench/pgbench.c Examining data/postgresql-13-13.1/src/bin/pgbench/exprscan.c Examining data/postgresql-13-13.1/src/bin/pgbench/pgbench.h Examining data/postgresql-13-13.1/src/bin/pgbench/exprparse.c Examining data/postgresql-13-13.1/src/bin/pg_rewind/fetch.h Examining data/postgresql-13-13.1/src/bin/pg_rewind/fetch.c Examining data/postgresql-13-13.1/src/bin/pg_rewind/datapagemap.h Examining data/postgresql-13-13.1/src/bin/pg_rewind/filemap.h Examining data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.c Examining data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.h Examining data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c Examining data/postgresql-13-13.1/src/bin/pg_rewind/filemap.c Examining data/postgresql-13-13.1/src/bin/pg_rewind/copy_fetch.c Examining data/postgresql-13-13.1/src/bin/pg_rewind/libpq_fetch.c Examining data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.h Examining data/postgresql-13-13.1/src/bin/pg_rewind/datapagemap.c Examining data/postgresql-13-13.1/src/bin/pg_rewind/timeline.c Examining data/postgresql-13-13.1/src/bin/pg_rewind/parsexlog.c Examining data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c Examining data/postgresql-13-13.1/src/bin/pg_dump/parallel.c Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.h Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.h Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_restore.c Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_dump_sort.c Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_backup.h Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_utils.c Examining data/postgresql-13-13.1/src/bin/pg_dump/common.c Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_dumpall.c Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_utils.h Examining data/postgresql-13-13.1/src/bin/pg_dump/compress_io.c Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c Examining data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_db.c Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_db.h Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_custom.c Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_null.c Examining data/postgresql-13-13.1/src/bin/pg_dump/compress_io.h Examining data/postgresql-13-13.1/src/bin/pg_dump/parallel.h Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.h Examining data/postgresql-13-13.1/src/bin/pg_dump/dumputils.h Examining data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c Examining data/postgresql-13-13.1/src/bin/pg_controldata/pg_controldata.c Examining data/postgresql-13-13.1/src/bin/initdb/findtimezone.c Examining data/postgresql-13-13.1/src/bin/initdb/initdb.c Examining data/postgresql-13-13.1/src/bin/pg_config/pg_config.c Examining data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c Examining data/postgresql-13-13.1/src/bin/scripts/createuser.c Examining data/postgresql-13-13.1/src/bin/scripts/dropdb.c Examining data/postgresql-13-13.1/src/bin/scripts/createdb.c Examining data/postgresql-13-13.1/src/bin/scripts/clusterdb.c Examining data/postgresql-13-13.1/src/bin/scripts/reindexdb.c Examining data/postgresql-13-13.1/src/bin/scripts/common.c Examining data/postgresql-13-13.1/src/bin/scripts/common.h Examining data/postgresql-13-13.1/src/bin/scripts/dropuser.c Examining data/postgresql-13-13.1/src/bin/scripts/scripts_parallel.h Examining data/postgresql-13-13.1/src/bin/scripts/pg_isready.c Examining data/postgresql-13-13.1/src/bin/scripts/vacuumdb.c Examining data/postgresql-13-13.1/src/bin/scripts/scripts_parallel.c Examining data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.h Examining data/postgresql-13-13.1/src/bin/pg_basebackup/pg_recvlogical.c Examining data/postgresql-13-13.1/src/bin/pg_basebackup/streamutil.h Examining data/postgresql-13-13.1/src/bin/pg_basebackup/streamutil.c Examining data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c Examining data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c Examining data/postgresql-13-13.1/src/bin/pg_basebackup/receivelog.c Examining data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c Examining data/postgresql-13-13.1/src/bin/pg_basebackup/receivelog.h Examining data/postgresql-13-13.1/src/bin/pg_upgrade/server.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/info.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/parallel.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/file.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/relfilenode.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/util.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/option.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/tablespace.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/function.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/dump.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/version.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/check.c Examining data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.h Examining data/postgresql-13-13.1/src/bin/psql/tab-complete.h Examining data/postgresql-13-13.1/src/bin/psql/prompt.h Examining data/postgresql-13-13.1/src/bin/psql/crosstabview.c Examining data/postgresql-13-13.1/src/bin/psql/describe.c Examining data/postgresql-13-13.1/src/bin/psql/mainloop.c Examining data/postgresql-13-13.1/src/bin/psql/psqlscanslash.h Examining data/postgresql-13-13.1/src/bin/psql/command.h Examining data/postgresql-13-13.1/src/bin/psql/help.h Examining data/postgresql-13-13.1/src/bin/psql/large_obj.h Examining data/postgresql-13-13.1/src/bin/psql/variables.c Examining data/postgresql-13-13.1/src/bin/psql/common.c Examining data/postgresql-13-13.1/src/bin/psql/stringutils.h Examining data/postgresql-13-13.1/src/bin/psql/copy.h Examining data/postgresql-13-13.1/src/bin/psql/common.h Examining data/postgresql-13-13.1/src/bin/psql/psqlscanslash.c Examining data/postgresql-13-13.1/src/bin/psql/stringutils.c Examining data/postgresql-13-13.1/src/bin/psql/crosstabview.h Examining data/postgresql-13-13.1/src/bin/psql/large_obj.c Examining data/postgresql-13-13.1/src/bin/psql/command.c Examining data/postgresql-13-13.1/src/bin/psql/startup.c Examining data/postgresql-13-13.1/src/bin/psql/describe.h Examining data/postgresql-13-13.1/src/bin/psql/copy.c Examining data/postgresql-13-13.1/src/bin/psql/input.c Examining data/postgresql-13-13.1/src/bin/psql/sql_help.c Examining data/postgresql-13-13.1/src/bin/psql/prompt.c Examining data/postgresql-13-13.1/src/bin/psql/mainloop.h Examining data/postgresql-13-13.1/src/bin/psql/tab-complete.c Examining data/postgresql-13-13.1/src/bin/psql/sql_help.h Examining data/postgresql-13-13.1/src/bin/psql/help.c Examining data/postgresql-13-13.1/src/bin/psql/variables.h Examining data/postgresql-13-13.1/src/bin/psql/input.h Examining data/postgresql-13-13.1/src/bin/psql/settings.h Examining data/postgresql-13-13.1/src/bin/pg_archivecleanup/pg_archivecleanup.c Examining data/postgresql-13-13.1/src/fe_utils/cancel.c Examining data/postgresql-13-13.1/src/fe_utils/mbprint.c Examining data/postgresql-13-13.1/src/fe_utils/string_utils.c Examining data/postgresql-13-13.1/src/fe_utils/print.c Examining data/postgresql-13-13.1/src/fe_utils/psqlscan.c Examining data/postgresql-13-13.1/src/fe_utils/simple_list.c Examining data/postgresql-13-13.1/src/fe_utils/archive.c Examining data/postgresql-13-13.1/src/fe_utils/conditional.c Examining data/postgresql-13-13.1/src/fe_utils/recovery_gen.c Examining data/postgresql-13-13.1/src/tutorial/funcs.c Examining data/postgresql-13-13.1/src/tutorial/complex.c Examining data/postgresql-13-13.1/src/port/strlcat.c Examining data/postgresql-13-13.1/src/port/pgsleep.c Examining data/postgresql-13-13.1/src/port/chklocale.c Examining data/postgresql-13-13.1/src/port/inet_aton.c Examining data/postgresql-13-13.1/src/port/dirmod.c Examining data/postgresql-13-13.1/src/port/pthread-win32.h Examining data/postgresql-13-13.1/src/port/pgcheckdir.c Examining data/postgresql-13-13.1/src/port/pg_crc32c_sse42_choose.c Examining data/postgresql-13-13.1/src/port/qsort.c Examining data/postgresql-13-13.1/src/port/system.c Examining data/postgresql-13-13.1/src/port/thread.c Examining data/postgresql-13-13.1/src/port/strtof.c Examining data/postgresql-13-13.1/src/port/win32security.c Examining data/postgresql-13-13.1/src/port/dlopen.c Examining data/postgresql-13-13.1/src/port/pgmkdirp.c Examining data/postgresql-13-13.1/src/port/pg_strong_random.c Examining data/postgresql-13-13.1/src/port/kill.c Examining data/postgresql-13-13.1/src/port/explicit_bzero.c Examining data/postgresql-13-13.1/src/port/sprompt.c Examining data/postgresql-13-13.1/src/port/unsetenv.c Examining data/postgresql-13-13.1/src/port/pread.c Examining data/postgresql-13-13.1/src/port/win32setlocale.c Examining data/postgresql-13-13.1/src/port/pg_crc32c_armv8.c Examining data/postgresql-13-13.1/src/port/gettimeofday.c Examining data/postgresql-13-13.1/src/port/random.c Examining data/postgresql-13-13.1/src/port/snprintf.c Examining data/postgresql-13-13.1/src/port/win32error.c Examining data/postgresql-13-13.1/src/port/mkdtemp.c Examining data/postgresql-13-13.1/src/port/strnlen.c Examining data/postgresql-13-13.1/src/port/getpeereid.c Examining data/postgresql-13-13.1/src/port/getopt.c Examining data/postgresql-13-13.1/src/port/getaddrinfo.c Examining data/postgresql-13-13.1/src/port/link.c Examining data/postgresql-13-13.1/src/port/dirent.c Examining data/postgresql-13-13.1/src/port/quotes.c Examining data/postgresql-13-13.1/src/port/pwrite.c Examining data/postgresql-13-13.1/src/port/strlcpy.c Examining data/postgresql-13-13.1/src/port/pgstrsignal.c Examining data/postgresql-13-13.1/src/port/pg_bitutils.c Examining data/postgresql-13-13.1/src/port/getopt_long.c Examining data/postgresql-13-13.1/src/port/qsort_arg.c Examining data/postgresql-13-13.1/src/port/fls.c Examining data/postgresql-13-13.1/src/port/pg_crc32c_armv8_choose.c Examining data/postgresql-13-13.1/src/port/win32env.c Examining data/postgresql-13-13.1/src/port/erand48.c Examining data/postgresql-13-13.1/src/port/pqsignal.c Examining data/postgresql-13-13.1/src/port/noblock.c Examining data/postgresql-13-13.1/src/port/tar.c Examining data/postgresql-13-13.1/src/port/srandom.c Examining data/postgresql-13-13.1/src/port/getrusage.c Examining data/postgresql-13-13.1/src/port/inet_net_ntop.c Examining data/postgresql-13-13.1/src/port/pgstrcasecmp.c Examining data/postgresql-13-13.1/src/port/pg_crc32c_sb8.c Examining data/postgresql-13-13.1/src/port/pg_crc32c_sse42.c Examining data/postgresql-13-13.1/src/port/strerror.c Examining data/postgresql-13-13.1/src/port/path.c Examining data/postgresql-13-13.1/src/port/open.c Examining data/postgresql-13-13.1/src/timezone/strftime.c Examining data/postgresql-13-13.1/src/timezone/localtime.c Examining data/postgresql-13-13.1/src/timezone/tzfile.h Examining data/postgresql-13-13.1/src/timezone/pgtz.c Examining data/postgresql-13-13.1/src/timezone/zic.c Examining data/postgresql-13-13.1/src/timezone/private.h Examining data/postgresql-13-13.1/src/timezone/pgtz.h Examining data/postgresql-13-13.1/src/tools/testint128.c Examining data/postgresql-13-13.1/src/tools/ifaddrs/test_ifaddrs.c Examining data/postgresql-13-13.1/src/tools/findoidjoins/findoidjoins.c Examining data/postgresql-13-13.1/src/pl/plpgsql/src/pl_reserved_kwlist.h Examining data/postgresql-13-13.1/src/pl/plpgsql/src/pl_reserved_kwlist_d.h Examining data/postgresql-13-13.1/src/pl/plpgsql/src/pl_unreserved_kwlist_d.h Examining data/postgresql-13-13.1/src/pl/plpgsql/src/pl_handler.c Examining data/postgresql-13-13.1/src/pl/plpgsql/src/pl_funcs.c Examining data/postgresql-13-13.1/src/pl/plpgsql/src/pl_exec.c Examining data/postgresql-13-13.1/src/pl/plpgsql/src/pl_unreserved_kwlist.h Examining data/postgresql-13-13.1/src/pl/plpgsql/src/plpgsql.h Examining data/postgresql-13-13.1/src/pl/plpgsql/src/pl_comp.c Examining data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c Examining data/postgresql-13-13.1/src/pl/plpgsql/src/pl_scanner.c Examining data/postgresql-13-13.1/src/pl/plpgsql/src/plerrcodes.h Examining data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.h Examining data/postgresql-13-13.1/src/pl/plperl/plperl_helpers.h Examining data/postgresql-13-13.1/src/pl/plperl/ppport.h Examining data/postgresql-13-13.1/src/pl/plperl/plperl.c Examining data/postgresql-13-13.1/src/pl/plperl/plperl.h Examining data/postgresql-13-13.1/src/pl/tcl/pltclerrcodes.h Examining data/postgresql-13-13.1/src/pl/tcl/pltcl.c Examining data/postgresql-13-13.1/src/pl/plpython/plpy_util.h Examining data/postgresql-13-13.1/src/pl/plpython/plpy_resultobject.h Examining data/postgresql-13-13.1/src/pl/plpython/plpy_planobject.h Examining data/postgresql-13-13.1/src/pl/plpython/plpy_subxactobject.h Examining data/postgresql-13-13.1/src/pl/plpython/plpy_cursorobject.c Examining data/postgresql-13-13.1/src/pl/plpython/plpy_plpymodule.h Examining data/postgresql-13-13.1/src/pl/plpython/plpy_elog.h Examining data/postgresql-13-13.1/src/pl/plpython/plpy_subxactobject.c Examining data/postgresql-13-13.1/src/pl/plpython/plpy_procedure.h Examining data/postgresql-13-13.1/src/pl/plpython/plpy_util.c Examining data/postgresql-13-13.1/src/pl/plpython/plpy_spi.c Examining data/postgresql-13-13.1/src/pl/plpython/plpy_typeio.h Examining data/postgresql-13-13.1/src/pl/plpython/plpy_exec.c Examining data/postgresql-13-13.1/src/pl/plpython/plpy_elog.c Examining data/postgresql-13-13.1/src/pl/plpython/plpy_procedure.c Examining data/postgresql-13-13.1/src/pl/plpython/plpy_planobject.c Examining data/postgresql-13-13.1/src/pl/plpython/plpython.h Examining data/postgresql-13-13.1/src/pl/plpython/plpy_spi.h Examining data/postgresql-13-13.1/src/pl/plpython/plpy_plpymodule.c Examining data/postgresql-13-13.1/src/pl/plpython/plpy_main.c Examining data/postgresql-13-13.1/src/pl/plpython/plpy_main.h Examining data/postgresql-13-13.1/src/pl/plpython/plpy_typeio.c Examining data/postgresql-13-13.1/src/pl/plpython/plpy_resultobject.c Examining data/postgresql-13-13.1/src/pl/plpython/plpy_exec.h Examining data/postgresql-13-13.1/src/pl/plpython/plpy_cursorobject.h Examining data/postgresql-13-13.1/src/pl/plpython/spiexceptions.h Examining data/postgresql-13-13.1/src/common/keywords.c Examining data/postgresql-13-13.1/src/common/checksum_helper.c Examining data/postgresql-13-13.1/src/common/file_perm.c Examining data/postgresql-13-13.1/src/common/kwlist_d.h Examining data/postgresql-13-13.1/src/common/logging.c Examining data/postgresql-13-13.1/src/common/kwlookup.c Examining data/postgresql-13-13.1/src/common/base64.c Examining data/postgresql-13-13.1/src/common/jsonapi.c Examining data/postgresql-13-13.1/src/common/unicode/norm_test.c Examining data/postgresql-13-13.1/src/common/md5.c Examining data/postgresql-13-13.1/src/common/ryu_common.h Examining data/postgresql-13-13.1/src/common/config_info.c Examining data/postgresql-13-13.1/src/common/relpath.c Examining data/postgresql-13-13.1/src/common/d2s_intrinsics.h Examining data/postgresql-13-13.1/src/common/encnames.c Examining data/postgresql-13-13.1/src/common/scram-common.c Examining data/postgresql-13-13.1/src/common/hashfn.c Examining data/postgresql-13-13.1/src/common/f2s.c Examining data/postgresql-13-13.1/src/common/ip.c Examining data/postgresql-13-13.1/src/common/stringinfo.c Examining data/postgresql-13-13.1/src/common/exec.c Examining data/postgresql-13-13.1/src/common/pg_lzcompress.c Examining data/postgresql-13-13.1/src/common/link-canary.c Examining data/postgresql-13-13.1/src/common/digit_table.h Examining data/postgresql-13-13.1/src/common/fe_memutils.c Examining data/postgresql-13-13.1/src/common/d2s_full_table.h Examining data/postgresql-13-13.1/src/common/controldata_utils.c Examining data/postgresql-13-13.1/src/common/string.c Examining data/postgresql-13-13.1/src/common/sha2_openssl.c Examining data/postgresql-13-13.1/src/common/restricted_token.c Examining data/postgresql-13-13.1/src/common/protocol_openssl.c Examining data/postgresql-13-13.1/src/common/psprintf.c Examining data/postgresql-13-13.1/src/common/rmtree.c Examining data/postgresql-13-13.1/src/common/archive.c Examining data/postgresql-13-13.1/src/common/unicode_norm.c Examining data/postgresql-13-13.1/src/common/pgfnames.c Examining data/postgresql-13-13.1/src/common/sha2.c Examining data/postgresql-13-13.1/src/common/wait_error.c Examining data/postgresql-13-13.1/src/common/file_utils.c Examining data/postgresql-13-13.1/src/common/wchar.c Examining data/postgresql-13-13.1/src/common/d2s.c Examining data/postgresql-13-13.1/src/common/saslprep.c Examining data/postgresql-13-13.1/src/common/username.c FINAL RESULTS: data/postgresql-13-13.1/src/backend/access/transam/xlog.c:10746:12: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. rllen = readlink(fullpath, linkpath, sizeof(linkpath)); data/postgresql-13-13.1/src/backend/commands/tablespace.c:592:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(location, pg_dir_create_mode) != 0) data/postgresql-13-13.1/src/backend/libpq/pqcomm.c:679:7: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(sock_path, -1, gid) == -1) data/postgresql-13-13.1/src/backend/libpq/pqcomm.c:690:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(sock_path, Unix_socket_permissions) == -1) data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:1322:8: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(external_pid_file, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) != 0) data/postgresql-13-13.1/src/backend/replication/basebackup.c:1414:12: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. rllen = readlink(pathbuf, linkpath, sizeof(linkpath)); data/postgresql-13-13.1/src/backend/utils/adt/misc.c:333:10: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. rllen = readlink(sourcepath, targetpath, sizeof(targetpath)); data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:555:8: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. len = readlink(linkname, link_target, sizeof(link_target)); data/postgresql-13-13.1/src/bin/initdb/initdb.c:1225:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(path, pg_file_create_mode) != 0) data/postgresql-13-13.1/src/bin/initdb/initdb.c:1244:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(path, pg_file_create_mode) != 0) data/postgresql-13-13.1/src/bin/initdb/initdb.c:1330:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(path, pg_file_create_mode) != 0) data/postgresql-13-13.1/src/bin/initdb/initdb.c:1345:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(path, pg_file_create_mode) != 0) data/postgresql-13-13.1/src/bin/initdb/initdb.c:2683:8: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(pg_data, pg_dir_create_mode) != 0) data/postgresql-13-13.1/src/bin/initdb/initdb.c:2766:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(xlog_dir, pg_dir_create_mode) != 0) data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1626:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(state->filename, (mode_t) filemode)) data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1676:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(state->filename, (mode_t) filemode)) data/postgresql-13-13.1/src/bin/pg_rewind/copy_fetch.c:115:10: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. len = readlink(fullpath, link_target, sizeof(link_target)); data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:514:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(*analyze_script_file_name, S_IRWXU) != 0) data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:681:6: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(*deletion_script_file_name, S_IRWXU) != 0) data/postgresql-13-13.1/src/common/exec.c:283:11: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. rllen = readlink(fname, link_buf, sizeof(link_buf)); data/postgresql-13-13.1/src/include/port.h:262:9: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. #define readlink(path, buf, size) pgreadlink(path, buf, size) data/postgresql-13-13.1/src/include/port/win32_port.h:222:9: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. #define readlink(path, buf, size) pgreadlink(path, buf, size) data/postgresql-13-13.1/src/timezone/zic.c:1134:14: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. return 0 <= readlink(name, &c, 1); data/postgresql-13-13.1/contrib/adminpack/adminpack.c:321:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(fn1, W_OK) < 0) data/postgresql-13-13.1/contrib/adminpack/adminpack.c:330:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (fn3 && access(fn2, W_OK) < 0) data/postgresql-13-13.1/contrib/adminpack/adminpack.c:339:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. rc = access(fn3 ? fn3 : fn2, W_OK); data/postgresql-13-13.1/contrib/adminpack/adminpack.c:407:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, W_OK) < 0) data/postgresql-13-13.1/contrib/adminpack/adminpack.c:445:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, W_OK) < 0) data/postgresql-13-13.1/contrib/adminpack/adminpack.c:570:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(timestampbuf, de->d_name + 11); data/postgresql-13-13.1/contrib/cube/cubeparse.c:597:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/postgresql-13-13.1/contrib/cube/cubeparse.c:1363:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(yyval, yyvsp[0]); data/postgresql-13-13.1/contrib/cube/cubeparse.c:1373:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(yyval, yyvsp[0]); data/postgresql-13-13.1/contrib/cube/cubescan.c:739:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/postgresql-13-13.1/contrib/cube/cubescan.c:740:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf(file, fmt, msg) fprintf_to_ereport(fmt, msg) data/postgresql-13-13.1/contrib/dblink/dblink.c:2797:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(dblink_context_msg, sizeof(dblink_context_msg), fmt, ap); data/postgresql-13-13.1/contrib/fuzzystrmatch/dmetaphone.c:389:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(s->str, new_str); data/postgresql-13-13.1/contrib/intarray/_int_bool.c:626:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(in->cur, " %c %s", op, nrm.buf); data/postgresql-13-13.1/contrib/isn/isn.c:429:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(eanbuf, sizeof(eanbuf), EAN13_FORMAT, ean); data/postgresql-13-13.1/contrib/isn/isn.c:666:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(eanbuf, sizeof(eanbuf), EAN13_FORMAT, ean); data/postgresql-13-13.1/contrib/ltree/ltxtquery_io.c:528:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(in->cur, " %c %s", op, nrm.buf); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:528:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. ptr += sprintf(ptr, "c.oid IN (%s)", comma_oids); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:535:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. ptr += sprintf(ptr, "pg_catalog.pg_relation_filenode(c.oid) IN (%s)", comma_filenodes); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:542:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ptr, "c.relname ~~ ANY (ARRAY[%s])", comma_tables); data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:98:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(restoreCommand, MAXPGPATH, cmd " \"%s\" \"%s\"", arg1, arg2) data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:567:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. rc = system(restoreCommand); data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c:1829:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof buf, UINT64_FORMAT, tmp.wal_bytes); data/postgresql-13-13.1/contrib/pgcrypto/crypt-des.c:723:3: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(output, setting, 10); data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:108:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(passwd, magic); data/postgresql-13-13.1/contrib/pgcrypto/openssl.c:673:2: [4] (crypto) EVP_des_ecb: DES only supports a 56-bit keysize, which is too small given today's computers (CWE-327). Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES. EVP_des_ecb, data/postgresql-13-13.1/contrib/pgcrypto/openssl.c:679:2: [4] (crypto) EVP_des_cbc: DES only supports a 56-bit keysize, which is too small given today's computers (CWE-327). Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES. EVP_des_cbc, data/postgresql-13-13.1/contrib/pgcrypto/px-crypt.c:46:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, res); data/postgresql-13-13.1/contrib/pgcrypto/px-crypt.c:74:13: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. char *(*crypt) (const char *psw, const char *salt, data/postgresql-13-13.1/contrib/pgcrypto/px-crypt.c:105:12: [4] (crypto) crypt: The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment (CWE-327). Use a different algorithm, such as SHA-256, with a larger, non-repeating salt. return c->crypt(psw, salt, buf, len); data/postgresql-13-13.1/contrib/pgcrypto/px.c:161:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, ap); data/postgresql-13-13.1/contrib/pgcrypto/px.c:415:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, name); data/postgresql-13-13.1/contrib/pgcrypto/rijndael.c:617:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(i % 16 ? ", " : ",\n "); data/postgresql-13-13.1/contrib/pgcrypto/rijndael.c:637:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(j % 4 ? ", " : ",\n "); data/postgresql-13-13.1/contrib/pgcrypto/rijndael.c:639:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(i < 3 ? "\n}, {\n " : "\n}\n"); data/postgresql-13-13.1/contrib/pgcrypto/rijndael.c:652:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(hdr); data/postgresql-13-13.1/contrib/pgrowlocks/pgrowlocks.c:213:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(values[Atnum_xids], buf); data/postgresql-13-13.1/contrib/pgrowlocks/pgrowlocks.c:235:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(values[Atnum_modes], buf); data/postgresql-13-13.1/contrib/pgrowlocks/pgrowlocks.c:238:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(values[Atnum_pids], buf); data/postgresql-13-13.1/contrib/pgstattuple/pgstattuple.c:136:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(values[i++], NCHARS, INT64_FORMAT, stat->table_len); data/postgresql-13-13.1/contrib/pgstattuple/pgstattuple.c:137:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(values[i++], NCHARS, INT64_FORMAT, stat->tuple_count); data/postgresql-13-13.1/contrib/pgstattuple/pgstattuple.c:138:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(values[i++], NCHARS, INT64_FORMAT, stat->tuple_len); data/postgresql-13-13.1/contrib/pgstattuple/pgstattuple.c:140:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(values[i++], NCHARS, INT64_FORMAT, stat->dead_tuple_count); data/postgresql-13-13.1/contrib/pgstattuple/pgstattuple.c:141:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(values[i++], NCHARS, INT64_FORMAT, stat->dead_tuple_len); data/postgresql-13-13.1/contrib/pgstattuple/pgstattuple.c:143:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(values[i++], NCHARS, INT64_FORMAT, stat->free_space); data/postgresql-13-13.1/contrib/seg/seg.c:1006:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, &buf[9]); data/postgresql-13-13.1/contrib/seg/seg.c:1009:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, &buf[10]); data/postgresql-13-13.1/contrib/seg/seg.c:1021:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, &buf[9]); data/postgresql-13-13.1/contrib/seg/seg.c:1024:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, &buf[10]); data/postgresql-13-13.1/contrib/seg/seg.c:1035:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, &buf[dp - 2]); data/postgresql-13-13.1/contrib/seg/seg.c:1038:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, &buf[dp - 1]); data/postgresql-13-13.1/contrib/seg/segparse.c:610:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/postgresql-13-13.1/contrib/seg/segscan.c:731:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/postgresql-13-13.1/contrib/seg/segscan.c:732:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf(file, fmt, msg) fprintf_to_ereport(fmt, msg) data/postgresql-13-13.1/contrib/sepgsql/hooks.c:87:40: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. sepgsql_object_access(ObjectAccessType access, data/postgresql-13-13.1/contrib/sepgsql/hooks.c:94:31: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. (*next_object_access_hook) (access, classId, objectId, subId, arg); data/postgresql-13-13.1/contrib/sepgsql/hooks.c:96:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. switch (access) data/postgresql-13-13.1/contrib/sepgsql/hooks.c:280:59: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. elog(ERROR, "unexpected object access type: %d", (int) access); data/postgresql-13-13.1/contrib/uuid-ossp/uuid-ossp.c:280:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(strbuf + (36 - len), ptr); data/postgresql-13-13.1/contrib/uuid-ossp/uuid-ossp.c:301:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(strbuf + (36 - len), ptr); data/postgresql-13-13.1/src/backend/access/common/reloptions.c:1286:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(VARDATA(t), "%s=%s", def->defname, value); data/postgresql-13-13.1/src/backend/access/common/reloptions.c:1791:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((char *) rdopts + offset, string_val); data/postgresql-13-13.1/src/backend/access/gin/ginbtree.c:63:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access; data/postgresql-13-13.1/src/backend/access/gin/ginbtree.c:98:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int access; data/postgresql-13-13.1/src/backend/access/gin/ginbtree.c:127:62: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. stack->buffer = ginStepRight(stack->buffer, btree->index, access); data/postgresql-13-13.1/src/backend/access/hash/hashpage.c:69:51: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. _hash_getbuf(Relation rel, BlockNumber blkno, int access, int flags) data/postgresql-13-13.1/src/backend/access/hash/hashpage.c:78:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access != HASH_NOLOCK) data/postgresql-13-13.1/src/backend/access/hash/hashpage.c:79:19: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. LockBuffer(buf, access); data/postgresql-13-13.1/src/backend/access/hash/hashpage.c:239:14: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int access, int flags, data/postgresql-13-13.1/src/backend/access/hash/hashpage.c:249:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access != HASH_NOLOCK) data/postgresql-13-13.1/src/backend/access/hash/hashpage.c:250:19: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. LockBuffer(buf, access); data/postgresql-13-13.1/src/backend/access/hash/hashpage.c:1555:67: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. _hash_getbucketbuf_from_hashkey(Relation rel, uint32 hashkey, int access, data/postgresql-13-13.1/src/backend/access/hash/hashpage.c:1588:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. buf = _hash_getbuf(rel, blkno, access, LH_BUCKET_PAGE); data/postgresql-13-13.1/src/backend/access/heap/rewriteheap.c:999:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, MAXPGPATH, data/postgresql-13-13.1/src/backend/access/heap/rewriteheap.c:1122:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, MAXPGPATH, data/postgresql-13-13.1/src/backend/access/heap/rewriteheap.c:1240:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(mapping_de->d_name, LOGICAL_REWRITE_FORMAT, data/postgresql-13-13.1/src/backend/access/nbtree/nbtpage.c:271:31: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. _bt_getroot(Relation rel, int access) data/postgresql-13-13.1/src/backend/access/nbtree/nbtpage.c:360:28: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return _bt_getroot(rel, access); data/postgresql-13-13.1/src/backend/access/nbtree/nbtpage.c:792:49: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. _bt_getbuf(Relation rel, BlockNumber blkno, int access) data/postgresql-13-13.1/src/backend/access/nbtree/nbtpage.c:800:19: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. LockBuffer(buf, access); data/postgresql-13-13.1/src/backend/access/nbtree/nbtpage.c:928:68: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. _bt_relandgetbuf(Relation rel, Buffer obuf, BlockNumber blkno, int access) data/postgresql-13-13.1/src/backend/access/nbtree/nbtpage.c:936:18: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. LockBuffer(buf, access); data/postgresql-13-13.1/src/backend/access/nbtree/nbtsearch.c:100:62: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. _bt_search(Relation rel, BTScanInsert key, Buffer *bufP, int access, data/postgresql-13-13.1/src/backend/access/nbtree/nbtsearch.c:107:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. *bufP = _bt_getroot(rel, access); data/postgresql-13-13.1/src/backend/access/nbtree/nbtsearch.c:250:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int access, data/postgresql-13-13.1/src/backend/access/nbtree/nbtsearch.c:305:33: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. buf = _bt_getbuf(rel, blkno, access); data/postgresql-13-13.1/src/backend/access/nbtree/nbtsearch.c:312:56: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. buf = _bt_relandgetbuf(rel, buf, opaque->btpo_next, access); data/postgresql-13-13.1/src/backend/access/transam/parallel.c:449:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(entrypointstate, pcxt->library_name); data/postgresql-13-13.1/src/backend/access/transam/parallel.c:450:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(entrypointstate + lnamelen + 1, pcxt->function_name); data/postgresql-13-13.1/src/backend/access/transam/slru.c:255:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(ctl->Dir, subdir, sizeof(ctl->Dir)); data/postgresql-13-13.1/src/backend/access/transam/timeline.c:320:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid()); data/postgresql-13-13.1/src/backend/access/transam/timeline.c:476:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid()); data/postgresql-13-13.1/src/backend/access/transam/twophase.c:492:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(gxact->gid, gid); data/postgresql-13-13.1/src/backend/access/transam/twophase.c:890:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, MAXPGPATH, TWOPHASE_DIR "/%08X", xid) data/postgresql-13-13.1/src/backend/access/transam/twophase.c:2383:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(gxact->gid, gid); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3291:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid()); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3463:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmppath, MAXPGPATH, XLOGDIR "/xlogtemp.%d", (int) getpid()); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3715:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, MAXPGPATH, XLOGDIR "/%s", xlogfname); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4010:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, MAXPGPATH, XLOGDIR "/%s", xlde->d_name); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4173:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, MAXPGPATH, XLOGDIR "/%s", segname); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4265:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, MAXPGPATH, XLOGDIR "/archive_status"); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4307:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, sizeof(path), XLOGDIR "/%s", xlde->d_name); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:7644:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(recoveryPath, MAXPGPATH, XLOGDIR "/RECOVERYXLOG"); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:7648:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(recoveryPath, MAXPGPATH, XLOGDIR "/RECOVERYHISTORY"); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11725:8: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(str, "%s %n", tbsoid, &n) != 1) data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:100:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(xlogpath, MAXPGPATH, XLOGDIR "/%s", recovername); data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:171:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. rc = system(xlogRestoreCmd); data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:216:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, xlogpath); data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:271:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, MAXPGPATH, XLOGDIR "/%s", xlogfname); data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:326:6: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(dp, lastRestartPointFname, endp - dp); data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:356:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. rc = system(xlogRecoveryCmd); data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:386:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(xlogfpath, MAXPGPATH, XLOGDIR "/%s", xlogfname); data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:650:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(archiveStatusPath, MAXPGPATH, XLOGDIR "/%s", xlog); data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c:65:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(state->errormsg_buf, MAX_ERRORMSG_LEN, fmt, args); data/postgresql-13-13.1/src/backend/bootstrap/bootparse.c:788:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/postgresql-13-13.1/src/backend/bootstrap/bootscanner.c:831:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/postgresql-13-13.1/src/backend/bootstrap/bootscanner.c:832:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf(file, fmt, msg) fprintf_to_ereport(fmt, msg) data/postgresql-13-13.1/src/backend/catalog/catalog.c:433:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(rpath, F_OK) == 0) data/postgresql-13-13.1/src/backend/catalog/pg_constraint.c:501:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(modlabel, label, sizeof(modlabel)); data/postgresql-13-13.1/src/backend/catalog/pg_type.c:824:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(arr + i, typeName); data/postgresql-13-13.1/src/backend/commands/async.c:660:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(n->data, channel); data/postgresql-13-13.1/src/backend/commands/async.c:662:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(n->data + channel_len + 1, payload); data/postgresql-13-13.1/src/backend/commands/async.c:730:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(actrec->channel, channel); data/postgresql-13-13.1/src/backend/commands/copy.c:2239:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(curlineno_str, sizeof(curlineno_str), UINT64_FORMAT, data/postgresql-13-13.1/src/backend/commands/explain.c:4242:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), INT64_FORMAT, value); data/postgresql-13-13.1/src/backend/commands/explain.c:4255:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), UINT64_FORMAT, value); data/postgresql-13-13.1/src/backend/commands/foreigncmds.c:82:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(VARDATA(t), "%s=%s", def->defname, value); data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2206:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name + ndx, label); data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2248:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(modlabel, label, sizeof(modlabel)); data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2407:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf + nlen, nbuf); data/postgresql-13-13.1/src/backend/commands/sequence.c:706:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), INT64_FORMAT, maxv); data/postgresql-13-13.1/src/backend/commands/sequence.c:729:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), INT64_FORMAT, minv); data/postgresql-13-13.1/src/backend/commands/sequence.c:958:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufv, sizeof(bufv), INT64_FORMAT, next); data/postgresql-13-13.1/src/backend/commands/sequence.c:959:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufm, sizeof(bufm), INT64_FORMAT, minv); data/postgresql-13-13.1/src/backend/commands/sequence.c:960:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufx, sizeof(bufx), INT64_FORMAT, maxv); data/postgresql-13-13.1/src/backend/commands/sequence.c:1470:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufx, sizeof(bufx), INT64_FORMAT, seqform->seqmax); data/postgresql-13-13.1/src/backend/commands/sequence.c:1507:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufm, sizeof(bufm), INT64_FORMAT, seqform->seqmin); data/postgresql-13-13.1/src/backend/commands/sequence.c:1521:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufm, sizeof(bufm), INT64_FORMAT, seqform->seqmin); data/postgresql-13-13.1/src/backend/commands/sequence.c:1522:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufx, sizeof(bufx), INT64_FORMAT, seqform->seqmax); data/postgresql-13-13.1/src/backend/commands/sequence.c:1548:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufs, sizeof(bufs), INT64_FORMAT, seqform->seqstart); data/postgresql-13-13.1/src/backend/commands/sequence.c:1549:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufm, sizeof(bufm), INT64_FORMAT, seqform->seqmin); data/postgresql-13-13.1/src/backend/commands/sequence.c:1560:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufs, sizeof(bufs), INT64_FORMAT, seqform->seqstart); data/postgresql-13-13.1/src/backend/commands/sequence.c:1561:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufm, sizeof(bufm), INT64_FORMAT, seqform->seqmax); data/postgresql-13-13.1/src/backend/commands/sequence.c:1590:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufs, sizeof(bufs), INT64_FORMAT, seqdataform->last_value); data/postgresql-13-13.1/src/backend/commands/sequence.c:1591:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufm, sizeof(bufm), INT64_FORMAT, seqform->seqmin); data/postgresql-13-13.1/src/backend/commands/sequence.c:1602:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufs, sizeof(bufs), INT64_FORMAT, seqdataform->last_value); data/postgresql-13-13.1/src/backend/commands/sequence.c:1603:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufm, sizeof(bufm), INT64_FORMAT, seqform->seqmax); data/postgresql-13-13.1/src/backend/commands/sequence.c:1618:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), INT64_FORMAT, seqform->seqcache); data/postgresql-13-13.1/src/backend/commands/statscmds.c:684:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(modlabel, label, sizeof(modlabel)); data/postgresql-13-13.1/src/backend/commands/tablecmds.c:611:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(relname, stmt->relation->relname, NAMEDATALEN); data/postgresql-13-13.1/src/backend/libpq/auth.c:1695:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(domainname, p + 1); data/postgresql-13-13.1/src/backend/libpq/auth.c:1710:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(accountname, upname); data/postgresql-13-13.1/src/backend/libpq/hba.c:394:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inc_fullname, outer_filename); data/postgresql-13-13.1/src/backend/libpq/hba.c:2874:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(regexp_pgrole, ofs + 2); data/postgresql-13-13.1/src/backend/optimizer/plan/subselect.c:561:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(splan->plan_name, "%s %d", data/postgresql-13-13.1/src/backend/optimizer/plan/subselect.c:571:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. ptr += sprintf(ptr, "$%d%s", data/postgresql-13-13.1/src/backend/parser/gram.c:25156:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/postgresql-13-13.1/src/backend/parser/scan.c:5124:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/postgresql-13-13.1/src/backend/parser/scan.c:5125:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf(file, fmt, msg) fprintf_to_ereport(fmt, msg) data/postgresql-13-13.1/src/backend/postmaster/bgworker.c:638:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(worker->bgw_type, worker->bgw_name); data/postgresql-13-13.1/src/backend/postmaster/bgworker.c:1252:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, slot->worker.bgw_type); data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:438:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(pathname, MAXPGPATH, XLOGDIR "/%s", xlog); data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:521:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(pathname, MAXPGPATH, XLOGDIR "/%s", xlog); data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:578:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. rc = system(xlogarchcmd); data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:675:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(XLogArchiveStatusDir, MAXPGPATH, XLOGDIR "/archive_status"); data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:714:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xlog, basename); data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:721:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xlog, basename); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:3452:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(localappname, (char *) beentry->st_appname); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:3454:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(localclienthostname, (char *) beentry->st_clienthostname); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:3456:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(localactivity, (char *) beentry->st_activity_raw); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:4371:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(msg.m_xlog, xlog, sizeof(msg.m_xlog)); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4665:7: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execv(postgres_exec_path, argv) < 0) data/postgresql-13-13.1/src/backend/regex/regerror.c:101:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(convbuf, unk, errcode); data/postgresql-13-13.1/src/backend/regex/regerror.c:111:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(errbuf, msg); data/postgresql-13-13.1/src/backend/replication/basebackup.c:603:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(pathbuf, MAXPGPATH, XLOGDIR "/%s", walFileName); data/postgresql-13-13.1/src/backend/replication/basebackup.c:695:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(pathbuf, MAXPGPATH, XLOGDIR "/%s", fname); data/postgresql-13-13.1/src/backend/replication/basebackup.c:952:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(is, INT64_FORMAT, intval); data/postgresql-13-13.1/src/backend/replication/logical/logical.c:274:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(NameStr(slot->data.plugin), plugin, NAMEDATALEN); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:3095:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "pg_replslot/%s", slotname); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:3574:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "pg_logical/mappings/%s", fname); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:3720:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(mapping_de->d_name, LOGICAL_REWRITE_FORMAT, data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:3746:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(f->fname, mapping_de->d_name); data/postgresql-13-13.1/src/backend/replication/repl_gram.c:712:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/postgresql-13-13.1/src/backend/replication/repl_scanner.c:965:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/postgresql-13-13.1/src/backend/replication/repl_scanner.c:966:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf(file, fmt, msg) fprintf_to_ereport(fmt, msg) data/postgresql-13-13.1/src/backend/replication/slot.c:278:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(NameStr(slot->data.name), name, NAMEDATALEN); data/postgresql-13-13.1/src/backend/replication/slot.c:612:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "pg_replslot/%s", NameStr(slot->data.name)); data/postgresql-13-13.1/src/backend/replication/slot.c:613:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmppath, "pg_replslot/%s.tmp", NameStr(slot->data.name)); data/postgresql-13-13.1/src/backend/replication/slot.c:703:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "pg_replslot/%s", NameStr(MyReplicationSlot->data.name)); data/postgresql-13-13.1/src/backend/replication/slot.c:1273:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "pg_replslot/%s", NameStr(s->data.name)); data/postgresql-13-13.1/src/backend/replication/slot.c:1356:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "pg_replslot/%s", NameStr(slot->data.name)); data/postgresql-13-13.1/src/backend/replication/slot.c:1357:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmppath, "pg_replslot/%s.tmp", NameStr(slot->data.name)); data/postgresql-13-13.1/src/backend/replication/slot.c:1428:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmppath, "%s/state.tmp", dir); data/postgresql-13-13.1/src/backend/replication/slot.c:1429:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s/state", dir); data/postgresql-13-13.1/src/backend/replication/slot.c:1573:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(slotdir, "pg_replslot/%s", name); data/postgresql-13-13.1/src/backend/replication/slot.c:1574:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s/state.tmp", slotdir); data/postgresql-13-13.1/src/backend/replication/slot.c:1580:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s/state", slotdir); data/postgresql-13-13.1/src/backend/replication/syncrep_gram.c:621:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/postgresql-13-13.1/src/backend/replication/syncrep_gram.c:1580:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr, standby_name); data/postgresql-13-13.1/src/backend/replication/syncrep_scanner.c:745:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/postgresql-13-13.1/src/backend/replication/syncrep_scanner.c:746:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf(file, fmt, msg) fprintf_to_ereport(fmt, msg) data/postgresql-13-13.1/src/backend/replication/walreceiver.c:338:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(standby_sysid, sizeof(standby_sysid), UINT64_FORMAT, data/postgresql-13-13.1/src/backend/replication/walsender.c:393:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sysid, sizeof(sysid), UINT64_FORMAT, data/postgresql-13-13.1/src/backend/storage/file/fd.c:2448:9: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. file = popen(command, mode); data/postgresql-13-13.1/src/backend/storage/ipc/dsm.c:294:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), PG_DYNSHMEM_DIR "/%s", dent->d_name); data/postgresql-13-13.1/src/backend/storage/ipc/dsm_impl.c:790:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(name, 64, PG_DYNSHMEM_DIR "/" PG_DYNSHMEM_MMAP_FILE_PREFIX "%u", data/postgresql-13-13.1/src/backend/storage/lmgr/lwlock.c:569:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, request->tranche_name); data/postgresql-13-13.1/src/backend/storage/smgr/md.c:360:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(segpath, "%s.%u", path, segno); data/postgresql-13-13.1/src/backend/tcop/dest.c:193:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(completionTag, COMPLETION_TAG_BUFSIZE, data/postgresql-13-13.1/src/backend/tsearch/spell.c:165:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(res, str); data/postgresql-13-13.1/src/backend/tsearch/spell.c:501:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Conf->Spell[Conf->nspell]->word, word); data/postgresql-13-13.1/src/backend/tsearch/spell.c:724:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmask, "%s$", mask); data/postgresql-13-13.1/src/backend/tsearch/spell.c:726:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmask, "^%s", mask); data/postgresql-13-13.1/src/backend/tsearch/spell.c:1590:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(*ptr, "%s,%s", Conf->AffixData[a1], Conf->AffixData[a2]); data/postgresql-13-13.1/src/backend/tsearch/spell.c:1597:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(*ptr, "%s%s", Conf->AffixData[a1], Conf->AffixData[a2]); data/postgresql-13-13.1/src/backend/tsearch/spell.c:2098:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newword, word); data/postgresql-13-13.1/src/backend/tsearch/spell.c:2099:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newword + len - Affix->replen, Affix->find); data/postgresql-13-13.1/src/backend/tsearch/spell.c:2111:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newword, Affix->find); data/postgresql-13-13.1/src/backend/tsearch/spell.c:2112:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newword, word + Affix->replen); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:1198:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define APPENDSTR(str) (strcpy(p, (str)), p += strlen(p)) data/postgresql-13-13.1/src/backend/utils/adt/cash.c:58:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s hundred", small[value / 100]); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:67:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s hundred %s", data/postgresql-13-13.1/src/backend/utils/adt/cash.c:70:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s hundred and %s", data/postgresql-13-13.1/src/backend/utils/adt/cash.c:73:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s hundred %s %s", data/postgresql-13-13.1/src/backend/utils/adt/cash.c:80:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", big[tu / 10]); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:82:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", small[tu]); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:84:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s %s", big[tu / 10], small[tu % 10]); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:982:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, num_word(m6)); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:988:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, num_word(m5)); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:994:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, num_word(m4)); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:1000:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, num_word(m3)); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:1006:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, num_word(m2)); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:1011:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, num_word(m1)); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:1016:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, (val / 100) == 1 ? " dollar and " : " dollars and "); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:1017:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, num_word(m0)); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:1018:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, m0 == 1 ? " cent" : " cents"); data/postgresql-13-13.1/src/backend/utils/adt/date.c:288:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, EARLY); data/postgresql-13-13.1/src/backend/utils/adt/date.c:290:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, LATE); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4142:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cp, "%s%s%d %s%s", data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4173:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cp, " %d %s%s", value, units, (value == 1) ? "" : "s"); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4338:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cp, "%s%s%02d:%02d:", data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4371:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cp, " sec%s", data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4536:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dtza->zone, abbr->zone); data/postgresql-13-13.1/src/backend/utils/adt/dbsize.c:542:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), INT64_FORMAT " bytes", size); data/postgresql-13-13.1/src/backend/utils/adt/dbsize.c:547:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), INT64_FORMAT " kB", data/postgresql-13-13.1/src/backend/utils/adt/dbsize.c:553:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), INT64_FORMAT " MB", data/postgresql-13-13.1/src/backend/utils/adt/dbsize.c:559:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), INT64_FORMAT " GB", data/postgresql-13-13.1/src/backend/utils/adt/dbsize.c:564:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), INT64_FORMAT " TB", data/postgresql-13-13.1/src/backend/utils/adt/format_type.c:463:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(result, typename); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:1561:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest, num); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:1562:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dest, get_th(num, type)); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2670:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, n->character); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2679:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, (tm->tm_hour % HOURS_PER_DAY >= HOURS_PER_DAY / 2) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2685:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, (tm->tm_hour % HOURS_PER_DAY >= HOURS_PER_DAY / 2) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2691:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, (tm->tm_hour % HOURS_PER_DAY >= HOURS_PER_DAY / 2) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2697:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, (tm->tm_hour % HOURS_PER_DAY >= HOURS_PER_DAY / 2) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2738:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s, frac_fmt, (int) (frac_val)); \ data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2779:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, p); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2788:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, tmtcTzn(in)); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2822:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, (tm->tm_year <= 0 ? B_C_STR : A_D_STR)); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2828:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, (tm->tm_year <= 0 ? BC_STR : AD_STR)); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2834:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, (tm->tm_year <= 0 ? b_c_STR : a_d_STR)); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2840:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, (tm->tm_year <= 0 ? bc_STR : ad_STR)); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2852:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, str); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2859:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -9, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2872:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, str); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2879:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -9, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2892:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, str); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2899:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -9, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2912:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, str); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2919:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, asc_toupper_z(months[tm->tm_mon - 1])); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2931:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, str); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2938:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, months[tm->tm_mon - 1]); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2950:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, str); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2957:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, asc_tolower_z(months[tm->tm_mon - 1])); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2974:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, str); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2981:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -9, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2992:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, str); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2999:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -9, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3010:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, str); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3017:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -9, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3028:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, str); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3035:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, asc_toupper_z(days_short[tm->tm_wday])); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3045:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, str); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3052:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, days_short[tm->tm_wday]); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3062:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, str); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3069:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, asc_tolower_z(days_short[tm->tm_wday])); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3213:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -4, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3220:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "%*s", S_FM(n->suffix) ? 0 : -4, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3907:3: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(old->str, str, DCH_CACHE_SIZE + 1); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3921:3: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(ent->str, str, DCH_CACHE_SIZE + 1); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:4819:3: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(old->str, str, NUM_CACHE_SIZE + 1); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:4833:3: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(ent->str, str, NUM_CACHE_SIZE + 1); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:4982:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(result, rm100[num]); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:4984:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(result, rm10[num]); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:4986:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(result, rm1[num]); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5369:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Np->inout_p, Np->L_negative_sign); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5371:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Np->inout_p, Np->L_positive_sign); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5437:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Np->inout_p, Np->decimal); /* Write DEC/D */ data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5447:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Np->inout_p, Np->decimal); /* Write DEC/D */ data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5507:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Np->inout_p, Np->L_negative_sign); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5509:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Np->inout_p, Np->L_positive_sign); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5565:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy(inout, number); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5797:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Np->inout_p, pattern); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5827:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Np->inout_p, pattern); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5840:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Np->inout_p, Np->number_p); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5845:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(Np->inout_p, "%15s", Np->number_p); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5853:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Np->inout_p, asc_tolower_z(Np->number_p)); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5858:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(Np->inout_p, "%15s", asc_tolower_z(Np->number_p)); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5870:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Np->inout_p, get_th(Np->number, TH_LOWER)); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5888:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Np->inout_p, get_th(Np->number, TH_UPPER)); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5975:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Np->inout_p, n->character); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:6166:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(numstr + 1, orgnum); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:6302:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(numstr, orgnum); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:6372:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(numstr + 1, orgnum); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:6411:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(numstr, orgnum); data/postgresql-13-13.1/src/backend/utils/adt/inet_cidr_ntop.c:35:27: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SPRINTF(x) strlen(sprintf/**/x) data/postgresql-13-13.1/src/backend/utils/adt/inet_cidr_ntop.c:37:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SPRINTF(x) ((size_t)sprintf x) data/postgresql-13-13.1/src/backend/utils/adt/inet_cidr_ntop.c:287:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dst, outbuf); data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_gram.c:817:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_scan.c:2437:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_scan.c:2438:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf(file, fmt, msg) fprintf_to_ereport(fmt, msg) data/postgresql-13-13.1/src/backend/utils/adt/name.c:237:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(NameStr(*n1), NameStr(*n2), NAMEDATALEN); data/postgresql-13-13.1/src/backend/utils/adt/name.c:254:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(NameStr(*name), str, NAMEDATALEN); data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:83:8: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #undef StrNCpy data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:85:8: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #ifdef StrNCpy data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:86:8: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #undef StrNCpy data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1036:5: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. wcscpy(argv[1], pStr); data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1059:6: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. wcscpy(argv[1], pStr); data/postgresql-13-13.1/src/backend/utils/adt/pg_lsn.c:239:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof buf, "-" UINT64_FORMAT, lsn2 - lsn1); data/postgresql-13-13.1/src/backend/utils/adt/pg_lsn.c:241:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof buf, UINT64_FORMAT, lsn1 - lsn2); data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:608:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(result, "%s.%s", nspname, oprname); data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:2492:3: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(NameStr(*result), NameStr(role_rec->rolname), NAMEDATALEN); data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:1530:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, EARLY); data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:1532:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, LATE); data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:1631:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), templ, tp.tv_usec); data/postgresql-13-13.1/src/backend/utils/adt/tsgistidx.c:113:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(outbuf, ARROUTSTR, (int) ARRNELEM(key)); data/postgresql-13-13.1/src/backend/utils/adt/tsgistidx.c:119:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(outbuf, SINGOUTSTR, cnttrue, (int) SIGLENBIT(siglen) - cnttrue); data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:1104:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(in->cur, " | %s", nrm.buf); data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:1107:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(in->cur, " & %s", nrm.buf); data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:1111:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(in->cur, " <%d> %s", distance, nrm.buf); data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:1113:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(in->cur, " <-> %s", nrm.buf); data/postgresql-13-13.1/src/backend/utils/adt/xid.c:173:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(result, 21, UINT64_FORMAT, U64FromFullTransactionId(fxid)); data/postgresql-13-13.1/src/backend/utils/error/elog.c:3436:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/postgresql-13-13.1/src/backend/utils/error/elog.c:3439:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(errbuf, sizeof(errbuf), fmt, ap); data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:233:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file_scanner->filename, libname); data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:662:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(full, "%s/%s", mangled, basename); data/postgresql-13-13.1/src/backend/utils/hash/dynahash.c:355:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hashp->tabname, tabname); data/postgresql-13-13.1/src/backend/utils/init/postinit.c:913:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(out_dbname, dbname); data/postgresql-13-13.1/src/backend/utils/init/postinit.c:1005:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(fullpath, F_OK) == -1) data/postgresql-13-13.1/src/backend/utils/misc/guc-file.c:776:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/postgresql-13-13.1/src/backend/utils/misc/guc-file.c:777:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf(file, fmt, msg) GUC_flex_fatal(msg) data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5595:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "%s/%s", configdir, CONFIG_FILENAME); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5688:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "%s/%s", configdir, HBA_FILENAME); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5711:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "%s/%s", configdir, IDENT_FILENAME); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:9822:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buffer, sizeof(buffer), INT64_FORMAT "%s", data/postgresql-13-13.1/src/backend/utils/misc/guc.c:10287:6: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. n = vsnprintf(*destptr, *maxbytes, fmt, vargs); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11629:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dname, "%s", newval); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11633:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tname, "%s/global.tmp", newval); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11635:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "%s/global.stat", newval); data/postgresql-13-13.1/src/backend/utils/misc/ps_status.c:319:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(ps_buffer, ps_buffer_size, data/postgresql-13-13.1/src/backend/utils/misc/ps_status.c:325:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(ps_buffer, ps_buffer_size, data/postgresql-13-13.1/src/backend/utils/misc/ps_status.c:414:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "pgident(%d): %s", MyProcPid, ps_buffer); data/postgresql-13-13.1/src/backend/utils/sort/sharedtuplestore.c:145:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sts->name, name); data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:1245:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, sizeof(path), SNAPSHOT_EXPORT_DIR "/%08X-%08X-%d", data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:1509:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, MAXPGPATH, SNAPSHOT_EXPORT_DIR "/%s", idstr); data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:1669:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), SNAPSHOT_EXPORT_DIR "/%s", s_de->d_name); data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:76:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fullname, name); data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:117:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tz.TZname, name); data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:460:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(std_zone_name, cbuf); data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:468:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dst_zone_name, cbuf); data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:494:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(resultbuf, std_zone_name); data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:595:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bestzonename, cur_name); data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:1614:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(localtzname, keyname); data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:1632:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(localtzname, keyname); data/postgresql-13-13.1/src/bin/initdb/initdb.c:310:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (fprintf(cmdfd, fmt, __VA_ARGS__) < 0 || fflush(cmdfd) < 0) \ data/postgresql-13-13.1/src/bin/initdb/initdb.c:426:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newline + pre + replen, lines[i] + pre + toklen); data/postgresql-13-13.1/src/bin/initdb/initdb.c:566:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. cmdfd = popen(command, mode); data/postgresql-13-13.1/src/bin/initdb/initdb.c:993:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status = system(cmd); data/postgresql-13-13.1/src/bin/initdb/initdb.c:1029:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status = system(cmd); data/postgresql-13-13.1/src/bin/initdb/initdb.c:1241:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s/postgresql.auto.conf", pg_data); data/postgresql-13-13.1/src/bin/initdb/initdb.c:2447:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bin_path, backend_exec); data/postgresql-13-13.1/src/bin/pg_archivecleanup/pg_archivecleanup.c:194:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(exclusiveCleanupFileName, restartWALFileName); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:810:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(totaldone_str, sizeof(totaldone_str), INT64_FORMAT, data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:812:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(totalsize_str, sizeof(totalsize_str), INT64_FORMAT, totalsize_kb); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:823:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:835:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:851:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, data/postgresql-13-13.1/src/bin/pg_basebackup/receivelog.c:464:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(slotcmd, "SLOT \"%s\" ", stream->replication_slot); data/postgresql-13-13.1/src/bin/pg_basebackup/streamutil.c:312:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(PQgetvalue(res, 0, 0), "%d%s", &xlog_val, xlog_unit) != 2) data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:1000:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tar_data->tarfilename, "%s%s", tarbase, suffix); data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:156:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(total_size_str, sizeof(total_size_str), INT64_FORMAT, data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:158:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(current_size_str, sizeof(current_size_str), INT64_FORMAT, data/postgresql-13-13.1/src/bin/pg_controldata/pg_controldata.c:180:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ngettext("The WAL segment size stored in the file, %d byte, is not a power of two\n" data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:212:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:223:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(errbuf, sizeof(errbuf), fmt, ap); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:229:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:497:9: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void) execl("/bin/sh", "/bin/sh", "-c", cmd, (char *) NULL); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:849:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(cmd) != 0) data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:2221:7: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fd = popen(cmd, "r"); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:456:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(line, "%u %s\n", &oid, fname) != 2) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:723:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, dname); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:725:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, relativeFilename); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:965:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "blob_%u.dat%s", oid, sfx); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1112:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf1, sizeof(buf1), INT64_FORMAT, (int64) len); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1113:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf2, sizeof(buf2), INT64_FORMAT, (int64) th->fileLen); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1149:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf1, sizeof(buf1), INT64_FORMAT, (int64) ctx->tarFHpos); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1150:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf2, sizeof(buf2), INT64_FORMAT, (int64) ctx->tarNextMember); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1161:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), INT64_FORMAT, (int64) ctx->tarFHpos); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1273:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(posbuf, sizeof(posbuf), UINT64_FORMAT, (uint64) hPos); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1274:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(lenbuf, sizeof(lenbuf), UINT64_FORMAT, (uint64) len); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1283:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(posbuf, sizeof(posbuf), UINT64_FORMAT, data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:17273:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufm, sizeof(bufm), INT64_FORMAT, default_minv); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:17274:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(bufx, sizeof(bufx), INT64_FORMAT, default_maxv); data/postgresql-13-13.1/src/bin/pg_dump/pg_dumpall.c:399:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(role_catalog, "%s", PG_ROLES); data/postgresql-13-13.1/src/bin/pg_dump/pg_dumpall.c:401:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(role_catalog, "%s", PG_AUTHID); data/postgresql-13-13.1/src/bin/pg_dump/pg_dumpall.c:1589:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ret = system(cmd->data); data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:562:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(fetch_done_str, sizeof(fetch_done_str), INT64_FORMAT, data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:564:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(fetch_size_str, sizeof(fetch_size_str), INT64_FORMAT, data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:941:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(cmd) != 0) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:196:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ngettext("%d second per test\n", data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:258:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(LABEL_FORMAT, "open_datasync"); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:264:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(NA_FORMAT, _("n/a*")); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:282:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(NA_FORMAT, _("n/a")); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:288:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(LABEL_FORMAT, "fdatasync"); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:307:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(NA_FORMAT, _("n/a")); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:313:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(LABEL_FORMAT, "fsync"); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:335:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(LABEL_FORMAT, "fsync_writethrough"); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:355:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(NA_FORMAT, _("n/a")); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:361:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(LABEL_FORMAT, "open_sync"); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:367:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(NA_FORMAT, _("n/a*")); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:392:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(NA_FORMAT, _("n/a")); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:428:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(LABEL_FORMAT, msg); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:433:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(NA_FORMAT, _("n/a*")); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:450:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(NA_FORMAT, _("n/a")); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:474:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(LABEL_FORMAT, "write, fsync, close"); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:502:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(LABEL_FORMAT, "write, close, fsync"); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:533:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(LABEL_FORMAT, "write"); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:586:2: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(_(OPS_FORMAT), per_second, avg_op_time_us); data/postgresql-13-13.1/src/bin/pg_test_timing/pg_test_timing.c:94:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ngettext("Testing timing overhead for %d second.\n", data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:635:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(script, RMDIR_CMD " %c%s%c\n", PATH_QUOTE, data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:653:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(script, RM_CMD " %s%cPG_VERSION\n", data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:658:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(script, RMDIR_CMD " %c%s%c%d%c\n", PATH_QUOTE, data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:671:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(script, RMDIR_CMD " %c%s%s%c\n", PATH_QUOTE, data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:126:17: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ((output = popen(cmd, "r")) == NULL) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:194:16: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ((output = popen(cmd, "r")) == NULL) data/postgresql-13-13.1/src/bin/pg_upgrade/dump.c:50:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sql_file_name, sizeof(sql_file_name), DB_DUMP_FILE_MASK, old_db->db_oid); data/postgresql-13-13.1/src/bin/pg_upgrade/dump.c:51:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(log_file_name, sizeof(log_file_name), DB_DUMP_LOG_FILE_MASK, old_db->db_oid); data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:42:16: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ((output = popen(cmd, "r")) == NULL || data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:101:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. written += vsnprintf(cmd + written, MAXCMDLEN - written, fmt, ap); data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:124:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. result = system(cmd); data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:173:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. result = system(cmd); data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:253:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(".", R_OK | W_OK | X_OK) != 0) data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:447:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, R_OK) != 0) data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:455:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, X_OK) != 0) data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:444:16: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ((output = popen(cmd, "r")) == NULL || data/postgresql-13-13.1/src/bin/pg_upgrade/parallel.c:76:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(cmd, sizeof(cmd), fmt, args); data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:340:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sql_file_name, sizeof(sql_file_name), DB_DUMP_FILE_MASK, old_db->db_oid); data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:341:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(log_file_name, sizeof(log_file_name), DB_DUMP_LOG_FILE_MASK, old_db->db_oid); data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:376:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sql_file_name, sizeof(sql_file_name), DB_DUMP_FILE_MASK, old_db->db_oid); data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:377:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(log_file_name, sizeof(log_file_name), DB_DUMP_LOG_FILE_MASK, old_db->db_oid); data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:702:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sql_file_name, sizeof(sql_file_name), DB_DUMP_FILE_MASK, old_db->db_oid); data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:705:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(log_file_name, sizeof(log_file_name), DB_DUMP_LOG_FILE_MASK, old_db->db_oid); data/postgresql-13-13.1/src/bin/pg_upgrade/server.c:128:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(query, sizeof(query), fmt, args); data/postgresql-13-13.1/src/bin/pg_upgrade/util.c:34:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message, sizeof(message), fmt, args); data/postgresql-13-13.1/src/bin/pg_upgrade/util.c:75:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message, sizeof(message), fmt, args); data/postgresql-13-13.1/src/bin/pg_upgrade/util.c:91:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message, sizeof(message), _(fmt), ap); data/postgresql-13-13.1/src/bin/pg_verifybackup/pg_verifybackup.c:802:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(pg_waldump_cmd) != 0) data/postgresql-13-13.1/src/bin/pg_waldump/pg_waldump.c:1066:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ngettext("first record is after %X/%X, at %X/%X, skipping over %u byte\n", data/postgresql-13-13.1/src/bin/pgbench/exprparse.c:738:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:1296:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(stringform, sizeof(stringform), data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:2562:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(command)) data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:2572:12: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ((fp = popen(command, "r")) == NULL) data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3514:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(logfile, " " INT64_FORMAT, agg->skipped); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3668:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(minvalue, INT64_FORMAT, (p - 1) * part_size + 1); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3671:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(maxvalue, INT64_FORMAT, p * part_size + 1); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3889:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sql, sizeof(sql), data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3913:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, INT64_FORMAT " of " INT64_FORMAT " tuples (%d%%) done (elapsed %.2f s, remaining %.2f s)%c", data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3930:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, INT64_FORMAT " of " INT64_FORMAT " tuples (%d%%) done (elapsed %.2f s, remaining %.2f s)%c", data/postgresql-13-13.1/src/bin/psql/command.c:2246:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newval, opt); data/postgresql-13-13.1/src/bin/psql/command.c:2567:11: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fd = popen(&fname[1], "w"); data/postgresql-13-13.1/src/bin/psql/command.c:3654:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. result = system(sys); data/postgresql-13-13.1/src/bin/psql/command.c:4413:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(ngettext("Pager won't be used for less than %d line.\n", data/postgresql-13-13.1/src/bin/psql/command.c:4704:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. result = system(sys); data/postgresql-13-13.1/src/bin/psql/command.c:4708:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. result = system(command); data/postgresql-13-13.1/src/bin/psql/common.c:59:11: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. *fout = popen(fname + 1, "w"); data/postgresql-13-13.1/src/bin/psql/common.c:1792:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), INT64_FORMAT, total_tuples); data/postgresql-13-13.1/src/bin/psql/copy.c:294:18: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. copystream = popen(options->file, PG_BINARY_R); data/postgresql-13-13.1/src/bin/psql/copy.c:314:18: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. copystream = popen(options->file, PG_BINARY_W); data/postgresql-13-13.1/src/bin/psql/large_obj.c:29:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(pset.queryFout, fmt, ap); data/postgresql-13-13.1/src/bin/psql/large_obj.c:41:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(pset.logfile, fmt, ap); data/postgresql-13-13.1/src/bin/psql/prompt.c:249:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, sizeof(buf), UINT64_FORMAT, pset.stmt_lineno); data/postgresql-13-13.1/src/bin/psql/prompt.c:268:21: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE *fd = popen(file, "r"); data/postgresql-13-13.1/src/bin/psql/psqlscanslash.c:3435:7: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fd = popen(cmd, "r"); data/postgresql-13-13.1/src/bin/psql/startup.c:803:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(psqlrc_minor, R_OK) == 0) data/postgresql-13-13.1/src/bin/psql/startup.c:805:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. else if (access(psqlrc_major, R_OK) == 0) data/postgresql-13-13.1/src/bin/psql/startup.c:807:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. else if (access(filename, R_OK) == 0) data/postgresql-13-13.1/src/bin/psql/stringutils.c:81:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(storage, s); data/postgresql-13-13.1/src/bin/psql/tab-complete.c:3566:6: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(querybuf, sizeof(querybuf), data/postgresql-13-13.1/src/bin/psql/tab-complete.c:4901:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(workspace + 1, fname); data/postgresql-13-13.1/src/common/exec.c:45:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (fprintf(stderr, __VA_ARGS__), fputc('\n', stderr)) data/postgresql-13-13.1/src/common/exec.c:103:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. is_r = (access(path, R_OK) == 0); data/postgresql-13-13.1/src/common/exec.c:104:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. is_x = (access(path, X_OK) == 0); data/postgresql-13-13.1/src/common/exec.c:147:4: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(retpath, argv0, MAXPGPATH); data/postgresql-13-13.1/src/common/exec.c:187:4: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(test_path, startp, Min(endp - startp + 1, MAXPGPATH)); data/postgresql-13-13.1/src/common/exec.c:291:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, link_buf); data/postgresql-13-13.1/src/common/exec.c:368:15: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if ((pgver = popen(cmd, "r")) == NULL) data/postgresql-13-13.1/src/common/ip.c:218:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(unp->sun_path, path); data/postgresql-13-13.1/src/common/logging.c:215:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, ANSI_ESCAPE_FMT, sgr_locus); data/postgresql-13-13.1/src/common/logging.c:222:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, UINT64_FORMAT ":", lineno); data/postgresql-13-13.1/src/common/logging.c:226:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, ANSI_ESCAPE_RESET); data/postgresql-13-13.1/src/common/logging.c:235:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, ANSI_ESCAPE_FMT, sgr_error); data/postgresql-13-13.1/src/common/logging.c:238:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, ANSI_ESCAPE_RESET); data/postgresql-13-13.1/src/common/logging.c:242:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, ANSI_ESCAPE_FMT, sgr_error); data/postgresql-13-13.1/src/common/logging.c:245:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, ANSI_ESCAPE_RESET); data/postgresql-13-13.1/src/common/logging.c:249:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, ANSI_ESCAPE_FMT, sgr_warning); data/postgresql-13-13.1/src/common/logging.c:252:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, ANSI_ESCAPE_RESET); data/postgresql-13-13.1/src/common/logging.c:262:17: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. required_len = vsnprintf(NULL, 0, fmt, ap2) + 1; data/postgresql-13-13.1/src/common/logging.c:272:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/postgresql-13-13.1/src/common/logging.c:276:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, required_len, fmt, ap); data/postgresql-13-13.1/src/common/psprintf.c:110:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. nprinted = vsnprintf(buf, len, fmt, args); data/postgresql-13-13.1/src/fe_utils/archive.c:61:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. rc = system(xlogRestoreCmd); data/postgresql-13-13.1/src/fe_utils/print.c:283:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&new_str[new_str_pos], thousands_sep); data/postgresql-13-13.1/src/fe_utils/print.c:293:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&new_str[new_str_pos], decimal_point); data/postgresql-13-13.1/src/fe_utils/print.c:299:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&new_str[new_str_pos], &my_str[i]); data/postgresql-13-13.1/src/fe_utils/print.c:349:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(default_footer, sizeof(default_footer), data/postgresql-13-13.1/src/fe_utils/print.c:3025:16: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pagerpipe = popen(pagerprog, "w"); data/postgresql-13-13.1/src/fe_utils/simple_list.c:72:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cell->val, val); data/postgresql-13-13.1/src/include/access/hash.h:406:14: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int access, int flags); data/postgresql-13-13.1/src/include/access/hash.h:412:18: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int access, data/postgresql-13-13.1/src/include/access/hash.h:420:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int access, int flags, data/postgresql-13-13.1/src/include/access/nbtree.h:1066:45: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. extern Buffer _bt_getroot(Relation rel, int access); data/postgresql-13-13.1/src/include/access/nbtree.h:1072:63: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. extern Buffer _bt_getbuf(Relation rel, BlockNumber blkno, int access); data/postgresql-13-13.1/src/include/access/nbtree.h:1074:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. BlockNumber blkno, int access); data/postgresql-13-13.1/src/include/access/nbtree.h:1091:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int access, Snapshot snapshot); data/postgresql-13-13.1/src/include/access/nbtree.h:1093:43: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. bool forupdate, BTStack stack, int access, Snapshot snapshot); data/postgresql-13-13.1/src/include/access/xlog_internal.h:197:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, MAXPGPATH, XLOGDIR "/%08X%08X%08X", tli, \ data/postgresql-13-13.1/src/include/access/xlog_internal.h:210:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, MAXPGPATH, XLOGDIR "/%08X.history", tli) data/postgresql-13-13.1/src/include/access/xlog_internal.h:213:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, MAXPGPATH, XLOGDIR "/archive_status/%s%s", xlog, suffix) data/postgresql-13-13.1/src/include/access/xlog_internal.h:227:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(path, MAXPGPATH, XLOGDIR "/%08X%08X%08X.%08X.backup", tli, \ data/postgresql-13-13.1/src/include/c.h:944:9: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define StrNCpy(dst,src,len) \ data/postgresql-13-13.1/src/include/catalog/objectaccess.h:125:59: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. typedef void (*object_access_hook_type) (ObjectAccessType access, data/postgresql-13-13.1/src/include/executor/execdebug.h:71:26: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define NL_printf(s) printf(s) data/postgresql-13-13.1/src/include/executor/execdebug.h:72:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define NL1_printf(s, a) printf(s, a) data/postgresql-13-13.1/src/include/executor/execdebug.h:87:26: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define SO_printf(s) printf(s) data/postgresql-13-13.1/src/include/executor/execdebug.h:88:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define SO1_printf(s, p) printf(s, p) data/postgresql-13-13.1/src/include/executor/execdebug.h:89:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define SO2_printf(s, p1, p2) printf(s, p1, p2) data/postgresql-13-13.1/src/include/executor/execdebug.h:104:26: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define MJ_printf(s) printf(s) data/postgresql-13-13.1/src/include/executor/execdebug.h:105:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define MJ1_printf(s, p) printf(s, p) data/postgresql-13-13.1/src/include/executor/execdebug.h:106:33: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define MJ2_printf(s, p1, p2) printf(s, p1, p2) data/postgresql-13-13.1/src/include/jit/llvmjit_emit.h:142:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, args); data/postgresql-13-13.1/src/include/jit/llvmjit_emit.h:162:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, args); data/postgresql-13-13.1/src/include/port.h:150:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #ifdef vsnprintf data/postgresql-13-13.1/src/include/port.h:151:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef vsnprintf data/postgresql-13-13.1/src/include/port.h:153:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #ifdef snprintf data/postgresql-13-13.1/src/include/port.h:154:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef snprintf data/postgresql-13-13.1/src/include/port.h:156:8: [4] (buffer) vsprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #ifdef vsprintf data/postgresql-13-13.1/src/include/port.h:157:8: [4] (buffer) vsprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #undef vsprintf data/postgresql-13-13.1/src/include/port.h:159:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #ifdef sprintf data/postgresql-13-13.1/src/include/port.h:160:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #undef sprintf data/postgresql-13-13.1/src/include/port.h:162:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #ifdef vfprintf data/postgresql-13-13.1/src/include/port.h:163:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef vfprintf data/postgresql-13-13.1/src/include/port.h:165:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #ifdef fprintf data/postgresql-13-13.1/src/include/port.h:166:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/postgresql-13-13.1/src/include/port.h:168:8: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #ifdef vprintf data/postgresql-13-13.1/src/include/port.h:169:8: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef vprintf data/postgresql-13-13.1/src/include/port.h:171:8: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #ifdef printf data/postgresql-13-13.1/src/include/port.h:172:8: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef printf data/postgresql-13-13.1/src/include/port.h:192:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf pg_vsnprintf data/postgresql-13-13.1/src/include/port.h:193:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf pg_snprintf data/postgresql-13-13.1/src/include/port.h:194:9: [4] (buffer) vsprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define vsprintf pg_vsprintf data/postgresql-13-13.1/src/include/port.h:195:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define sprintf pg_sprintf data/postgresql-13-13.1/src/include/port.h:196:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define vfprintf pg_vfprintf data/postgresql-13-13.1/src/include/port.h:197:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf pg_fprintf data/postgresql-13-13.1/src/include/port.h:198:9: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define vprintf pg_vprintf data/postgresql-13-13.1/src/include/port.h:199:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printf(...) pg_printf(__VA_ARGS__) data/postgresql-13-13.1/src/include/port.h:284:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #ifdef popen data/postgresql-13-13.1/src/include/port.h:285:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #undef popen data/postgresql-13-13.1/src/include/port.h:298:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #define system(a) pgwin32_system(a) data/postgresql-13-13.1/src/include/port.h:299:9: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #define popen(a,b) pgwin32_popen(a,b) data/postgresql-13-13.1/src/include/regex/regguts.h:112:53: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define FDEBUG(arglist) { if (v->eflags®_FTRACE) printf arglist; } data/postgresql-13-13.1/src/include/regex/regguts.h:114:53: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define MDEBUG(arglist) { if (v->eflags®_MTRACE) printf arglist; } data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:406:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cp, str); data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:491:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, tmp); data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:635:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(output, asctime); data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:823:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp, tmp); data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:912:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(temp, tmp); data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:925:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(outbuf, tmp); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/descriptor.c:830:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new->name, name); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:30:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:37:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:44:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:51:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:58:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:65:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:72:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:79:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:87:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:92:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:99:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:106:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:113:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:120:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:127:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:134:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:141:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:148:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:155:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:162:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:169:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:176:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:183:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:190:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:197:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:204:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(sqlca->sqlerrm.sqlerrmc, sizeof(sqlca->sqlerrm.sqlerrmc), data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:347:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, ecpg_gettext("SQL error: %s\n"), sqlca->sqlerrm.sqlerrmc); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:462:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ptr, "%s%s", "NaN", delim); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:466:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ptr, "%s%s", "-Infinity", delim); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:468:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ptr, "%s%s", "Infinity", delim); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:471:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ptr, "%.15g%s", value, delim); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:478:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ptr, "%s%s", "NaN", delim); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:482:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ptr, "%s%s", "-Infinity", delim); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:484:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ptr, "%s%s", "Infinity", delim); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:487:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ptr, "%.15g%s", value, delim); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1142:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcopy, stmt->command); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1143:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcopy + position - 1, tobeinserted); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1149:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newcopy, data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1464:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "\"%s\"", tobeinserted); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/misc.c:299:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(debugstream, fmt, ap); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/prepare.c:142:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcopy + ptr, buffer); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/prepare.c:143:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newcopy, (*text) +ptr + len); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/prepare.c:277:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(text, "deallocate \"%s\"", this->name); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/sqlda.c:232:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fname, PQfname(res, i)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/sqlda.c:437:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sqlda->sqlvar[i].sqlname.data, fname); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/common.c:88:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. i = snprintf(t, PGTYPES_FMT_NUM_MAX_DIGITS, data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/common.c:130:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(*output, t); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:212:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outbuf, fmtstring); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:681:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%04d-%02d-%02d %s", data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:694:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str + 5, "/%04d %s", -(tm->tm_year - 1), "BC"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:703:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str + 5, ".%04d %s", -(tm->tm_year - 1), "BC"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:716:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str + 5, "-%04d %s", -(tm->tm_year - 1), "BC"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:900:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str + 4, "%02d %3s", tm->tm_mday, months[tm->tm_mon - 1]); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:902:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str + 4, "%3s %02d", months[tm->tm_mon - 1], tm->tm_mday); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1017:4: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(*tzn, tm->tm_zone, MAXTZLEN + 1); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1035:4: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(*tzn, TZNAME_GLOBAL[tm->tm_isdst], MAXTZLEN + 1); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2663:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmp, pfmt); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2788:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmp, pfmt); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2796:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmp, pfmt); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2841:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmp, pfmt); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:697:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cp, " %d %s%s", value, units, (value == 1) ? "" : "s"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:709:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cp, "%s%s%d %s%s", data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:894:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cp, "%s%s%02d:%02d:", data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:927:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cp, " sec%s", data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/timestamp.c:198:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, EARLY); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/timestamp.c:200:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(str, LATE); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/descriptor.c:27:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new->variable, var); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/descriptor.c:87:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new->name, name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/descriptor.c:91:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(new->connection, connection); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:293:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(input_filename, argv[fnr]); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:322:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(output_filename, input_filename); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:163:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, error, ap); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:215:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(res_str, str1); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:218:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(res_str, str2); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:249:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(res_str, str1); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:250:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(res_str, str2); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:261:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(res_str, str1); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:262:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(res_str, str2); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:263:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(res_str, str3); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:461:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(var_text, "%d, %s", ecpg_internal_var++, var_ptr ? "&(" : "("); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:548:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(var_text, "%d, %s", ecpg_internal_var++, var_ptr ? "&(" : "("); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:33867:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:47800:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(curname, ":%s", (yyvsp[0].str)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57066:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(thisquery->name, "ECPGprepared_statement(%s, %s, __LINE__)", con, (yyvsp[0].str)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57958:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(length, "sizeof(%s)", (yyvsp[0].str)+2); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58264:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((yyval.str), "1, %s, %s", con, (yyvsp[-1].str)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58280:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((yyval.str), "0, %s, %s", con, (yyvsp[-1].str)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58290:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((yyval.str), "0, %s, %s", con, (yyvsp[-1].str)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58301:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((yyval.str), "1, %s, %s", con, (yyvsp[-1].str)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58311:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((yyval.str), "0, %s, %s", con, (yyvsp[-1].str)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:448:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(variable, "(%s%s)", prefix ? prefix : "", name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:450:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(variable, "&(%s%s)", prefix ? prefix : "", name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:462:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(offset, "sizeof(%s_%d)", struct_name, counter); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:464:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(offset, "sizeof(%s)", struct_name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:483:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(variable, "(%s%s)", prefix ? prefix : "", name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:495:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(variable, "&(%s%s)", prefix ? prefix : "", name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:497:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(offset, "(%s)*sizeof(%s)", strcmp(varcharsize, "0") == 0 ? "1" : varcharsize, sizeof_name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:505:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(variable, "&(%s%s)", prefix ? prefix : "", name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:513:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(variable, "&(%s%s)", prefix ? prefix : "", name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:521:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(variable, "&(%s%s)", prefix ? prefix : "", name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:529:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(variable, "&(%s%s)", prefix ? prefix : "", name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:537:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(variable, "\"%s\"", name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:538:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(offset, "strlen(\"%s\")", name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:549:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(variable, "(%s%s)", prefix ? prefix : "", name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:551:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(variable, "&(%s%s)", prefix ? prefix : "", name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:553:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(offset, "sizeof(%s)", ecpg_type_name(type)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:593:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pbuf, "%s%s.", prefix ? prefix : "", name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:595:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pbuf, "%s%s->", prefix ? prefix : "", name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:604:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ind_pbuf, "%s%s.", ind_prefix ? ind_prefix : "", ind_name); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:606:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ind_pbuf, "%s%s->", ind_prefix ? ind_prefix : "", ind_name); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/test_informix2.pgc:21:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errorstring, "**SQL error %ld doing '%s' in function '%s'. [%s]", data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:111:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errorstring, "**SQL error %ld doing '%s' in function '%s'. [%s]", data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.c:145:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(t, "%s %s", dates[i], times[j]); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:669:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(curname4.arr, CURNAME); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:158:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( data/postgresql-13-13.1/src/interfaces/ecpg/test/pg_regress_ecpg.c:66:5: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(n, p + 1, plen); data/postgresql-13-13.1/src/interfaces/ecpg/test/pgtypeslib/dt_test2.pgc:110:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(t, "%s %s", dates[i], times[j]); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:197:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(curname4.arr, CURNAME); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:43:4: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf( data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:397:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(conn->sspitarget, "%s/%s", conn->krbsrvname, host); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:1233:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(algobuf, val); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:6761:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(qbuf, query, encoding); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:6969:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:6978:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:308:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest->cmdStatus, src->cmdStatus); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:651:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(space, str); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:882:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(msgBuf, sizeof(msgBuf), libpq_gettext(fmt), args); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:907:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(res->errMsg, "%s\n", msgBuf); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:1005:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pfield->contents, value); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:1052:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr, name); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:1055:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr, value); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:113:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, libpq_gettext("out of memory\n")); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:118:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, libpq_gettext("out of memory\n")); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:123:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, libpq_gettext("out of memory\n")); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:190:12: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fout = popen(pagerenv, "w"); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:212:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, libpq_gettext("out of memory\n")); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:221:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fout, libpq_gettext("%-*s%s Value\n"), data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:224:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fout, libpq_gettext("%s%sValue\n"), libpq_gettext("Field"), po->fieldSep); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:264:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fout, libpq_gettext("-- RECORD %d --\n"), i); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:399:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, libpq_gettext("out of memory\n")); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:402:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fields[i * nFields + j], pval); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:469:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, libpq_gettext("out of memory\n")); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:515:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fout, data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:519:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fout, fieldNotNum[j] ? "%-*s" : "%*s", fieldMax[j], s); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:552:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fout, data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:611:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, libpq_gettext("out of memory\n")); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:694:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(formatString, "%%s %%-%ds", colWidth); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:696:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(formatString, "%%s %%s"); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:709:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, libpq_gettext("out of memory\n")); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:722:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fout, formatString, data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:742:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(fout, formatString, data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:148:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(setQuery, "SET %s = DEFAULT", data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:151:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(setQuery, "SET %s = '%.60s'", data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:1136:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newNotify->relname, conn->workBuffer.data); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:1446:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newNotify->relname, svname); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:1448:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newNotify->extra, conn->workBuffer.data); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:2168:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(packet + packet_len, optname); \ data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:2171:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(packet + packet_len, optval); \ data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:1462:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(errbuf, SSL_ERR_LEN, libpq_gettext("no SSL error reported")); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:1471:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(errbuf, SSL_ERR_LEN, libpq_gettext("SSL error code %lu"), ecode); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:1718:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, libpq_gettext("WARNING: sslpassword truncated\n")); data/postgresql-13-13.1/src/interfaces/libpq/pqexpbuffer.c:310:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. nprinted = vsnprintf(str->data + str->len, avail, fmt, args); data/postgresql-13-13.1/src/interfaces/libpq/win32.c:226:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest, e->description); data/postgresql-13-13.1/src/interfaces/libpq/win32.c:314:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(strerrbuf, libpq_gettext("unrecognized socket error: 0x%08X/%d"), err, err); data/postgresql-13-13.1/src/pl/plperl/plperl.c:2089:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(subname, "%s__%u", prodesc->proname, fn_oid); data/postgresql-13-13.1/src/pl/plperl/plperl.h:32:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef vsnprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:33:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef snprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:34:8: [4] (buffer) vsprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #undef vsprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:35:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #undef sprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:36:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef vfprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:37:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:38:8: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef vprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:39:8: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef printf data/postgresql-13-13.1/src/pl/plperl/plperl.h:114:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #ifdef vsnprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:115:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef vsnprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:117:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #ifdef snprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:118:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef snprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:120:8: [4] (buffer) vsprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #ifdef vsprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:121:8: [4] (buffer) vsprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #undef vsprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:123:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #ifdef sprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:124:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #undef sprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:126:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #ifdef vfprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:127:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef vfprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:129:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #ifdef fprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:130:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:132:8: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #ifdef vprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:133:8: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef vprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:135:8: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #ifdef printf data/postgresql-13-13.1/src/pl/plperl/plperl.h:136:8: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef printf data/postgresql-13-13.1/src/pl/plperl/plperl.h:139:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf pg_vsnprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:140:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf pg_snprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:141:9: [4] (buffer) vsprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define vsprintf pg_vsprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:142:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define sprintf pg_sprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:143:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define vfprintf pg_vfprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:144:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf pg_fprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:145:9: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define vprintf pg_vprintf data/postgresql-13-13.1/src/pl/plperl/plperl.h:146:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printf(...) pg_printf(__VA_ARGS__) data/postgresql-13-13.1/src/pl/plperl/ppport.h:6695:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. retval = vsnprintf(buffer, len, format, ap); data/postgresql-13-13.1/src/pl/plperl/ppport.h:6697:14: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. retval = vsprintf(buffer, format, ap); data/postgresql-13-13.1/src/pl/plperl/ppport.h:6726:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer, pat, args); data/postgresql-13-13.1/src/pl/plpgsql/src/pl_funcs.c:104:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(nse->name, name); data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c:1452:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/postgresql-13-13.1/src/pl/plpython/plpy_elog.c:485:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), dgettext(TEXTDOMAIN, fmt), ap); data/postgresql-13-13.1/src/pl/plpython/plpy_elog.c:501:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), data/postgresql-13-13.1/src/pl/plpython/plpython.h:36:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef vsnprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:37:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef snprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:38:8: [4] (buffer) vsprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #undef vsprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:39:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #undef sprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:40:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef vfprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:41:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:42:8: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef vprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:43:8: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef printf data/postgresql-13-13.1/src/pl/plpython/plpython.h:101:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #ifdef vsnprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:102:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef vsnprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:104:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #ifdef snprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:105:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef snprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:107:8: [4] (buffer) vsprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #ifdef vsprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:108:8: [4] (buffer) vsprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #undef vsprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:110:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #ifdef sprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:111:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #undef sprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:113:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #ifdef vfprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:114:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef vfprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:116:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #ifdef fprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:117:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:119:8: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #ifdef vprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:120:8: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef vprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:122:8: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #ifdef printf data/postgresql-13-13.1/src/pl/plpython/plpython.h:123:8: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef printf data/postgresql-13-13.1/src/pl/plpython/plpython.h:126:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf pg_vsnprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:127:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf pg_snprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:128:9: [4] (buffer) vsprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define vsprintf pg_vsprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:129:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define sprintf pg_sprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:130:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define vfprintf pg_vfprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:131:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf pg_fprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:132:9: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define vprintf pg_vprintf data/postgresql-13-13.1/src/pl/plpython/plpython.h:133:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printf(...) pg_printf(__VA_ARGS__) data/postgresql-13-13.1/src/pl/tcl/pltcl.c:1600:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(proc_internal_args, buf); data/postgresql-13-13.1/src/port/chklocale.c:276:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(r, "CP%s", codepage); data/postgresql-13-13.1/src/port/chklocale.c:278:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(r, codepage); data/postgresql-13-13.1/src/port/dirent.c:64:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(d->dirname, dirname); data/postgresql-13-13.1/src/port/dirent.c:106:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(d->ret.d_name, fd.cFileName); /* Both strings are MAX_PATH long */ data/postgresql-13-13.1/src/port/inet_net_ntop.c:51:27: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SPRINTF(x) strlen(sprintf/**/x) data/postgresql-13-13.1/src/port/inet_net_ntop.c:53:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define SPRINTF(x) ((size_t)sprintf x) data/postgresql-13-13.1/src/port/inet_net_ntop.c:295:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dst, tmp); data/postgresql-13-13.1/src/port/path.c:674:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(new, "%s/%s", buf, path); data/postgresql-13-13.1/src/port/snprintf.c:103:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef vsnprintf data/postgresql-13-13.1/src/port/snprintf.c:104:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #undef snprintf data/postgresql-13-13.1/src/port/snprintf.c:105:8: [4] (buffer) vsprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #undef vsprintf data/postgresql-13-13.1/src/port/snprintf.c:106:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #undef sprintf data/postgresql-13-13.1/src/port/snprintf.c:107:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef vfprintf data/postgresql-13-13.1/src/port/snprintf.c:108:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef fprintf data/postgresql-13-13.1/src/port/snprintf.c:109:8: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef vprintf data/postgresql-13-13.1/src/port/snprintf.c:110:8: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #undef printf data/postgresql-13-13.1/src/port/snprintf.c:1186:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. vallen = sprintf(convert, fmt, prec, value); data/postgresql-13-13.1/src/port/snprintf.c:1193:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. vallen = sprintf(convert, fmt, value); data/postgresql-13-13.1/src/port/snprintf.c:1322:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. vallen = sprintf(convert, fmt, precision, value); data/postgresql-13-13.1/src/port/system.c:49:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #undef system data/postgresql-13-13.1/src/port/system.c:50:8: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #undef popen data/postgresql-13-13.1/src/port/system.c:75:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. res = system(buf); data/postgresql-13-13.1/src/port/unsetenv.c:46:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(envstr, "%s=", name); data/postgresql-13-13.1/src/port/win32env.c:122:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(envbuf, "%s=", name); data/postgresql-13-13.1/src/port/win32security.c:36:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, fmt, ap); data/postgresql-13-13.1/src/test/isolation/specparse.c:625:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define YYFPRINTF fprintf data/postgresql-13-13.1/src/test/modules/ssl_passphrase_callback/ssl_passphrase_func.c:77:2: [4] (buffer) StrNCpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). StrNCpy(buf, ssl_passphrase, size); data/postgresql-13-13.1/src/test/modules/test_bloomfilter/test_bloomfilter.c:40:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(element, sizeof(element), "i" INT64_FORMAT, i); data/postgresql-13-13.1/src/test/modules/test_bloomfilter/test_bloomfilter.c:61:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(element, sizeof(element), "M" INT64_FORMAT, i); data/postgresql-13-13.1/src/test/regress/pg_regress.c:214:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(tmp, sizeof(tmp), fmt, ap); data/postgresql-13-13.1/src/test/regress/pg_regress.c:230:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, fmt, ap); data/postgresql-13-13.1/src/test/regress/pg_regress.c:237:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(logfile, fmt, ap); data/postgresql-13-13.1/src/test/regress/pg_regress.c:275:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. r = system(buf); data/postgresql-13-13.1/src/test/regress/pg_regress.c:451:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(string, replacement); data/postgresql-13-13.1/src/test/regress/pg_regress.c:452:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(string, dup + (ptr - string) + strlen(replace)); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1117:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(query_formatted, sizeof(query_formatted), query, args); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1138:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(psql_cmd) != 0) data/postgresql-13-13.1/src/test/regress/pg_regress.c:1185:3: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(shellprog, shellprog, "-c", cmdline2, (char *) NULL); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1316:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, expectfile); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1338:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. r = system(cmd); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1395:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(++p, platform_expectfile); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1415:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(best_expect_file, expectfile); data/postgresql-13-13.1/src/test/regress/pg_regress.c:2328:7: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(buf)) data/postgresql-13-13.1/src/test/regress/pg_regress.c:2401:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(buf2) == 0) data/postgresql-13-13.1/src/test/regress/pg_regress.c:2464:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(buf2) == 0) data/postgresql-13-13.1/src/test/regress/regress.c:414:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(query, "INSERT INTO %s VALUES (", relname); data/postgresql-13-13.1/src/test/regress/regress.c:417:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(query + strlen(query), "$%d%s", data/postgresql-13-13.1/src/timezone/localtime.c:451:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sp->chars + j, tsabbr); data/postgresql-13-13.1/src/timezone/pgtz.c:103:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fullname + fullnamelen + 1, name); data/postgresql-13-13.1/src/timezone/pgtz.c:283:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(canonname, uppername); data/postgresql-13-13.1/src/timezone/pgtz.c:293:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(canonname, uppername); data/postgresql-13-13.1/src/timezone/pgtz.c:303:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tzp->tz.TZname, canonname); data/postgresql-13-13.1/src/timezone/strftime.c:520:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, format, n); data/postgresql-13-13.1/src/timezone/zic.c:494:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, string, args); data/postgresql-13-13.1/src/timezone/zic.c:968:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, directory); data/postgresql-13-13.1/src/timezone/zic.c:970:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result + len + needslash, target); data/postgresql-13-13.1/src/timezone/zic.c:1119:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&nameslashdot[n], &"/."[!(n && name[n - 1] != '/')]); data/postgresql-13-13.1/src/timezone/zic.c:2424:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&thischars[thischarcnt], thisabbr); data/postgresql-13-13.1/src/timezone/zic.c:2645:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(abbr, format, letters); data/postgresql-13-13.1/src/timezone/zic.c:2649:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(abbr, slashp + 1); data/postgresql-13-13.1/src/timezone/zic.c:3277:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(startbuf, zp->z_format); data/postgresql-13-13.1/src/timezone/zic.c:3937:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&chars[charcnt], string); data/postgresql-13-13.1/contrib/amcheck/verify_nbtree.c:467:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. seed = random(); data/postgresql-13-13.1/contrib/auto_explain/auto_explain.c:278:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. current_query_sampled = (random() < auto_explain_sample_rate * data/postgresql-13-13.1/contrib/oid2name/oid2name.c:118:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "d:f:h:H:io:p:qsSt:U:x", long_options, &optindex)) != -1) data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:676:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "cdk:lr:s:t:w:")) != -1) data/postgresql-13-13.1/contrib/tablefunc/tablefunc.c:287:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. u1 = (float8) random() / (float8) MAX_RANDOM_VALUE; data/postgresql-13-13.1/contrib/tablefunc/tablefunc.c:288:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. u2 = (float8) random() / (float8) MAX_RANDOM_VALUE; data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:496:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "h:l:np:U:vwW", long_options, &optindex)) != -1) data/postgresql-13-13.1/src/backend/access/gin/ginget.c:790:31: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define gin_rand() (((double) random()) / ((double) MAX_RANDOM_VALUE)) data/postgresql-13-13.1/src/backend/access/gist/gistutil.c:510:26: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. keep_current_best = (random() <= (MAX_RANDOM_VALUE / 2)) ? 1 : 0; data/postgresql-13-13.1/src/backend/access/gist/gistutil.c:532:26: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. keep_current_best = (random() <= (MAX_RANDOM_VALUE / 2)) ? 1 : 0; data/postgresql-13-13.1/src/backend/access/nbtree/nbtinsert.c:969:5: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random() <= (MAX_RANDOM_VALUE / 100)) data/postgresql-13-13.1/src/backend/access/spgist/spgdoinsert.c:2148:35: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. out.result.matchNode.nodeN = random() % innerTuple->nNodes; data/postgresql-13-13.1/src/backend/access/transam/xact.c:1915:4: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random() <= log_xact_sample_rate * MAX_RANDOM_VALUE); data/postgresql-13-13.1/src/backend/bootstrap/bootstrap.c:229:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((flag = getopt(argc, argv, "B:c:d:D:Fkr:x:X:-:")) != -1) data/postgresql-13-13.1/src/backend/commands/analyze.c:1062:58: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. nblocks = BlockSampler_Init(&bs, totalblocks, targrows, random()); data/postgresql-13-13.1/src/backend/executor/nodeSamplescan.c:157:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. scanstate->seed = random(); data/postgresql-13-13.1/src/backend/libpq/auth.c:1078:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("KRB5_KTNAME") == NULL) data/postgresql-13-13.1/src/backend/libpq/auth.c:1518:12: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. secur32 = LoadLibrary("SECUR32.DLL"); data/postgresql-13-13.1/src/backend/libpq/auth.c:2512:17: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. ldaphandle = LoadLibrary("WLDAP32.DLL"); data/postgresql-13-13.1/src/backend/port/sysv_shmem.c:141:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *pg_shmem_addr = getenv("PG_SHMEM_ADDR"); data/postgresql-13-13.1/src/backend/port/win32/crashdump.c:118:10: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hDll = LoadLibrary("dbghelp.dll"); data/postgresql-13-13.1/src/backend/port/win32/signal.c:74:2: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&pg_signal_crit_sec); data/postgresql-13-13.1/src/backend/port/win32/signal.c:113:2: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&pg_signal_crit_sec); data/postgresql-13-13.1/src/backend/port/win32/signal.c:133:6: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&pg_signal_crit_sec); data/postgresql-13-13.1/src/backend/port/win32/signal.c:221:2: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&pg_signal_crit_sec); data/postgresql-13-13.1/src/backend/port/win32/timer.c:52:4: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&timerCommArea.crit_sec); data/postgresql-13-13.1/src/backend/port/win32/timer.c:103:3: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&timerCommArea.crit_sec); data/postgresql-13-13.1/src/backend/port/win32/timer.c:113:2: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&timerCommArea.crit_sec); data/postgresql-13-13.1/src/backend/postmaster/fork_process.c:86:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. oomfilename = getenv("PG_OOM_ADJUST_FILE"); data/postgresql-13-13.1/src/backend/postmaster/fork_process.c:99:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *oomvalue = getenv("PG_OOM_ADJUST_VALUE"); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:693:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "B:bc:C:D:d:EeFf:h:ijk:lN:nOo:Pp:r:S:sTt:W:-:")) != -1) data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:2666:2: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(rseed); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4773:7: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (!CreateProcess(NULL, cmdLine, NULL, NULL, TRUE, CREATE_SUSPENDED, data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4773:7: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (!CreateProcess(NULL, cmdLine, NULL, NULL, TRUE, CREATE_SUSPENDED, data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:261:2: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&sysloggerSection); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:262:2: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&sysloggerSection); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:512:3: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&sysloggerSection); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:1142:3: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&sysloggerSection); data/postgresql-13-13.1/src/backend/storage/file/fd.c:2804:24: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. nextTempTableSpace = random() % numSpaces; data/postgresql-13-13.1/src/backend/storage/ipc/dsm.c:174:24: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. dsm_control_handle = random(); data/postgresql-13-13.1/src/backend/storage/ipc/dsm.c:451:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. seg->handle = random(); data/postgresql-13-13.1/src/backend/storage/lmgr/s_lock.c:147:20: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. ((double) random() / (double) MAX_RANDOM_VALUE) + 0.5); data/postgresql-13-13.1/src/backend/storage/lmgr/s_lock.c:306:2: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom((unsigned int) time(NULL)); data/postgresql-13-13.1/src/backend/tcop/postgres.c:2362:6: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random() <= log_statement_sample_rate * MAX_RANDOM_VALUE); data/postgresql-13-13.1/src/backend/tcop/postgres.c:3557:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((flag = getopt(argc, argv, "B:bc:C:D:d:EeFf:h:ijk:lN:nOo:Pp:r:S:sTt:v:W:-:")) != -1) data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:986:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. envvar = getenv("PG_GRANDPARENT_PID"); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5399:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env = getenv("PGPORT"); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5403:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env = getenv("PGDATESTYLE"); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5407:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env = getenv("PGCLIENTENCODING"); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5570:34: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. configdir = make_absolute_path(getenv("PGDATA")); data/postgresql-13-13.1/src/backend/utils/misc/sampling.c:139:28: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. sampler_random_init_state(random(), rs->randstate); data/postgresql-13-13.1/src/backend/utils/misc/sampling.c:270:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. sampler_random_init_state(random(), oldrs.randstate); data/postgresql-13-13.1/src/backend/utils/misc/sampling.c:281:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. sampler_random_init_state(random(), oldrs.randstate); data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:1711:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tzname = getenv("TZ"); data/postgresql-13-13.1/src/bin/initdb/initdb.c:901:2: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom((unsigned int) (getpid() ^ time(NULL))); data/postgresql-13-13.1/src/bin/initdb/initdb.c:909:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. handle = random(); data/postgresql-13-13.1/src/bin/initdb/initdb.c:2389:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pgdata_get_env = getenv("PGDATA"); data/postgresql-13-13.1/src/bin/initdb/initdb.c:3028:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "dD:E:kL:nNU:WA:sST:X:g", long_options, &option_index)) != -1) data/postgresql-13-13.1/src/bin/initdb/initdb.c:3297:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv("CLUSTER_START_COMMAND") ? getenv("CLUSTER_START_COMMAND") : start_db_cmd->data); data/postgresql-13-13.1/src/bin/initdb/initdb.c:3297:40: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv("CLUSTER_START_COMMAND") ? getenv("CLUSTER_START_COMMAND") : start_db_cmd->data); data/postgresql-13-13.1/src/bin/pg_archivecleanup/pg_archivecleanup.c:300:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "x:dn")) != -1) data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:2287:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "CD:F:r:RS:T:X:l:nNzZ:d:c:h:p:U:s:wWkvP", data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c:520:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "D:d:E:h:p:U:s:S:nwWvZ:", data/postgresql-13-13.1/src/bin/pg_basebackup/pg_recvlogical.c:729:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "E:f:F:nvd:h:p:U:wWI:o:P:s:S:", data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:481:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "cD:deNPf:v", long_options, &option_index)) != -1) data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:525:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. DataDir = getenv("PGDATA"); data/postgresql-13-13.1/src/bin/pg_controldata/pg_controldata.c:128:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "D:", long_options, NULL)) != -1) data/postgresql-13-13.1/src/bin/pg_controldata/pg_controldata.c:147:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. DataDir = getenv("PGDATA"); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:517:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. comspec = getenv("COMSPEC"); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:1783:19: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. Advapi32Handle = LoadLibrary("ADVAPI32.DLL"); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:1798:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. return CreateProcess(NULL, cmd, NULL, NULL, FALSE, 0, NULL, NULL, &si, processInfo); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:1798:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. return CreateProcess(NULL, cmd, NULL, NULL, FALSE, 0, NULL, NULL, &si, processInfo); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:1855:6: [3] (shell) CreateProcessAsUser: This causes a new process to execute and is difficult to use safely (CWE-78). Especially watch out for embedded spaces. r = CreateProcessAsUser(restrictedToken, NULL, cmd, NULL, NULL, TRUE, CREATE_SUSPENDED, NULL, NULL, &si, processInfo); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:1857:19: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. Kernel32Handle = LoadLibrary("KERNEL32.DLL"); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:2325:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env_wait = getenv("PGCTLTIMEOUT"); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:2340:15: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "cD:e:l:m:N:o:p:P:sS:t:U:wW", data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:2497:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pg_config = getenv("PGDATA"); data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:431:2: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&signal_info_lock); data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:648:3: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&signal_info_lock); data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:719:3: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&signal_info_lock); data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:753:2: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&signal_info_lock); data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:797:2: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&signal_info_lock); data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:817:2: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&signal_info_lock); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:421:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "abBcCd:E:f:F:h:j:n:N:Op:RsS:t:T:U:vwWxZ:", data/postgresql-13-13.1/src/bin/pg_dump/pg_dumpall.c:213:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "acd:E:f:gh:l:Op:rsS:tU:vwWx", long_options, &optindex)) != -1) data/postgresql-13-13.1/src/bin/pg_dump/pg_restore.c:151:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "acCd:ef:F:h:I:j:lL:n:N:Op:P:RsS:t:T:U:vwWx1", data/postgresql-13-13.1/src/bin/pg_resetwal/pg_resetwal.c:138:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "c:D:e:fl:m:no:O:x:", long_options, NULL)) != -1) data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:154:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "cD:nNPR", long_options, &option_index)) != -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:166:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt_long(argc, argv, "f:s:", data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:214:19: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. full_buf[ops] = random(); data/postgresql-13-13.1/src/bin/pg_test_timing/pg_test_timing.c:65:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt_long(argc, argv, "d:", data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:81:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LC_COLLATE")) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:82:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. lc_collate = pg_strdup(getenv("LC_COLLATE")); data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:83:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LC_CTYPE")) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:84:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. lc_ctype = pg_strdup(getenv("LC_CTYPE")); data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:85:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LC_MONETARY")) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:86:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. lc_monetary = pg_strdup(getenv("LC_MONETARY")); data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:87:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LC_NUMERIC")) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:88:26: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. lc_numeric = pg_strdup(getenv("LC_NUMERIC")); data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:89:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LC_TIME")) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:90:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. lc_time = pg_strdup(getenv("LC_TIME")); data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:91:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LANG")) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:92:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. lang = pg_strdup(getenv("LANG")); data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:93:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LANGUAGE")) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:94:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. language = pg_strdup(getenv("LANGUAGE")); data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:95:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LC_ALL")) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:96:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. lc_all = pg_strdup(getenv("LC_ALL")); data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:97:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LC_MESSAGES")) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:98:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. lc_messages = pg_strdup(getenv("LC_MESSAGES")); data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:74:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. old_cluster.port = getenv("PGPORTOLD") ? atoi(getenv("PGPORTOLD")) : DEF_PGUPORT; data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:74:48: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. old_cluster.port = getenv("PGPORTOLD") ? atoi(getenv("PGPORTOLD")) : DEF_PGUPORT; data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:75:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. new_cluster.port = getenv("PGPORTNEW") ? atoi(getenv("PGPORTNEW")) : DEF_PGUPORT; data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:75:48: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. new_cluster.port = getenv("PGPORTNEW") ? atoi(getenv("PGPORTNEW")) : DEF_PGUPORT; data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:79:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("PGUSER")) data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:83:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. os_info.user = pg_strdup(getenv("PGUSER")); data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:104:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt_long(argc, argv, "d:D:b:B:cj:ko:O:p:P:rs:U:v", data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:238:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("PGOPTIONS")) data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:241:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv("PGOPTIONS")); data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:367:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((envVar = getenv(envVarName)) && strlen(envVar)) data/postgresql-13-13.1/src/bin/pg_upgrade/server.c:374:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *value = getenv(option->envvar); data/postgresql-13-13.1/src/bin/pg_verifybackup/pg_verifybackup.c:222:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "ei:m:nqsw:", long_options, NULL)) != -1) data/postgresql-13-13.1/src/bin/pg_waldump/pg_waldump.c:263:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. datadir = getenv("PGDATA"); data/postgresql-13-13.1/src/bin/pg_waldump/pg_waldump.c:825:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((option = getopt_long(argc, argv, "be:fn:p:qr:s:t:x:z", data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5480:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv("PGHOST")) != NULL && *env != '\0') data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5482:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv("PGPORT")) != NULL && *env != '\0') data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5484:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. else if ((env = getenv("PGUSER")) != NULL && *env != '\0') data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5490:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!set_random_seed(getenv("PGBENCH_RANDOM_SEED"))) data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5496:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "iI:h:nvp:dqb:SNc:j:Crs:t:T:U:lf:D:F:M:P:R:L:", long_options, &optindex)) != -1) data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5855:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv("PGDATABASE")) != NULL && *env != '\0') data/postgresql-13-13.1/src/bin/psql/command.c:3268:41: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. values[paramnum++] = (pset.notty || getenv("PGCLIENTENCODING")) ? NULL : "auto"; data/postgresql-13-13.1/src/bin/psql/command.c:3609:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. editorName = getenv("PSQL_EDITOR"); data/postgresql-13-13.1/src/bin/psql/command.c:3611:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. editorName = getenv("EDITOR"); data/postgresql-13-13.1/src/bin/psql/command.c:3613:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. editorName = getenv("VISUAL"); data/postgresql-13-13.1/src/bin/psql/command.c:3620:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. editor_lineno_arg = getenv("PSQL_EDITOR_LINENUMBER_ARG"); data/postgresql-13-13.1/src/bin/psql/command.c:3685:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *tmpdir = getenv("TMPDIR"); data/postgresql-13-13.1/src/bin/psql/command.c:4690:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. shellName = getenv("SHELL"); data/postgresql-13-13.1/src/bin/psql/command.c:4693:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. shellName = getenv("COMSPEC"); data/postgresql-13-13.1/src/bin/psql/help.c:56:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. user = getenv("PGUSER"); data/postgresql-13-13.1/src/bin/psql/help.c:79:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env = getenv("PGDATABASE"); data/postgresql-13-13.1/src/bin/psql/help.c:129:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env = getenv("PGHOST"); data/postgresql-13-13.1/src/bin/psql/help.c:133:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env = getenv("PGPORT"); data/postgresql-13-13.1/src/bin/psql/help.c:137:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env = getenv("PGUSER"); data/postgresql-13-13.1/src/bin/psql/input.c:370:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. envhist = getenv("PSQL_HISTORY"); data/postgresql-13-13.1/src/bin/psql/prompt.c:117:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ((var = getenv("PGDATABASE")) && strcmp(var, PQdb(pset.db)) == 0)) data/postgresql-13-13.1/src/bin/psql/startup.c:176:31: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pset.popt.topt.env_columns = getenv("COLUMNS") ? atoi(getenv("COLUMNS")) : 0; data/postgresql-13-13.1/src/bin/psql/startup.c:176:56: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pset.popt.topt.env_columns = getenv("COLUMNS") ? atoi(getenv("COLUMNS")) : 0; data/postgresql-13-13.1/src/bin/psql/startup.c:261:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. values[6] = (pset.notty || getenv("PGCLIENTENCODING")) ? NULL : "auto"; data/postgresql-13-13.1/src/bin/psql/startup.c:507:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "aAbc:d:eEf:F:h:HlL:no:p:P:qR:sStT:U:v:VwWxXz?01", data/postgresql-13-13.1/src/bin/psql/startup.c:759:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *envrc = getenv("PSQLRC"); data/postgresql-13-13.1/src/bin/scripts/clusterdb.c:69:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "h:p:U:wWeqd:at:v", long_options, &optindex)) != -1) data/postgresql-13-13.1/src/bin/scripts/clusterdb.c:164:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("PGDATABASE")) data/postgresql-13-13.1/src/bin/scripts/clusterdb.c:165:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dbname = getenv("PGDATABASE"); data/postgresql-13-13.1/src/bin/scripts/clusterdb.c:166:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. else if (getenv("PGUSER")) data/postgresql-13-13.1/src/bin/scripts/clusterdb.c:167:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dbname = getenv("PGUSER"); data/postgresql-13-13.1/src/bin/scripts/createdb.c:75:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "h:p:U:wWeO:D:T:E:l:", long_options, &optindex)) != -1) data/postgresql-13-13.1/src/bin/scripts/createdb.c:172:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("PGDATABASE")) data/postgresql-13-13.1/src/bin/scripts/createdb.c:173:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dbname = getenv("PGDATABASE"); data/postgresql-13-13.1/src/bin/scripts/createdb.c:174:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. else if (getenv("PGUSER")) data/postgresql-13-13.1/src/bin/scripts/createdb.c:175:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dbname = getenv("PGUSER"); data/postgresql-13-13.1/src/bin/scripts/createuser.c:89:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "h:p:U:g:wWedDsSrRiIlLc:PE", data/postgresql-13-13.1/src/bin/scripts/createuser.c:201:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("PGUSER")) data/postgresql-13-13.1/src/bin/scripts/createuser.c:202:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. newuser = getenv("PGUSER"); data/postgresql-13-13.1/src/bin/scripts/dropdb.c:67:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "h:p:U:wWeif", long_options, &optindex)) != -1) data/postgresql-13-13.1/src/bin/scripts/dropuser.c:64:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "h:p:U:wWei", long_options, &optindex)) != -1) data/postgresql-13-13.1/src/bin/scripts/pg_isready.c:72:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "d:h:p:qt:U:", long_options, NULL)) != -1) data/postgresql-13-13.1/src/bin/scripts/reindexdb.c:105:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "h:p:U:wWeqS:d:ast:i:j:v", long_options, &optindex)) != -1) data/postgresql-13-13.1/src/bin/scripts/reindexdb.c:257:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("PGDATABASE")) data/postgresql-13-13.1/src/bin/scripts/reindexdb.c:258:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dbname = getenv("PGDATABASE"); data/postgresql-13-13.1/src/bin/scripts/reindexdb.c:259:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. else if (getenv("PGUSER")) data/postgresql-13-13.1/src/bin/scripts/reindexdb.c:260:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dbname = getenv("PGUSER"); data/postgresql-13-13.1/src/bin/scripts/reindexdb.c:286:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("PGDATABASE")) data/postgresql-13-13.1/src/bin/scripts/reindexdb.c:287:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dbname = getenv("PGDATABASE"); data/postgresql-13-13.1/src/bin/scripts/reindexdb.c:288:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. else if (getenv("PGUSER")) data/postgresql-13-13.1/src/bin/scripts/reindexdb.c:289:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dbname = getenv("PGUSER"); data/postgresql-13-13.1/src/bin/scripts/vacuumdb.c:128:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "h:p:U:wWeqd:zZFat:fvj:P:", long_options, &optindex)) != -1) data/postgresql-13-13.1/src/bin/scripts/vacuumdb.c:325:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("PGDATABASE")) data/postgresql-13-13.1/src/bin/scripts/vacuumdb.c:326:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dbname = getenv("PGDATABASE"); data/postgresql-13-13.1/src/bin/scripts/vacuumdb.c:327:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. else if (getenv("PGUSER")) data/postgresql-13-13.1/src/bin/scripts/vacuumdb.c:328:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dbname = getenv("PGUSER"); data/postgresql-13-13.1/src/common/exec.c:171:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((path = getenv("PATH")) && *path) data/postgresql-13-13.1/src/common/exec.c:466:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("PGLOCALEDIR") == NULL) data/postgresql-13-13.1/src/common/exec.c:477:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("PGSYSCONFDIR") == NULL) data/postgresql-13-13.1/src/common/logging.c:78:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *pg_color_env = getenv("PG_COLOR"); data/postgresql-13-13.1/src/common/logging.c:107:31: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *pg_colors_env = getenv("PG_COLORS"); data/postgresql-13-13.1/src/common/restricted_token.c:61:19: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. Advapi32Handle = LoadLibrary("ADVAPI32.DLL"); data/postgresql-13-13.1/src/common/restricted_token.c:127:7: [3] (shell) CreateProcessAsUser: This causes a new process to execute and is difficult to use safely (CWE-78). Especially watch out for embedded spaces. if (!CreateProcessAsUser(restrictedToken, data/postgresql-13-13.1/src/common/restricted_token.c:164:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((restrict_env = getenv("PG_RESTRICT_EXEC")) == NULL data/postgresql-13-13.1/src/fe_utils/cancel.c:75:2: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&cancelConnLock); data/postgresql-13-13.1/src/fe_utils/cancel.c:105:2: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&cancelConnLock); data/postgresql-13-13.1/src/fe_utils/cancel.c:201:3: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&cancelConnLock); data/postgresql-13-13.1/src/fe_utils/cancel.c:229:2: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&cancelConnLock); data/postgresql-13-13.1/src/fe_utils/print.c:3013:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pagerprog = getenv("PSQL_PAGER"); data/postgresql-13-13.1/src/fe_utils/print.c:3015:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pagerprog = getenv("PAGER"); data/postgresql-13-13.1/src/include/getopt_long.h:31:12: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt_long(int argc, char *const argv[], data/postgresql-13-13.1/src/include/pg_getopt.h:53:12: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. extern int getopt(int nargc, char *const *nargv, const char *ostr); data/postgresql-13-13.1/src/include/port.h:429:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. extern long random(void); data/postgresql-13-13.1/src/include/port.h:437:13: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. extern void srandom(unsigned int seed); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c:312:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. envname = getenv("PG_DBPATH"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/misc.c:508:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ldir = getenv("PGLOCALEDIR"); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:159:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "vcio:I:tD:dC:r:h", ecpg_options, NULL)) != -1) data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5041:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. service = getenv("PGSERVICE"); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5051:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((env = getenv("PGSERVICEFILE")) != NULL) data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5075:5: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv("PGSYSCONFDIR") ? getenv("PGSYSCONFDIR") : SYSCONFDIR); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5075:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv("PGSYSCONFDIR") ? getenv("PGSYSCONFDIR") : SYSCONFDIR); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5758:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((tmp = getenv(option->envvar)) != NULL) data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5780:32: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *requiresslenv = getenv("PGREQUIRESSL"); data/postgresql-13-13.1/src/interfaces/libpq/fe-misc.c:1258:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. str = getenv("PGCLIENTENCODING"); data/postgresql-13-13.1/src/interfaces/libpq/fe-misc.c:1288:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ldir = getenv("PGLOCALEDIR"); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:175:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pagerenv = getenv("PAGER"); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:145:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((val = getenv(conn->next_eo->envName))) data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:361:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. val = getenv("PGCLIENTENCODING"); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:2197:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((val = getenv(next_eo->envName)) != NULL) data/postgresql-13-13.1/src/interfaces/libpq/pthread-win32.c:40:2: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(*mp); data/postgresql-13-13.1/src/interfaces/libpq/pthread-win32.c:49:2: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(*mp); data/postgresql-13-13.1/src/interfaces/libpq/win32.c:294:30: [3] (misc) LoadLibraryEx: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. dlls[i].handle = (void *) LoadLibraryEx(dlls[i].dll_name, data/postgresql-13-13.1/src/port/dlopen.c:133:6: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. h = LoadLibrary(file); data/postgresql-13-13.1/src/port/getopt.c:71:1: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. getopt(int nargc, char *const *nargv, const char *ostr) data/postgresql-13-13.1/src/port/getopt_long.c:57:1: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. getopt_long(int argc, char *const argv[], data/postgresql-13-13.1/src/port/path.c:829:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tmppath = getenv("APPDATA"); data/postgresql-13-13.1/src/port/pg_strong_random.c:176:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #error no source of random numbers configured data/postgresql-13-13.1/src/port/random.c:22:1: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random(void) data/postgresql-13-13.1/src/port/sprompt.c:91:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. || (getenv("OSTYPE") && strcmp(getenv("OSTYPE"), "msys") == 0) data/postgresql-13-13.1/src/port/sprompt.c:91:34: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. || (getenv("OSTYPE") && strcmp(getenv("OSTYPE"), "msys") == 0) data/postgresql-13-13.1/src/port/srandom.c:22:1: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(unsigned int seed) data/postgresql-13-13.1/src/port/strerror.c:293:15: [3] (misc) LoadLibraryEx: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. handleDLL = LoadLibraryEx("netmsg.dll", NULL, data/postgresql-13-13.1/src/port/unsetenv.c:24:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv(name) == NULL) data/postgresql-13-13.1/src/test/isolation/isolationtester.c:80:16: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((opt = getopt(argc, argv, "V")) != -1) data/postgresql-13-13.1/src/test/isolation/isolationtester.c:115:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env_wait = getenv("PGISOLATIONTIMEOUT"); data/postgresql-13-13.1/src/test/modules/test_bloomfilter/test_bloomfilter.c:88:26: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. seed = callerseed < 0 ? random() % PG_INT32_MAX : callerseed; data/postgresql-13-13.1/src/test/modules/test_rbtree/test_rbtree.c:111:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int j = random() % (i + 1); data/postgresql-13-13.1/src/test/modules/test_rbtree/test_rbtree.c:323:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int k = random() % size; data/postgresql-13-13.1/src/test/regress/pg_regress.c:334:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv("TMPDIR") ? getenv("TMPDIR") : "/tmp"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:334:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv("TMPDIR") ? getenv("TMPDIR") : "/tmp"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:790:31: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *old_pgoptions = getenv("PGOPTIONS"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:821:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. sockdir = getenv("PG_REGRESS_SOCK_DIR"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:874:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pghost = getenv("PGHOST"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:875:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pgport = getenv("PGPORT"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1199:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. comspec = getenv("COMSPEC"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:2134:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. use_unix_sockets = getenv("PG_TEST_USE_UNIX_SOCKETS") ? true : false; data/postgresql-13-13.1/src/test/regress/pg_regress.c:2148:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("PG_REGRESS_DIFF_OPTS")) data/postgresql-13-13.1/src/test/regress/pg_regress.c:2149:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pretty_diff_opts = getenv("PG_REGRESS_DIFF_OPTS"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:2151:14: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "hV", long_options, &option_index)) != -1) data/postgresql-13-13.1/src/test/regress/pg_regress.c:2451:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env_wait = getenv("PGCTLTIMEOUT"); data/postgresql-13-13.1/src/timezone/zic.c:681:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "b:d:l:L:p:Pr:st:vy:")) != EOF && c != -1) data/postgresql-13-13.1/src/tools/testint128.c:73:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. x = (uint64) (random() & 0xFFFF) << 48; data/postgresql-13-13.1/src/tools/testint128.c:74:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. x |= (uint64) (random() & 0xFFFF) << 32; data/postgresql-13-13.1/src/tools/testint128.c:75:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. x |= (uint64) (random() & 0xFFFF) << 16; data/postgresql-13-13.1/src/tools/testint128.c:76:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. x |= (uint64) (random() & 0xFFFF); data/postgresql-13-13.1/contrib/adminpack/adminpack.c:548:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[2]; data/postgresql-13-13.1/contrib/adminpack/adminpack.c:550:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestampbuf[32]; data/postgresql-13-13.1/contrib/adminpack/adminpack.c:551:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXDATEFIELDS]; data/postgresql-13-13.1/contrib/adminpack/adminpack.c:552:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lowstr[MAXDATELEN + 1]; data/postgresql-13-13.1/contrib/amcheck/verify_nbtree.c:859:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->lowkey, itup, IndexTupleSize(itup)); data/postgresql-13-13.1/contrib/amcheck/verify_nbtree.c:2841:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page, BufferGetPage(buffer), BLCKSZ); data/postgresql-13-13.1/contrib/bloom/blinsert.c:55:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page, buildstate->data.data, BLCKSZ); data/postgresql-13-13.1/contrib/bloom/blutils.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/postgresql-13-13.1/contrib/bloom/blutils.c:333:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((Pointer) itup, (Pointer) tuple, state->sizeOfBloomTuple); data/postgresql-13-13.1/contrib/bloom/blvacuum.c:153:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(metaData->notFullPage, notFullPage, sizeof(BlockNumber) * countPage); data/postgresql-13-13.1/contrib/btree_gist/btree_bit.c:85:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *) out)[sz++] = 0; data/postgresql-13-13.1/contrib/btree_gist/btree_bit.c:87:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) VARDATA(out), (void *) VARBITS(leaf), VARBITBYTES(leaf)); data/postgresql-13-13.1/contrib/btree_gist/btree_interval.c:160:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) r, (void *) key, INTERVALSIZE); data/postgresql-13-13.1/contrib/btree_gist/btree_interval.c:161:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) (r + INTERVALSIZE), (void *) key, INTERVALSIZE); data/postgresql-13-13.1/contrib/btree_gist/btree_interval.c:167:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, &key->lower, INTERVALSIZE); data/postgresql-13-13.1/contrib/btree_gist/btree_interval.c:168:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r + INTERVALSIZE, &key->upper, INTERVALSIZE); data/postgresql-13-13.1/contrib/btree_gist/btree_interval.c:199:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&r->lower, key, INTERVALSIZE); data/postgresql-13-13.1/contrib/btree_gist/btree_interval.c:200:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&r->upper, key + INTERVALSIZE, INTERVALSIZE); data/postgresql-13-13.1/contrib/btree_gist/btree_macaddr.c:15:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[4]; /* make struct size = sizeof(gbtreekey16) */ data/postgresql-13-13.1/contrib/btree_gist/btree_utils_num.c:85:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) &r[0], leaf, tinfo->size); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_num.c:86:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) &r[tinfo->size], leaf, tinfo->size); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_num.c:179:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) out, (void *) cur, 2 * tinfo->size); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_num.c:188:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(unconstify(GBT_NUMKEY *, o.lower), c.lower, tinfo->size); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_num.c:191:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(unconstify(GBT_NUMKEY *, o.upper), c.upper, tinfo->size); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_num.c:230:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(((GBT_NUMKEY *) DatumGetPointer(*u))[0]), rd.lower, tinfo->size); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_num.c:231:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(((GBT_NUMKEY *) DatumGetPointer(*u))[tinfo->size]), rd.upper, tinfo->size); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_num.c:240:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(unconstify(GBT_NUMKEY *, ur.lower), rd.lower, tinfo->size); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_num.c:242:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(unconstify(GBT_NUMKEY *, ur.upper), rd.upper, tinfo->size); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_var.c:61:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. r.lower = (bytea *) &(((char *) k)[VARHDRSZ]); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_var.c:63:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. r.upper = (bytea *) &(((char *) k)[VARHDRSZ + INTALIGN(VARSIZE(r.lower))]); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_var.c:80:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(r), u, lowersize); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_var.c:97:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(r), u->lower, lowersize); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_var.c:98:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(r) + INTALIGN(lowersize), u->upper, uppersize); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_var.c:220:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(out), r.lower, len1 + VARHDRSZ); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_var.c:224:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out2, r.upper, len2 + VARHDRSZ); data/postgresql-13-13.1/contrib/btree_gist/btree_utils_var.c:423:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[4]; data/postgresql-13-13.1/contrib/btree_gist/btree_uuid.c:113:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) r, (void *) key, UUID_LEN); data/postgresql-13-13.1/contrib/btree_gist/btree_uuid.c:114:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) (r + UUID_LEN), (void *) key, UUID_LEN); data/postgresql-13-13.1/contrib/btree_gist/btree_uuid.c:176:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uu, u->data, UUID_LEN); data/postgresql-13-13.1/contrib/cube/cubeparse.c:847:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/postgresql-13-13.1/contrib/cube/cubeparse.c:1037:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/postgresql-13-13.1/contrib/cube/cubescan.c:2098:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scanbuf, str, slen); data/postgresql-13-13.1/contrib/dblink/dblink.c:140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NAMEDATALEN]; data/postgresql-13-13.1/contrib/dblink/dblink.c:1080:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[1]; data/postgresql-13-13.1/contrib/dblink/dblink.c:1389:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[256]; data/postgresql-13-13.1/contrib/dblink/dblink.c:2751:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dblink_context_msg[512]; data/postgresql-13-13.1/contrib/dict_int/dict_int.c:49:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d->maxlen = atoi(defGetString(defel)); data/postgresql-13-13.1/contrib/fuzzystrmatch/dmetaphone.c:134:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *aptr, data/postgresql-13-13.1/contrib/fuzzystrmatch/dmetaphone.c:163:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *aptr, data/postgresql-13-13.1/contrib/fuzzystrmatch/dmetaphone.c:252:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s->str, init_str, s->length + 1); data/postgresql-13-13.1/contrib/fuzzystrmatch/dmetaphone.c:1429:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *codes[2]; data/postgresql-13-13.1/contrib/fuzzystrmatch/fuzzystrmatch.c:114:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char _codes[26] = { data/postgresql-13-13.1/contrib/fuzzystrmatch/fuzzystrmatch.c:712:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outstr[SOUNDEX_LEN + 1]; data/postgresql-13-13.1/contrib/fuzzystrmatch/fuzzystrmatch.c:776:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sndx1[SOUNDEX_LEN + 1], data/postgresql-13-13.1/contrib/hstore/hstore.h:101:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((dptr_), (sptr_), (klen_)+(vlen_)); \ data/postgresql-13-13.1/contrib/hstore/hstore.h:114:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((dptr_), (pair_).key, (pair_).keylen); \ data/postgresql-13-13.1/contrib/hstore/hstore.h:122:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((dptr_), (pair_).val, (pair_).vallen); \ data/postgresql-13-13.1/contrib/hstore/hstore_gin.c:38:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(item) + 1, str, len); data/postgresql-13-13.1/contrib/hstore/hstore_gist.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/contrib/hstore/hstore_gist.c:123:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(GETSIGN(res), sign, siglen); data/postgresql-13-13.1/contrib/hstore/hstore_io.c:348:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, ptr, sizeof(Pairs)); data/postgresql-13-13.1/contrib/hstore/hstore_io.c:1114:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value, HSTORE_VAL(entries, ptr, idx), vallen); data/postgresql-13-13.1/contrib/hstore/hstore_op.c:322:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, hs, VARSIZE(hs)); data/postgresql-13-13.1/contrib/hstore/hstore_op.c:404:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, hs, VARSIZE(hs)); data/postgresql-13-13.1/contrib/hstore/hstore_op.c:497:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, s2, VARSIZE(s2)); data/postgresql-13-13.1/contrib/hstore/hstore_op.c:506:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, s1, VARSIZE(s1)); data/postgresql-13-13.1/contrib/hstore/hstore_op.c:864:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(st, hs, VARSIZE(hs)); data/postgresql-13-13.1/contrib/intarray/_int.h:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/contrib/intarray/_int_bool.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nnn[16]; data/postgresql-13-13.1/contrib/intarray/_int_bool.c:572:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(in->cur, "%d", in->curpol->val); data/postgresql-13-13.1/contrib/intarray/_int_bool.c:589:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(in->cur, "( "); data/postgresql-13-13.1/contrib/intarray/_int_bool.c:596:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(in->cur, " )"); data/postgresql-13-13.1/contrib/intarray/_int_bool.c:609:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(in->cur, "( "); data/postgresql-13-13.1/contrib/intarray/_int_bool.c:633:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(in->cur, " )"); data/postgresql-13-13.1/contrib/intarray/_int_gist.c:142:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, ARRPTR(ent), nel * sizeof(int32)); data/postgresql-13-13.1/contrib/intarray/_int_op.c:317:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARRPTR(result), ARRPTR(a) + start, (end - start) * sizeof(int32)); data/postgresql-13-13.1/contrib/intarray/_int_tool.c:286:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARRPTR(r), ARRPTR(a), n * sizeof(int32)); data/postgresql-13-13.1/contrib/intarray/_int_tool.c:362:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, ARRPTR(a), c * sizeof(int32)); data/postgresql-13-13.1/contrib/intarray/_int_tool.c:378:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARRPTR(result), ARRPTR(a), ac * sizeof(int32)); data/postgresql-13-13.1/contrib/intarray/_int_tool.c:380:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARRPTR(result) + ac, ARRPTR(b), bc * sizeof(int32)); data/postgresql-13-13.1/contrib/intarray/_intbig_gist.c:59:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(GETSIGN(res), sign, siglen); data/postgresql-13-13.1/contrib/isn/isn.c:65:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. check_table(const char *(*TABLE)[2], const unsigned TABLE_index[10][2]) data/postgresql-13-13.1/contrib/isn/isn.c:168:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. hyphenate(char *bufO, char *bufI, const char *(*TABLE)[2], const unsigned TABLE_index[10][2]) data/postgresql-13-13.1/contrib/isn/isn.c:168:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. hyphenate(char *bufO, char *bufI, const char *(*TABLE)[2], const unsigned TABLE_index[10][2]) data/postgresql-13-13.1/contrib/isn/isn.c:168:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. hyphenate(char *bufO, char *bufI, const char *(*TABLE)[2], const unsigned TABLE_index[10][2]) data/postgresql-13-13.1/contrib/isn/isn.c:345:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXEAN13LEN + 1]; data/postgresql-13-13.1/contrib/isn/isn.c:423:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eanbuf[64]; data/postgresql-13-13.1/contrib/isn/isn.c:535:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *(*TABLE)[2]; data/postgresql-13-13.1/contrib/isn/isn.c:660:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eanbuf[64]; data/postgresql-13-13.1/contrib/isn/isn.c:690:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[17] = " "; data/postgresql-13-13.1/contrib/isn/isn.c:837:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, "9790", 4); /* this isn't for sure yet, for now ISMN data/postgresql-13-13.1/contrib/isn/isn.c:842:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, "978", 3); data/postgresql-13-13.1/contrib/isn/isn.c:846:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 10, "00", 2); /* append 00 as the normal issue data/postgresql-13-13.1/contrib/isn/isn.c:848:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, "977", 3); data/postgresql-13-13.1/contrib/isn/isn.c:955:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXEAN13LEN + 1]; data/postgresql-13-13.1/contrib/isn/isn.c:971:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXEAN13LEN + 1]; data/postgresql-13-13.1/contrib/jsonb_plperl/jsonb_plperl.c:271:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. : memcpy(palloc(sizeof(JsonbValue)), &out, sizeof(JsonbValue)); data/postgresql-13-13.1/contrib/ltree/_ltree_op.c:215:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item, found, VARSIZE(found)); data/postgresql-13-13.1/contrib/ltree/_ltree_op.c:238:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item, found, VARSIZE(found)); data/postgresql-13-13.1/contrib/ltree/_ltree_op.c:261:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item, found, VARSIZE(found)); data/postgresql-13-13.1/contrib/ltree/_ltree_op.c:284:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item, found, VARSIZE(found)); data/postgresql-13-13.1/contrib/ltree/ltree.h:23:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/contrib/ltree/ltree.h:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/contrib/ltree/ltree.h:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/contrib/ltree/ltree.h:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char variants[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/contrib/ltree/ltree.h:107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/contrib/ltree/ltree.h:143:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/contrib/ltree/ltree.h:254:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/contrib/ltree/ltree_gist.c:55:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(LTG_SIGN(result), sign, siglen); data/postgresql-13-13.1/contrib/ltree/ltree_gist.c:61:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(LTG_LNODE(result, siglen), left, VARSIZE(left)); data/postgresql-13-13.1/contrib/ltree/ltree_gist.c:66:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(LTG_RNODE(result, siglen), right, VARSIZE(right)); data/postgresql-13-13.1/contrib/ltree/ltree_gist.c:73:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(LTG_NODE(result), left, VARSIZE(left)); data/postgresql-13-13.1/contrib/ltree/ltree_gist.c:225:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) base)[i] |= sc[i]; data/postgresql-13-13.1/contrib/ltree/ltree_gist.c:242:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (((unsigned char *) base)[i] != 0xff) data/postgresql-13-13.1/contrib/ltree/ltree_gist.c:352:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) ls)[i] |= sc[i]; data/postgresql-13-13.1/contrib/ltree/ltree_gist.c:373:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) rs)[i] |= sc[i]; data/postgresql-13-13.1/contrib/ltree/ltree_gist.c:384:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (((unsigned char *) ls)[i] != 0xff) data/postgresql-13-13.1/contrib/ltree/ltree_gist.c:397:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (((unsigned char *) rs)[i] != 0xff) data/postgresql-13-13.1/contrib/ltree/ltree_gist.c:446:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, VARSIZE(src)); data/postgresql-13-13.1/contrib/ltree/ltree_io.c:126:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(curlevel->name, lptr->start, lptr->len); data/postgresql-13-13.1/contrib/ltree/ltree_io.c:158:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, curlevel->name, curlevel->len); data/postgresql-13-13.1/contrib/ltree/ltree_io.c:407:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int low = atoi(ptr); data/postgresql-13-13.1/contrib/ltree/ltree_io.c:425:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int high = atoi(ptr); data/postgresql-13-13.1/contrib/ltree/ltree_io.c:525:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cur, curqlevel, LQL_HDRSIZE); data/postgresql-13-13.1/contrib/ltree/ltree_io.c:537:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lrptr->name, lptr->start, lptr->len); data/postgresql-13-13.1/contrib/ltree/ltree_io.c:662:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, curtlevel->name, curtlevel->len); data/postgresql-13-13.1/contrib/ltree/ltree_io.c:692:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptr, "{%d}", curqlevel->low); data/postgresql-13-13.1/contrib/ltree/ltree_io.c:704:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptr, "{,}"); data/postgresql-13-13.1/contrib/ltree/ltree_io.c:707:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptr, "{,%d}", curqlevel->high); data/postgresql-13-13.1/contrib/ltree/ltree_io.c:711:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptr, "{%d,}", curqlevel->low); data/postgresql-13-13.1/contrib/ltree/ltree_io.c:714:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptr, "{%d,%d}", curqlevel->low, curqlevel->high); data/postgresql-13-13.1/contrib/ltree/ltree_op.c:225:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(LTREE_FIRST(res), start, end - start); data/postgresql-13-13.1/contrib/ltree/ltree_op.c:289:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(LTREE_FIRST(r), LTREE_FIRST(a), VARSIZE(a) - LTREE_HDRSIZE); data/postgresql-13-13.1/contrib/ltree/ltree_op.c:290:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char *) LTREE_FIRST(r)) + VARSIZE(a) - LTREE_HDRSIZE, data/postgresql-13-13.1/contrib/ltree/ltree_op.c:492:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l2, l1, MAXALIGN(l1->len + LEVEL_HDRSIZE)); data/postgresql-13-13.1/contrib/ltree/ltree_op.c:557:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, curlevel->name, curlevel->len); data/postgresql-13-13.1/contrib/ltree/ltxtquery_io.c:188:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) state->curop, (void *) strval, lenval); data/postgresql-13-13.1/contrib/ltree/ltxtquery_io.c:319:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pbuf[16384], data/postgresql-13-13.1/contrib/ltree/ltxtquery_io.c:369:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) GETOPERAND(query), (void *) state.op, state.sumlen); data/postgresql-13-13.1/contrib/ltree/ltxtquery_io.c:490:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(in->cur, "( "); data/postgresql-13-13.1/contrib/ltree/ltxtquery_io.c:497:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(in->cur, " )"); data/postgresql-13-13.1/contrib/ltree/ltxtquery_io.c:510:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(in->cur, "( "); data/postgresql-13-13.1/contrib/ltree/ltxtquery_io.c:535:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(in->cur, " )"); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:297:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password[100]; data/postgresql-13-13.1/contrib/oid2name/oid2name.c:309:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *keywords[PARAMS_ARRAY_SIZE]; data/postgresql-13-13.1/contrib/oid2name/oid2name.c:310:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *values[PARAMS_ARRAY_SIZE]; data/postgresql-13-13.1/contrib/oid2name/oid2name.c:458:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char todo[1024]; data/postgresql-13-13.1/contrib/oid2name/oid2name.c:475:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char todo[1024]; data/postgresql-13-13.1/contrib/oid2name/oid2name.c:534:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, " OR "); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:541:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, " OR "); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:576:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char todo[1024]; data/postgresql-13-13.1/contrib/pageinspect/btreefuncs.c:175:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[11]; data/postgresql-13-13.1/contrib/pageinspect/btreefuncs.c:337:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(dump, "%02x", *(ptr + off) & 0xff); data/postgresql-13-13.1/contrib/pageinspect/btreefuncs.c:468:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uargs->page, BufferGetPage(buffer), BLCKSZ); data/postgresql-13-13.1/contrib/pageinspect/btreefuncs.c:614:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[9]; data/postgresql-13-13.1/contrib/pageinspect/heapfuncs.c:233:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(tuple_data_bytea), (char *) tuphdr + tuphdr->t_hoff, data/postgresql-13-13.1/contrib/pageinspect/heapfuncs.c:389:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(attr_data), tupdata + off, len); data/postgresql-13-13.1/contrib/pageinspect/rawpage.c:163:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(raw_page_data, BufferGetPage(buf), BLCKSZ); data/postgresql-13-13.1/contrib/pageinspect/rawpage.c:203:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page, VARDATA_ANY(raw_page), raw_page_size); data/postgresql-13-13.1/contrib/pageinspect/rawpage.c:262:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lsnchar[64]; data/postgresql-13-13.1/contrib/pg_prewarm/autoprewarm.c:567:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char transient_dump_file_path[MAXPGPATH]; data/postgresql-13-13.1/contrib/pg_prewarm/autoprewarm.c:802:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(worker.bgw_library_name, "pg_prewarm"); data/postgresql-13-13.1/contrib/pg_prewarm/autoprewarm.c:803:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(worker.bgw_function_name, "autoprewarm_main"); data/postgresql-13-13.1/contrib/pg_prewarm/autoprewarm.c:804:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(worker.bgw_name, "autoprewarm master"); data/postgresql-13-13.1/contrib/pg_prewarm/autoprewarm.c:805:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(worker.bgw_type, "autoprewarm master"); data/postgresql-13-13.1/contrib/pg_prewarm/autoprewarm.c:844:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(worker.bgw_library_name, "pg_prewarm"); data/postgresql-13-13.1/contrib/pg_prewarm/autoprewarm.c:845:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(worker.bgw_function_name, "autoprewarm_database_main"); data/postgresql-13-13.1/contrib/pg_prewarm/autoprewarm.c:846:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(worker.bgw_name, "autoprewarm worker"); data/postgresql-13-13.1/contrib/pg_prewarm/autoprewarm.c:847:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(worker.bgw_type, "autoprewarm worker"); data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:60:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char WALFilePath[MAXPGPATH * 2]; /* the file path including archive */ data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:61:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char restoreCommand[MAXPGPATH]; /* run this to restore */ data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:62:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exclusiveCleanupFileName[MAXFNAMELEN]; /* the file we need to get data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:404:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(WALFilePath, O_RDWR, 0)) < 0) data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:464:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:493:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(triggerPath, O_RDWR, 0)) < 0) data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:687:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). keepfiles = atoi(optarg); data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:706:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxretries = atoi(optarg); data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:714:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sleeptime = atoi(optarg); data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:725:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). maxwaittime = atoi(optarg); data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c:1823:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c:2562:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jumble, &start_hash, sizeof(start_hash)); data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c:2566:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jumble + jumble_len, item, part_size); data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c:3279:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(norm_query + n_quer_loc, query + quer_loc, len_to_wrt); data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c:3283:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n_quer_loc += sprintf(norm_query + n_quer_loc, "$%d", data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c:3298:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(norm_query + n_quer_loc, query + quer_loc, len_to_wrt); data/postgresql-13-13.1/contrib/pg_trgm/trgm.h:41:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char trgm[3]; data/postgresql-13-13.1/contrib/pg_trgm/trgm.h:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/contrib/pg_trgm/trgm_gist.c:82:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(GETSIGN(res), sign, siglen); data/postgresql-13-13.1/contrib/pg_trgm/trgm_gist.c:279:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) newcache->query, (char *) query, querysize); data/postgresql-13-13.1/contrib/pg_trgm/trgm_gist.c:284:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) newcache->trigrams, (char *) qtrg, qtrgsize); data/postgresql-13-13.1/contrib/pg_trgm/trgm_gist.c:473:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newcache, query, querysize); data/postgresql-13-13.1/contrib/pg_trgm/trgm_gist.c:474:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newcache + MAXALIGN(querysize), qtrg, VARSIZE(qtrg)); data/postgresql-13-13.1/contrib/pg_trgm/trgm_gist.c:713:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cachedVal, newval, newvalsize); data/postgresql-13-13.1/contrib/pg_trgm/trgm_gist.c:749:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) item->sign, (void *) GETSIGN(key), siglen); data/postgresql-13-13.1/contrib/pg_trgm/trgm_op.c:309:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + LPADDING, bword, bytelen); data/postgresql-13-13.1/contrib/pg_trgm/trgm_op.c:407:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&result[i].trg, &trg1[i], sizeof(trgm)); data/postgresql-13-13.1/contrib/pg_trgm/trgm_op.c:413:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&result[i + len1].trg, &trg2[i], sizeof(trgm)); data/postgresql-13-13.1/contrib/pg_trgm/trgm_op.c:798:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, endword, clen); data/postgresql-13-13.1/contrib/pg_trgm/trgm_op.c:826:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, endword, clen); data/postgresql-13-13.1/contrib/pg_trgm/trgm_regexp.c:242:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytes[MAX_MULTIBYTE_CHAR_LEN]; data/postgresql-13-13.1/contrib/pg_trgm/trgm_regexp.c:736:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errMsg[100]; data/postgresql-13-13.1/contrib/pg_trgm/trgm_regexp.c:839:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[MAX_MULTIBYTE_CHAR_LEN + 1]; data/postgresql-13-13.1/contrib/pg_trgm/trgm_regexp.c:880:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->bytes, s, MAX_MULTIBYTE_CHAR_LEN); data/postgresql-13-13.1/contrib/pg_trgm/trgm_regexp.c:1172:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keyCopy, key, sizeof(TrgmStateKey)); data/postgresql-13-13.1/contrib/pg_trgm/trgm_regexp.c:1831:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[3 * MAX_MULTIBYTE_CHAR_LEN], data/postgresql-13-13.1/contrib/pg_trgm/trgm_regexp.c:2158:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[MAX_MULTIBYTE_CHAR_LEN + 1]; data/postgresql-13-13.1/contrib/pg_trgm/trgm_regexp.c:2160:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, color->wordChars[j].bytes, MAX_MULTIBYTE_CHAR_LEN); data/postgresql-13-13.1/contrib/pg_trgm/trgm_regexp.c:2176:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen("/tmp/source.gv", "w"); data/postgresql-13-13.1/contrib/pg_trgm/trgm_regexp.c:2238:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen("/tmp/transformed.gv", "w"); data/postgresql-13-13.1/contrib/pg_trgm/trgm_regexp.c:2329:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen("/tmp/packed.gv", "w"); data/postgresql-13-13.1/contrib/pgcrypto/crypt-blowfish.c:350:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char BF_itoa64[64 + 1] = data/postgresql-13-13.1/contrib/pgcrypto/crypt-blowfish.c:353:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char BF_atoi64[0x60] = { data/postgresql-13-13.1/contrib/pgcrypto/crypt-blowfish.c:740:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output, setting, 7 + 22 - 1); data/postgresql-13-13.1/contrib/pgcrypto/crypt-des.c:645:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, buffer, sizeof(buffer)); data/postgresql-13-13.1/contrib/pgcrypto/crypt-des.c:662:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char output[21]; data/postgresql-13-13.1/contrib/pgcrypto/crypt-gensalt.c:21:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char _crypt_itoa64[64 + 1] = data/postgresql-13-13.1/contrib/pgcrypto/crypt-gensalt.c:120:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char BF_itoa64[64 + 1] = data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:42:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char final[MD5_SIZE]; data/postgresql-13-13.1/contrib/pgcrypto/imath.c:147:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q__, p__, i__); data/postgresql-13-13.1/contrib/pgcrypto/imath.c:2236:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, old, osize * sizeof(mp_digit)); data/postgresql-13-13.1/contrib/pgcrypto/internal.c:293:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cx->keybuf, key, klen); data/postgresql-13-13.1/contrib/pgcrypto/internal.c:296:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cx->iv, iv, 128 / 8); data/postgresql-13-13.1/contrib/pgcrypto/internal.c:325:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, data, dlen); data/postgresql-13-13.1/contrib/pgcrypto/internal.c:330:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cx->iv, res + dlen - 16, 16); data/postgresql-13-13.1/contrib/pgcrypto/internal.c:353:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, data, dlen); data/postgresql-13-13.1/contrib/pgcrypto/internal.c:358:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cx->iv, data + dlen - 16, 16); data/postgresql-13-13.1/contrib/pgcrypto/internal.c:441:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, data, dlen); data/postgresql-13-13.1/contrib/pgcrypto/internal.c:466:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, data, dlen); data/postgresql-13-13.1/contrib/pgcrypto/mbuf.c:110:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->data_end, buf, len); data/postgresql-13-13.1/contrib/pgcrypto/mbuf.c:288:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpbuf, *data_p, res); data/postgresql-13-13.1/contrib/pgcrypto/mbuf.c:304:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpbuf + total, tmp, res); data/postgresql-13-13.1/contrib/pgcrypto/mbuf.c:329:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, p, len); data/postgresql-13-13.1/contrib/pgcrypto/mbuf.c:473:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mp->buf + mp->pos, data, len); data/postgresql-13-13.1/contrib/pgcrypto/mbuf.c:477:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mp->buf + mp->pos, data, need); data/postgresql-13-13.1/contrib/pgcrypto/mbuf.c:505:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mp->buf, data, len); data/postgresql-13-13.1/contrib/pgcrypto/openssl.c:479:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(od->key, key, klen); data/postgresql-13-13.1/contrib/pgcrypto/openssl.c:482:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(od->iv, iv, bs); data/postgresql-13-13.1/contrib/pgcrypto/openssl.c:498:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(od->key, key, klen > 8 ? 8 : klen); data/postgresql-13-13.1/contrib/pgcrypto/openssl.c:501:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(od->iv, iv, bs); data/postgresql-13-13.1/contrib/pgcrypto/openssl.c:517:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(od->key, key, klen > 24 ? 24 : klen); data/postgresql-13-13.1/contrib/pgcrypto/openssl.c:520:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(od->iv, iv, bs); data/postgresql-13-13.1/contrib/pgcrypto/openssl.c:535:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(od->key, key, klen); data/postgresql-13-13.1/contrib/pgcrypto/openssl.c:538:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(od->iv, iv, bs); data/postgresql-13-13.1/contrib/pgcrypto/openssl.c:561:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(od->key, key, klen); data/postgresql-13-13.1/contrib/pgcrypto/openssl.c:564:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(od->iv, iv, bs); data/postgresql-13-13.1/contrib/pgcrypto/pgcrypto.c:137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PX_MAX_SALT_LEN + 1]; data/postgresql-13-13.1/contrib/pgcrypto/pgcrypto.c:160:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PX_MAX_SALT_LEN + 1]; data/postgresql-13-13.1/contrib/pgcrypto/pgp-armor.c:440:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, armor_start, armor_len); data/postgresql-13-13.1/contrib/pgcrypto/pgp-cfb.c:77:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->fr, iv, ctx->block_size); data/postgresql-13-13.1/contrib/pgcrypto/pgp-cfb.c:145:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->fr, ctx->encbuf + 2, ctx->block_size - 2); data/postgresql-13-13.1/contrib/pgcrypto/pgp-cfb.c:146:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->fr + ctx->block_size - 2, ctx->encbuf, 2); data/postgresql-13-13.1/contrib/pgcrypto/pgp-cfb.c:179:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->fr, ctx->encbuf + 2, ctx->block_size - 2); data/postgresql-13-13.1/contrib/pgcrypto/pgp-cfb.c:180:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->fr + ctx->block_size - 2, ctx->encbuf, 2); data/postgresql-13-13.1/contrib/pgcrypto/pgp-cfb.c:217:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->fr, ctx->encbuf, ctx->block_size); data/postgresql-13-13.1/contrib/pgcrypto/pgp-cfb.c:239:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->fr, ctx->encbuf, ctx->block_size); data/postgresql-13-13.1/contrib/pgcrypto/pgp-decrypt.c:492:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, len); data/postgresql-13-13.1/contrib/pgcrypto/pgp-decrypt.c:669:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->sess_key, ctx->s2k.key, ctx->s2k.key_len); data/postgresql-13-13.1/contrib/pgcrypto/pgp-encrypt.c:536:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, ctx->s2k.salt, 8); data/postgresql-13-13.1/contrib/pgcrypto/pgp-encrypt.c:590:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->sess_key, ctx->s2k.key, ctx->s2k.key_len); data/postgresql-13-13.1/contrib/pgcrypto/pgp-info.c:58:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keyid_buf, pk->key_id, 8); data/postgresql-13-13.1/contrib/pgcrypto/pgp-info.c:219:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, "ANYKEY", 7); data/postgresql-13-13.1/contrib/pgcrypto/pgp-info.c:227:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, "SYMKEY", 7); data/postgresql-13-13.1/contrib/pgcrypto/pgp-mpi.c:64:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n->data, data, n->bytes); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:188:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). res = pgp_disable_mdc(ctx, atoi(val)); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:190:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). res = pgp_set_sess_key(ctx, atoi(val)); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:192:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). res = pgp_set_s2k_mode(ctx, atoi(val)); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:194:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). res = pgp_set_s2k_count(ctx, atoi(val)); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:200:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). res = pgp_set_compress_algo(ctx, atoi(val)); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:202:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). res = pgp_set_compress_level(ctx, atoi(val)); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:204:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). res = pgp_set_convert_crlf(ctx, atoi(val)); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:206:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). res = pgp_set_unicode_mode(ctx, atoi(val)); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:213:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ex->debug = atoi(val); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:222:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ex->disable_mdc = atoi(val); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:227:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ex->use_sess_key = atoi(val); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:232:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ex->s2k_mode = atoi(val); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:237:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ex->s2k_count = atoi(val); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:252:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ex->compress_algo = atoi(val); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:257:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ex->unicode_mode = atoi(val); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:887:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(res), buf.data, buf.len); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:913:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(res), buf.data, buf.len); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:977:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[2]; data/postgresql-13-13.1/contrib/pgcrypto/pgp-pubdec.c:228:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->sess_key, msg + 1, ctx->sess_key_len); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pubenc.c:76:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + pad_len + 2, data, data_len); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pubenc.c:102:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(secmsg + 1, ctx->sess_key, klen); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pubkey.c:152:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pk->key_id, hash + 12, 8); data/postgresql-13-13.1/contrib/pgcrypto/pgp-s2k.c:67:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, buf, md_rlen); data/postgresql-13-13.1/contrib/pgcrypto/pgp-s2k.c:73:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, buf, remain); data/postgresql-13-13.1/contrib/pgcrypto/pgp-s2k.c:111:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, buf, md_rlen); data/postgresql-13-13.1/contrib/pgcrypto/pgp-s2k.c:117:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, buf, remain); data/postgresql-13-13.1/contrib/pgcrypto/pgp-s2k.c:181:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, buf, md_rlen); data/postgresql-13-13.1/contrib/pgcrypto/pgp-s2k.c:187:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, buf, remain); data/postgresql-13-13.1/contrib/pgcrypto/px-crypt.c:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[16]; data/postgresql-13-13.1/contrib/pgcrypto/px-hmac.c:70:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keybuf, key, klen); data/postgresql-13-13.1/contrib/pgcrypto/px.c:159:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/postgresql-13-13.1/contrib/pgcrypto/px.c:202:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ivbuf, iv, ivs); data/postgresql-13-13.1/contrib/pgcrypto/px.c:204:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ivbuf, iv, ivlen); data/postgresql-13-13.1/contrib/pgcrypto/px.c:211:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keybuf, key, klen); data/postgresql-13-13.1/contrib/pgcrypto/px.c:244:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bbuf, data + *rlen, bpos); data/postgresql-13-13.1/contrib/pgcrypto/rijndael.c:574:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iv, iva, bs); data/postgresql-13-13.1/contrib/pgcrypto/rijndael.c:624:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. show4x256u32(char *name, uint32 data[4][256]) data/postgresql-13-13.1/contrib/pgrowlocks/pgrowlocks.c:204:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NCHARS]; data/postgresql-13-13.1/contrib/pgstattuple/pgstatindex.c:326:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[10]; data/postgresql-13-13.1/contrib/pgstattuple/pgstattuple.c:96:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[NCOLUMNS]; data/postgresql-13-13.1/contrib/pgstattuple/pgstattuple.c:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char values_buf[NCOLUMNS][NCHARS]; data/postgresql-13-13.1/contrib/postgres_fdw/connection.c:505:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[64]; data/postgresql-13-13.1/contrib/postgres_fdw/connection.c:922:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[100]; data/postgresql-13-13.1/contrib/postgres_fdw/connection.c:1085:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[256]; data/postgresql-13-13.1/contrib/postgres_fdw/option.c:285:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(popt, non_libpq_options, sizeof(non_libpq_options)); data/postgresql-13-13.1/contrib/postgres_fdw/postgres_fdw.c:1539:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[64]; data/postgresql-13-13.1/contrib/postgres_fdw/postgres_fdw.c:3408:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[64]; data/postgresql-13-13.1/contrib/postgres_fdw/postgres_fdw.c:3512:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[64]; data/postgresql-13-13.1/contrib/postgres_fdw/postgres_fdw.c:3711:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n_rows = atoi(PQcmdTuples(res)); data/postgresql-13-13.1/contrib/postgres_fdw/postgres_fdw.c:3731:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prep_name[NAMEDATALEN]; data/postgresql-13-13.1/contrib/postgres_fdw/postgres_fdw.c:3882:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[64]; data/postgresql-13-13.1/contrib/postgres_fdw/postgres_fdw.c:4079:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dmstate->num_tuples = atoi(PQcmdTuples(dmstate->result)); data/postgresql-13-13.1/contrib/postgres_fdw/postgres_fdw.c:4543:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fetch_sql[64]; data/postgresql-13-13.1/contrib/seg/seg.c:128:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%c", seg->l_ext); data/postgresql-13-13.1/contrib/seg/seg.c:145:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, ".."); data/postgresql-13-13.1/contrib/seg/seg.c:151:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "%c", seg->u_ext); data/postgresql-13-13.1/contrib/seg/seg.c:369:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seg_l, sort_items[0].data, sizeof(SEG)); data/postgresql-13-13.1/contrib/seg/seg.c:387:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seg_r, sort_items[firstright].data, sizeof(SEG)); data/postgresql-13-13.1/contrib/seg/seg.c:915:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[25] = { data/postgresql-13-13.1/contrib/seg/seg.c:938:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result, "%.*e", n - 1, val); data/postgresql-13-13.1/contrib/seg/seg.c:947:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). exp = atoi(p + 1); data/postgresql-13-13.1/contrib/seg/seg.c:999:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&buf[11 + n], "e%d", exp + n - 1); data/postgresql-13-13.1/contrib/seg/seg.c:1001:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&buf[11], "e%d", exp + n - 1); data/postgresql-13-13.1/contrib/seg/segparse.c:103:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char strbuf[25] = { data/postgresql-13-13.1/contrib/seg/segparse.c:860:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/postgresql-13-13.1/contrib/seg/segparse.c:1050:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/postgresql-13-13.1/contrib/seg/segparse.c:1258:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(strbuf, "%g", result->lower); data/postgresql-13-13.1/contrib/seg/segparse.c:1260:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(strbuf, "%g", result->upper); data/postgresql-13-13.1/contrib/seg/segscan.c:2078:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scanbuf, str, slen); data/postgresql-13-13.1/contrib/spi/refint.c:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ident[2 * NAMEDATALEN]; /* to identify myself */ data/postgresql-13-13.1/contrib/spi/refint.c:169:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/postgresql-13-13.1/contrib/spi/refint.c:260:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ident[2 * NAMEDATALEN]; /* to identify myself */ data/postgresql-13-13.1/contrib/spi/refint.c:419:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[8192]; data/postgresql-13-13.1/contrib/spi/refint.c:499:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(sql, " where "); data/postgresql-13-13.1/contrib/spi/refint.c:523:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(sql, " where "); data/postgresql-13-13.1/contrib/tablefunc/tablefunc.c:130:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crosstab_HashEnt *hentry; char key[MAX_CATNAME_LEN]; \ data/postgresql-13-13.1/contrib/tablefunc/tablefunc.c:144:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. crosstab_HashEnt *hentry; bool found; char key[MAX_CATNAME_LEN]; \ data/postgresql-13-13.1/contrib/tablefunc/tablefunc.c:160:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char internal_catname[MAX_CATNAME_LEN]; data/postgresql-13-13.1/contrib/tablefunc/tablefunc.c:1226:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char current_level[INT32_STRLEN]; data/postgresql-13-13.1/contrib/tablefunc/tablefunc.c:1227:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial_str[INT32_STRLEN]; data/postgresql-13-13.1/contrib/tablefunc/tablefunc.c:1276:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(current_level, "%d", level); data/postgresql-13-13.1/contrib/tablefunc/tablefunc.c:1286:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(serial_str, "%d", (*serial)++); data/postgresql-13-13.1/contrib/tablefunc/tablefunc.c:1344:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(current_level, "%d", level); data/postgresql-13-13.1/contrib/tablefunc/tablefunc.c:1370:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(serial_str, "%d", (*serial)++); data/postgresql-13-13.1/contrib/unaccent/unaccent.c:78:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(curnode->replaceTo, replaceTo, replacelen); data/postgresql-13-13.1/contrib/uuid-ossp/uuid-ossp.c:258:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strbuf[40]; data/postgresql-13-13.1/contrib/uuid-ossp/uuid-ossp.c:338:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sha1result[SHA1_RESULTLEN]; data/postgresql-13-13.1/contrib/uuid-ossp/uuid-ossp.c:474:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strbuf[40]; data/postgresql-13-13.1/contrib/uuid-ossp/uuid-ossp.c:486:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:73:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char password[100]; data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:90:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *keywords[PARAMS_ARRAY_SIZE]; data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:91:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *values[PARAMS_ARRAY_SIZE]; data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:158:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "CREATE TEMP TABLE vacuum_l AS "); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:160:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "SELECT oid AS lo FROM pg_largeobject_metadata"); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:162:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "SELECT DISTINCT loid AS lo FROM pg_largeobject"); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:178:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "ANALYZE vacuum_l"); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:199:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "SELECT s.nspname, c.relname, a.attname "); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:200:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "FROM pg_class c, pg_attribute a, pg_namespace s, pg_type t "); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:201:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "WHERE a.attnum > 0 AND NOT a.attisdropped "); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:202:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, " AND a.attrelid = c.oid "); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:203:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, " AND a.atttypid = t.oid "); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:204:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, " AND c.relnamespace = s.oid "); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:205:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, " AND t.typname in ('oid', 'lo') "); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:206:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, " AND c.relkind in (" CppAsString2(RELKIND_RELATION) ", " CppAsString2(RELKIND_MATVIEW) ")"); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:207:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, " AND s.nspname !~ '^pg_'"); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:293:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, data/postgresql-13-13.1/contrib/xml2/xpath.c:330:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) xpath, "string(", 7); data/postgresql-13-13.1/contrib/xml2/xpath.c:331:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) (xpath + 7), VARDATA_ANY(xpathsupp), pathsize); data/postgresql-13-13.1/src/backend/access/brin/brin_tuple.c:430:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, tuple, len); data/postgresql-13-13.1/src/backend/access/common/detoast.c:77:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, attr, VARSIZE_ANY(attr)); data/postgresql-13-13.1/src/backend/access/common/detoast.c:154:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, attr, VARSIZE_ANY(attr)); data/postgresql-13-13.1/src/backend/access/common/detoast.c:185:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(new_attr), VARDATA_SHORT(attr), data_size); data/postgresql-13-13.1/src/backend/access/common/detoast.c:307:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(result), attrdata + sliceoffset, slicelength); data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:247:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, val, data_length); data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:254:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, val, data_length); data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:262:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + 1, VARDATA(val), data_length - 1); data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:270:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, val, data_length); data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:279:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, DatumGetPointer(datum), data_length); data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:287:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, DatumGetPointer(datum), data_length); data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:692:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) newTuple->t_data, (char *) tuple->t_data, tuple->t_len); data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:718:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) dest->t_data, (char *) src->t_data, src->t_len); data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:892:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nullBits, data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:918:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(targetData, data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:1003:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) td, (char *) tuple->t_data, tuple->t_len); data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:1444:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, mtup, mtup->t_len); data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:1468:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) result->t_data + MINIMAL_TUPLE_OFFSET, mtup, mtup->t_len); data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:1488:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, (char *) htup->t_data + MINIMAL_TUPLE_OFFSET, len); data/postgresql-13-13.1/src/backend/access/common/indextuple.c:517:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, source, size); data/postgresql-13-13.1/src/backend/access/common/printsimple.c:105:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[12]; /* sign, 10 digits and '\0' */ data/postgresql-13-13.1/src/backend/access/common/printsimple.c:115:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[MAXINT8LEN + 1]; data/postgresql-13-13.1/src/backend/access/common/reloptions.c:1564:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value, text_str + option->gen->namelen + 1, value_len); data/postgresql-13-13.1/src/backend/access/common/toast_internals.c:126:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[TOAST_MAX_CHUNK_SIZE + VARHDRSZ]; data/postgresql-13-13.1/src/backend/access/common/toast_internals.c:306:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(&chunk_data), data_p, chunk_size); data/postgresql-13-13.1/src/backend/access/common/toast_internals.c:357:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA_EXTERNAL(result), &toast_pointer, sizeof(toast_pointer)); data/postgresql-13-13.1/src/backend/access/common/tupdesc.c:97:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(TupleDescAttr(desc, i), attrs[i], ATTRIBUTE_FIXED_PART_SIZE); data/postgresql-13-13.1/src/backend/access/common/tupdesc.c:118:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(TupleDescAttr(desc, 0), data/postgresql-13-13.1/src/backend/access/common/tupdesc.c:159:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(TupleDescAttr(desc, 0), data/postgresql-13-13.1/src/backend/access/common/tupdesc.c:174:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cpy->defval, constr->defval, cpy->num_defval * sizeof(AttrDefault)); data/postgresql-13-13.1/src/backend/access/common/tupdesc.c:185:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cpy->missing, constr->missing, tupdesc->natts * sizeof(AttrMissing)); data/postgresql-13-13.1/src/backend/access/common/tupdesc.c:202:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cpy->check, constr->check, cpy->num_check * sizeof(ConstrCheck)); data/postgresql-13-13.1/src/backend/access/common/tupdesc.c:238:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, TupleDescSize(src)); data/postgresql-13-13.1/src/backend/access/common/tupdesc.c:287:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstAtt, srcAtt, ATTRIBUTE_FIXED_PART_SIZE); data/postgresql-13-13.1/src/backend/access/gin/ginbtree.c:572:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page, newrootpg, BLCKSZ); data/postgresql-13-13.1/src/backend/access/gin/ginbtree.c:573:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(BufferGetPage(lbuffer), newlpage, BLCKSZ); data/postgresql-13-13.1/src/backend/access/gin/ginbtree.c:574:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(BufferGetPage(rbuffer), newrpage, BLCKSZ); data/postgresql-13-13.1/src/backend/access/gin/ginbtree.c:579:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page, newlpage, BLCKSZ); data/postgresql-13-13.1/src/backend/access/gin/ginbtree.c:580:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(BufferGetPage(rbuffer), newrpage, BLCKSZ); data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:172:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, tmp, (*nitems) * sizeof(ItemPointerData)); data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:400:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, data, sizeof(PostingItem)); data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:833:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, seginfo->seg, segsize); data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:940:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(walbufend, &seginfo->nmodifieditems, sizeof(uint16)); data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:941:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(walbufend + sizeof(uint16), seginfo->modifieditems, datalen); data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:948:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(walbufend, seginfo->seg, segsize); data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:1011:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, seginfo->seg, segsize); data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:1065:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, seginfo->seg, segsize); data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:1086:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, seginfo->seg, segsize); data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:1273:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(allitems, GinDataPageGetPostingItem(oldpage, FirstOffsetNumber), data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:1277:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&allitems[off], GinDataPageGetPostingItem(oldpage, off), data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:1296:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(GinDataPageGetPostingItem(lpage, FirstOffsetNumber), data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:1300:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(GinDataPageGetPostingItem(rpage, FirstOffsetNumber), data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:1416:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seginfo->items, uncompressed, nuncompressed * sizeof(ItemPointerData)); data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:1751:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, seginfo->seg, segsize); data/postgresql-13-13.1/src/backend/access/gin/gindatapage.c:1807:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, segment, segsize); data/postgresql-13-13.1/src/backend/access/gin/ginentrypage.c:142:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, data, dataSize); data/postgresql-13-13.1/src/backend/access/gin/ginentrypage.c:188:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ipd, ptr, sizeof(ItemPointerData) * nipd); data/postgresql-13-13.1/src/backend/access/gin/ginentrypage.c:213:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nitup, itup, origsize); data/postgresql-13-13.1/src/backend/access/gin/ginentrypage.c:222:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nitup, itup, IndexTupleSize(itup)); data/postgresql-13-13.1/src/backend/access/gin/ginentrypage.c:634:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, insertData->entry, size); data/postgresql-13-13.1/src/backend/access/gin/ginentrypage.c:641:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, itup, size); data/postgresql-13-13.1/src/backend/access/gin/ginentrypage.c:649:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, insertData->entry, size); data/postgresql-13-13.1/src/backend/access/gin/ginfast.c:82:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, tuples[i], this_size); data/postgresql-13-13.1/src/backend/access/gin/ginfast.c:385:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, collector->tuples[i], tupsize); data/postgresql-13-13.1/src/backend/access/gin/ginfast.c:422:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&data.metadata, metadata, sizeof(GinMetaPageData)); data/postgresql-13-13.1/src/backend/access/gin/ginfast.c:638:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&data.metadata, metadata, sizeof(GinMetaPageData)); data/postgresql-13-13.1/src/backend/access/gin/ginpostinglist.c:236:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[MaxBytesPerInteger]; data/postgresql-13-13.1/src/backend/access/gin/ginpostinglist.c:243:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, buf, p - buf); data/postgresql-13-13.1/src/backend/access/gin/ginpostinglist.c:392:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, a, na * sizeof(ItemPointerData)); data/postgresql-13-13.1/src/backend/access/gin/ginpostinglist.c:393:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dst[na], b, nb * sizeof(ItemPointerData)); data/postgresql-13-13.1/src/backend/access/gin/ginpostinglist.c:398:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, b, nb * sizeof(ItemPointerData)); data/postgresql-13-13.1/src/backend/access/gin/ginpostinglist.c:399:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dst[nb], a, na * sizeof(ItemPointerData)); data/postgresql-13-13.1/src/backend/access/gin/ginutil.c:694:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&data.metadata, metadata, sizeof(GinMetaPageData)); data/postgresql-13-13.1/src/backend/access/gin/ginvacuum.c:70:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpitems, items, sizeof(ItemPointerData) * i); data/postgresql-13-13.1/src/backend/access/gin/ginxlog.c:60:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(GinDataLeafPageGetPostingList(page), ptr, data->size); data/postgresql-13-13.1/src/backend/access/gin/ginxlog.c:154:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(GinDataLeafPageGetPostingList(page), plist, totalsize); data/postgresql-13-13.1/src/backend/access/gin/ginxlog.c:197:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nitems, walbuf, sizeof(uint16)); data/postgresql-13-13.1/src/backend/access/gin/ginxlog.c:215:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(writePtr, (Pointer) oldseg, segsize); data/postgresql-13-13.1/src/backend/access/gin/ginxlog.c:268:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tailCopy, segptr, tailSize); data/postgresql-13-13.1/src/backend/access/gin/ginxlog.c:284:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(writePtr, newseg, newsegsize); data/postgresql-13-13.1/src/backend/access/gin/ginxlog.c:291:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(writePtr, newseg, newsegsize); data/postgresql-13-13.1/src/backend/access/gin/ginxlog.c:310:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(writePtr, segptr, restSize); data/postgresql-13-13.1/src/backend/access/gin/ginxlog.c:546:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(GinPageGetMeta(metapage), &data->metadata, sizeof(GinMetaPageData)); data/postgresql-13-13.1/src/backend/access/gin/ginxlog.c:689:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(GinPageGetMeta(metapage), &data->metadata, sizeof(GinMetaPageData)); data/postgresql-13-13.1/src/backend/access/gist/gistbuildbuffers.c:309:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, itup, itupsz); data/postgresql-13-13.1/src/backend/access/gist/gistbuildbuffers.c:331:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*itup, ptr, itupsz); data/postgresql-13-13.1/src/backend/access/gist/gistbuildbuffers.c:579:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&oldBuf, nodeBuffer, sizeof(GISTNodeBuffer)); data/postgresql-13-13.1/src/backend/access/gist/gistget.c:377:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item->distances, myDistances, data/postgresql-13-13.1/src/backend/access/gist/gistget.c:522:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item->distances, so->distances, data/postgresql-13-13.1/src/backend/access/gist/gistproc.c:167:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) pageunion, (void *) cur, sizeof(BOX)); data/postgresql-13-13.1/src/backend/access/gist/gistproc.c:555:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(intervalsUpper, intervalsLower, data/postgresql-13-13.1/src/backend/access/gist/gistproc.c:1041:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) r, (void *) &(in->boundbox), sizeof(BOX)); data/postgresql-13-13.1/src/backend/access/gist/gistsplit.c:379:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(evec->vector, entryvec->vector + FirstOffsetNumber, data/postgresql-13-13.1/src/backend/access/gist/gistsplit.c:387:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(evec->vector, entryvec->vector + FirstOffsetNumber + v->spl_nleft, data/postgresql-13-13.1/src/backend/access/gist/gistsplit.c:742:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(backupSplit.spl_left, v->splitVector.spl_left, sizeof(OffsetNumber) * v->splitVector.spl_nleft); data/postgresql-13-13.1/src/backend/access/gist/gistsplit.c:744:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(backupSplit.spl_right, v->splitVector.spl_right, sizeof(OffsetNumber) * v->splitVector.spl_nright); data/postgresql-13-13.1/src/backend/access/gist/gistutil.c:141:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, vec[i], IndexTupleSize(vec[i])); data/postgresql-13-13.1/src/backend/access/gist/gistutil.c:241:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding[2 * sizeof(GISTENTRY) + GEVHDRSZ]; data/postgresql-13-13.1/src/backend/access/gist/gistxlog.c:236:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n, begin, sizeof(int)); data/postgresql-13-13.1/src/backend/access/gist/gistxlog.c:673:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. XLogRegisterBufData(0, (char *) (itup[i]), IndexTupleSize(itup[i])); data/postgresql-13-13.1/src/backend/access/hash/hash_xlog.c:397:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lowmask, data, sizeof(uint32)); data/postgresql-13-13.1/src/backend/access/hash/hash_xlog.c:413:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ovflpoint, data, sizeof(uint32)); data/postgresql-13-13.1/src/backend/access/hash/hashovfl.c:672:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. XLogRegisterBufData(1, (char *) itups[i], tups_size[i]); data/postgresql-13-13.1/src/backend/access/hash/hashovfl.c:972:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. XLogRegisterBufData(1, (char *) itups[i], tups_size[i]); data/postgresql-13-13.1/src/backend/access/hash/hashpage.c:1527:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rel->rd_amcache, HashPageGetMeta(page), data/postgresql-13-13.1/src/backend/access/heap/heapam.c:311:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scan->rs_base.rs_key, key, scan->rs_base.rs_nkeys * sizeof(ScanKeyData)); data/postgresql-13-13.1/src/backend/access/heap/heapam.c:2252:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scratchptr, data/postgresql-13-13.1/src/backend/access/heap/heapam.c:5726:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) htup + htup->t_hoff, data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8079:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[MaxHeapTupleSize]; data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8136:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &xlhdr, data, SizeOfHeapHeader); data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8142:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) htup + SizeofHeapTupleHeader, data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8197:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[MaxHeapTupleSize]; data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8275:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) htup + SizeofHeapTupleHeader, data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8346:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[MaxHeapTupleSize]; data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8488:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prefixlen, recdata, sizeof(uint16)); data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8494:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&suffixlen, recdata, sizeof(uint16)); data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8498:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &xlhdr, recdata, SizeOfHeapHeader); data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8518:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newp, recdata, len); data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8523:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newp, (char *) oldtup.t_data + oldtup.t_data->t_hoff, prefixlen); data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8528:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newp, recdata, len); data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8538:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newp, recdata, tuplen); data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8546:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newp, (char *) oldtup.t_data + oldtup.t_len - suffixlen, suffixlen); data/postgresql-13-13.1/src/backend/access/heap/heapam.c:8795:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) htup + htup->t_hoff, newtup, newlen); data/postgresql-13-13.1/src/backend/access/heap/heaptoast.c:316:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_data, olddata, SizeofHeapTupleHeader); data/postgresql-13-13.1/src/backend/access/heap/heaptoast.c:520:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_data, tup, SizeofHeapTupleHeader); data/postgresql-13-13.1/src/backend/access/heap/heaptoast.c:579:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_values, values, numAttrs * sizeof(Datum)); data/postgresql-13-13.1/src/backend/access/heap/heaptoast.c:772:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(result) + data/postgresql-13-13.1/src/backend/access/heap/rewriteheap.c:200:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; /* path, for error messages */ data/postgresql-13-13.1/src/backend/access/heap/rewriteheap.c:380:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new_tuple->t_data->t_choice.t_heap, data/postgresql-13-13.1/src/backend/access/heap/rewriteheap.c:897:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(waldata, &pmap->map, sizeof(pmap->map)); data/postgresql-13-13.1/src/backend/access/heap/rewriteheap.c:991:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/heap/rewriteheap.c:1009:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(src->path, path, sizeof(path)); data/postgresql-13-13.1/src/backend/access/heap/rewriteheap.c:1020:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pmap->map, map, sizeof(LogicalRewriteMappingData)); data/postgresql-13-13.1/src/backend/access/heap/rewriteheap.c:1114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/heap/rewriteheap.c:1201:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH + 20]; data/postgresql-13-13.1/src/backend/access/heap/vacuumlazy.c:2332:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bulkdelete_res, *stats, sizeof(IndexBulkDeleteResult)); data/postgresql-13-13.1/src/backend/access/heap/vacuumlazy.c:3347:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sharedquery, debug_query_string, querylen + 1); data/postgresql-13-13.1/src/backend/access/heap/vacuumlazy.c:3389:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stats[i], &(indstats->stats), sizeof(IndexBulkDeleteResult)); data/postgresql-13-13.1/src/backend/access/nbtree/nbtdedup.c:337:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->htids, &base->t_tid, sizeof(ItemPointerData)); data/postgresql-13-13.1/src/backend/access/nbtree/nbtdedup.c:346:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->htids, BTreeTupleGetPosting(base), data/postgresql-13-13.1/src/backend/access/nbtree/nbtdedup.c:429:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->htids + state->nhtids, htids, data/postgresql-13-13.1/src/backend/access/nbtree/nbtdedup.c:643:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(itup, base, keysize); data/postgresql-13-13.1/src/backend/access/nbtree/nbtdedup.c:650:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(BTreeTupleGetPosting(itup), htids, data/postgresql-13-13.1/src/backend/access/nbtree/nbtdedup.c:711:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(itup, origtuple, keysize); data/postgresql-13-13.1/src/backend/access/nbtree/nbtinsert.c:1253:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oposting, nposting, MAXALIGN(IndexTupleSize(nposting))); data/postgresql-13-13.1/src/backend/access/nbtree/nbtpage.c:454:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rel->rd_amcache, metad, sizeof(BTMetaPageData)); data/postgresql-13-13.1/src/backend/access/nbtree/nbtpage.c:630:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rel->rd_amcache, metad, sizeof(BTMetaPageData)); data/postgresql-13-13.1/src/backend/access/nbtree/nbtpage.c:703:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rel->rd_amcache, metad, sizeof(BTMetaPageData)); data/postgresql-13-13.1/src/backend/access/nbtree/nbtpage.c:1061:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(updatedbuf + offset, &update.ndeletedtids, data/postgresql-13-13.1/src/backend/access/nbtree/nbtpage.c:1066:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(updatedbuf + offset, vacposting->deletetids, itemsz); data/postgresql-13-13.1/src/backend/access/nbtree/nbtree.c:565:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&so->currPos, &so->markPos, data/postgresql-13-13.1/src/backend/access/nbtree/nbtree.c:569:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(so->currTuples, so->markTuples, data/postgresql-13-13.1/src/backend/access/nbtree/nbtsearch.c:1143:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inskey.scankeys + i, subkey, sizeof(ScanKeyData)); data/postgresql-13-13.1/src/backend/access/nbtree/nbtsearch.c:1175:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inskey.scankeys + keysCount, subkey, data/postgresql-13-13.1/src/backend/access/nbtree/nbtsearch.c:1783:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(so->currTuples + so->currPos.nextTupleOffset, itup, itupsz); data/postgresql-13-13.1/src/backend/access/nbtree/nbtsearch.c:1817:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(base, itup, itupsz); data/postgresql-13-13.1/src/backend/access/nbtree/nbtsearch.c:1886:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&so->markPos, &so->currPos, data/postgresql-13-13.1/src/backend/access/nbtree/nbtsearch.c:1890:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(so->markTuples, so->currTuples, data/postgresql-13-13.1/src/backend/access/nbtree/nbtsort.c:1610:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sharedquery, debug_query_string, querylen + 1); data/postgresql-13-13.1/src/backend/access/nbtree/nbtutils.c:255:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(so->arrayKeyData, data/postgresql-13-13.1/src/backend/access/nbtree/nbtutils.c:785:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outkeys, cur, sizeof(ScanKeyData)); data/postgresql-13-13.1/src/backend/access/nbtree/nbtutils.c:930:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outkey, xform[j], sizeof(ScanKeyData)); data/postgresql-13-13.1/src/backend/access/nbtree/nbtutils.c:955:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outkey, cur, sizeof(ScanKeyData)); data/postgresql-13-13.1/src/backend/access/nbtree/nbtutils.c:998:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outkey, cur, sizeof(ScanKeyData)); data/postgresql-13-13.1/src/backend/access/nbtree/nbtutils.c:2265:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tidpivot, pivot, MAXALIGN(IndexTupleSize(pivot))); data/postgresql-13-13.1/src/backend/access/nbtree/nbtxlog.c:63:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&itupdata, from, sizeof(IndexTupleData)); data/postgresql-13-13.1/src/backend/access/nbtree/nbtxlog.c:227:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oposting, nposting, MAXALIGN(IndexTupleSize(nposting))); data/postgresql-13-13.1/src/backend/access/nbtree/nbtxlog.c:606:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vacposting->deletetids, data/postgresql-13-13.1/src/backend/access/rmgrdesc/clogdesc.c:30:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pageno, rec, sizeof(int)); data/postgresql-13-13.1/src/backend/access/rmgrdesc/clogdesc.c:37:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xlrec, rec, sizeof(xl_clog_truncate)); data/postgresql-13-13.1/src/backend/access/rmgrdesc/committsdesc.c:31:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pageno, rec, sizeof(int)); data/postgresql-13-13.1/src/backend/access/rmgrdesc/committsdesc.c:58:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(subxids, data/postgresql-13-13.1/src/backend/access/rmgrdesc/gindesc.c:46:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nitems, walbuf, sizeof(uint16)); data/postgresql-13-13.1/src/backend/access/rmgrdesc/mxactdesc.c:60:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pageno, rec, sizeof(int)); data/postgresql-13-13.1/src/backend/access/rmgrdesc/xlogdesc.c:74:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nextOid, rec, sizeof(Oid)); data/postgresql-13-13.1/src/backend/access/rmgrdesc/xlogdesc.c:91:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&startpoint, rec, sizeof(XLogRecPtr)); data/postgresql-13-13.1/src/backend/access/rmgrdesc/xlogdesc.c:101:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xlrec, rec, sizeof(xl_parameter_change)); data/postgresql-13-13.1/src/backend/access/rmgrdesc/xlogdesc.c:131:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fpw, rec, sizeof(bool)); data/postgresql-13-13.1/src/backend/access/rmgrdesc/xlogdesc.c:138:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xlrec, rec, sizeof(xl_end_of_recovery)); data/postgresql-13-13.1/src/backend/access/spgist/spgdoinsert.c:151:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sortednos, itemnos, sizeof(OffsetNumber) * nitems); data/postgresql-13-13.1/src/backend/access/spgist/spgdoinsert.c:487:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(leafptr, it, it->size); data/postgresql-13-13.1/src/backend/access/spgist/spgdoinsert.c:499:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(leafptr, newLeafTuple, newLeafTuple->size); data/postgresql-13-13.1/src/backend/access/spgist/spgdoinsert.c:1215:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(leafptr, newLeafs[i], newLeafs[i]->size); data/postgresql-13-13.1/src/backend/access/spgist/spgscan.c:115:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item->distances, distances, data/postgresql-13-13.1/src/backend/access/spgist/spgtextproc.c:121:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p + VARHDRSZ_SHORT, data, datalen); data/postgresql-13-13.1/src/backend/access/spgist/spgtextproc.c:126:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p + VARHDRSZ, data, datalen); data/postgresql-13-13.1/src/backend/access/spgist/spgtextproc.c:463:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(reconstrText), data/postgresql-13-13.1/src/backend/access/spgist/spgtextproc.c:467:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char *) VARDATA(reconstrText)) + in->level, data/postgresql-13-13.1/src/backend/access/spgist/spgtextproc.c:494:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) VARDATA(reconstrText))[maxReconstrLen - 1] = nodeChar; data/postgresql-13-13.1/src/backend/access/spgist/spgtextproc.c:610:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fullValue, VARDATA(reconstrValue), level); data/postgresql-13-13.1/src/backend/access/spgist/spgtextproc.c:612:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fullValue + level, VARDATA_ANY(leafValue), data/postgresql-13-13.1/src/backend/access/spgist/spgutils.c:635:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target, &datum, sizeof(Datum)); data/postgresql-13-13.1/src/backend/access/spgist/spgutils.c:640:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target, DatumGetPointer(datum), size); data/postgresql-13-13.1/src/backend/access/spgist/spgutils.c:791:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, node, IndexTupleSize(node)); data/postgresql-13-13.1/src/backend/access/spgist/spgxlog.c:90:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&leafTupleHdr, leafTuple, sizeof(SpGistLeafTupleData)); data/postgresql-13-13.1/src/backend/access/spgist/spgxlog.c:234:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&leafTupleHdr, leafTuple, data/postgresql-13-13.1/src/backend/access/spgist/spgxlog.c:301:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&innerTupleHdr, innerTuple, sizeof(SpGistInnerTupleData)); data/postgresql-13-13.1/src/backend/access/spgist/spgxlog.c:469:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prefixTupleHdr, prefixTuple, sizeof(SpGistInnerTupleData)); data/postgresql-13-13.1/src/backend/access/spgist/spgxlog.c:473:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&postfixTupleHdr, postfixTuple, sizeof(SpGistInnerTupleData)); data/postgresql-13-13.1/src/backend/access/spgist/spgxlog.c:566:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&innerTupleHdr, innerTuple, sizeof(SpGistInnerTupleData)); data/postgresql-13-13.1/src/backend/access/spgist/spgxlog.c:660:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&leafTupleHdr, leafTuple, sizeof(SpGistLeafTupleData)); data/postgresql-13-13.1/src/backend/access/transam/clog.c:1001:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pageno, XLogRecGetData(record), sizeof(int)); data/postgresql-13-13.1/src/backend/access/transam/clog.c:1015:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_clog_truncate)); data/postgresql-13-13.1/src/backend/access/transam/commit_ts.c:268:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(CommitTsCtl->shared->page_buffer[slotno] + data/postgresql-13-13.1/src/backend/access/transam/commit_ts.c:346:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&entry, data/postgresql-13-13.1/src/backend/access/transam/commit_ts.c:969:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pageno, XLogRecGetData(record), sizeof(int)); data/postgresql-13-13.1/src/backend/access/transam/commit_ts.c:1004:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(subxids, data/postgresql-13-13.1/src/backend/access/transam/generic_xlog.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delta[MAX_DELTA_SIZE]; /* delta between page images */ data/postgresql-13-13.1/src/backend/access/transam/generic_xlog.c:98:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &offset, sizeof(offset)); data/postgresql-13-13.1/src/backend/access/transam/generic_xlog.c:100:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &length, sizeof(length)); data/postgresql-13-13.1/src/backend/access/transam/generic_xlog.c:102:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, data, length); data/postgresql-13-13.1/src/backend/access/transam/generic_xlog.c:253:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp.data, curpage, BLCKSZ); data/postgresql-13-13.1/src/backend/access/transam/generic_xlog.c:309:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page->image, BufferGetPage(buffer), BLCKSZ); data/postgresql-13-13.1/src/backend/access/transam/generic_xlog.c:366:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page, pageData->image, pageHeader->pd_lower); data/postgresql-13-13.1/src/backend/access/transam/generic_xlog.c:369:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page + pageHeader->pd_upper, data/postgresql-13-13.1/src/backend/access/transam/generic_xlog.c:385:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page, pageData->image, pageHeader->pd_lower); data/postgresql-13-13.1/src/backend/access/transam/generic_xlog.c:388:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page + pageHeader->pd_upper, data/postgresql-13-13.1/src/backend/access/transam/generic_xlog.c:422:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(BufferGetPage(pageData->buffer), data/postgresql-13-13.1/src/backend/access/transam/generic_xlog.c:468:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page + offset, ptr, length); data/postgresql-13-13.1/src/backend/access/transam/multixact.c:1536:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, entry->members, size); data/postgresql-13-13.1/src/backend/access/transam/multixact.c:1586:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entry->members, members, nmembers * sizeof(MultiXactMember)); data/postgresql-13-13.1/src/backend/access/transam/multixact.c:3231:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pageno, XLogRecGetData(record), sizeof(int)); data/postgresql-13-13.1/src/backend/access/transam/multixact.c:3246:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pageno, XLogRecGetData(record), sizeof(int)); data/postgresql-13-13.1/src/backend/access/transam/multixact.c:3290:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xlrec, XLogRecGetData(record), data/postgresql-13-13.1/src/backend/access/transam/multixact.c:3379:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[2]; data/postgresql-13-13.1/src/backend/access/transam/parallel.c:557:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(worker.bgw_library_name, "postgres"); data/postgresql-13-13.1/src/backend/access/transam/parallel.c:558:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(worker.bgw_function_name, "ParallelWorkerMain"); data/postgresql-13-13.1/src/backend/access/transam/parallel.c:572:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(worker.bgw_extra, &i, sizeof(int)); data/postgresql-13-13.1/src/backend/access/transam/parallel.c:1273:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ParallelWorkerNumber, MyBgworkerEntry->bgw_extra, sizeof(int)); data/postgresql-13-13.1/src/backend/access/transam/slru.c:614:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/slru.c:673:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/slru.c:753:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/slru.c:928:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/slru.c:1309:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/slru.c:1325:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/timeline.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/timeline.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char histfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/timeline.c:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/timeline.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char histfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/timeline.c:127:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fline[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/timeline.c:224:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/timeline.c:225:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char histfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/timeline.c:307:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/timeline.c:308:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmppath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/timeline.c:309:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char histfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/timeline.c:310:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BLCKSZ]; data/postgresql-13-13.1/src/backend/access/transam/timeline.c:469:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/timeline.c:470:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmppath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/twophase.c:172:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gid[GIDSIZE]; /* The GID assigned to the prepared xact */ data/postgresql-13-13.1/src/backend/access/transam/twophase.c:523:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(proc->subxids.xids, children, data/postgresql-13-13.1/src/backend/access/transam/twophase.c:692:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(array + i, TwoPhaseState->prepXacts[i], data/postgresql-13-13.1/src/backend/access/transam/twophase.c:975:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char *) records.tail->data) + records.tail->len, data, len); data/postgresql-13-13.1/src/backend/access/transam/twophase.c:1212:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/twophase.c:1365:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*buf, XLogRecGetData(xlogreader), sizeof(char) * XLogRecGetDataLen(xlogreader)); data/postgresql-13-13.1/src/backend/access/transam/twophase.c:1602:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/twophase.c:1621:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xact.c:1587:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&s->parent->childXids[s->parent->nChildXids + 1], data/postgresql-13-13.1/src/backend/access/transam/xact.c:5228:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&result->parallelCurrentXids[0], ParallelCurrentXids, data/postgresql-13-13.1/src/backend/access/transam/xact.c:5252:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&workspace[i], s->childXids, data/postgresql-13-13.1/src/backend/access/transam/xact.c:5263:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&result->parallelCurrentXids[0], workspace, data/postgresql-13-13.1/src/backend/access/transam/xlog.c:312:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char recoveryStopName[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:506:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[PG_CACHE_LINE_SIZE]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:562:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[PG_CACHE_LINE_SIZE]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:1462:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(replay_image_masked, page, BLCKSZ); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:1546:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(currpos, rdata_data, freespace); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:1581:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(currpos, rdata_data, rdata_len); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:2542:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3255:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3256:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmppath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3443:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3444:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmppath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3590:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3647:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3671:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3672:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char activitymsg[MAXFNAMELEN + 16]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3673:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3753:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3869:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3938:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4005:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4029:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lastoff[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4096:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char switchseg[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4151:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4254:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4295:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH + sizeof(XLOGDIR)]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4373:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4579:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mock_auth_nonce[MOCK_AUTH_NONCE_LEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4595:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ControlFile->mock_authentication_nonce, mock_auth_nonce, MOCK_AUTH_NONCE_LEN); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4615:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[PG_CONTROL_FILE_SIZE]; /* need not be aligned */ data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4663:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, ControlFile, sizeof(ControlFileData)); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4707:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char wal_segsz_str[20]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:5055:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:5136:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ControlFile, localControlFile, sizeof(ControlFileData)); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:5289:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(recptr, &checkPoint, sizeof(checkPoint)); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:5363:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[128]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:5547:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:5614:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:6528:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&checkPoint, XLogRecGetData(xlogreader), sizeof(CheckPoint)); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:6678:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&checkPoint, XLogRecGetData(xlogreader), sizeof(CheckPoint)); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:7283:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&checkPoint, XLogRecGetData(xlogreader), sizeof(CheckPoint)); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:7291:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xlrec, XLogRecGetData(xlogreader), sizeof(xl_end_of_recovery)); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:7581:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reason[200]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:7582:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recoveryPath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:7685:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page, xlogreader->readBuf, len); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:7826:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char origfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:7834:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char origpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:7835:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char partialfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:7836:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char partialpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:9917:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nextOid, XLogRecGetData(record), sizeof(Oid)); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:9927:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&checkPoint, XLogRecGetData(record), sizeof(CheckPoint)); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:10022:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&checkPoint, XLogRecGetData(record), sizeof(CheckPoint)); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:10078:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_end_of_recovery)); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:10170:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xlrec, XLogRecGetData(record), sizeof(xl_parameter_change)); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:10214:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fpw, XLogRecGetData(record), sizeof(bool)); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:10377:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:10439:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:10508:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strfbuf[128]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:10509:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfilename[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:10732:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath[MAXPGPATH + 10]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:10733:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linkpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11033:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strfbuf[128]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11034:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char histfilepath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11035:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char startxlogfilename[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11036:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stopxlogfilename[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11037:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lastxlogfilename[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11038:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char histfilename[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11039:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backupfrom[20]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11563:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char startxlogfilename[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11568:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backuptype[20]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11569:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backupfrom[20]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11570:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backuplabel[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11571:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backuptime[128]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11689:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbsoid[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11691:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11973:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lastRestartPointFname[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:288:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogRecoveryCmd[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:289:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lastRestartPointFname[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:382:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:390:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:468:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char archiveStatusPath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:502:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlog[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:518:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char archiveReady[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:519:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char archiveDone[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:573:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char archiveStatusPath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:627:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char archiveStatusPath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:672:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char archiveStatusPath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:702:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char archiveStatusPath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:720:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char archiveStatusPath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogfuncs.c:442:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfilename[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlogfuncs.c:504:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfilename[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlogfuncs.c:650:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fline[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogfuncs.c:651:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backup_start_time[30]; data/postgresql-13-13.1/src/backend/access/transam/xloginsert.c:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char compressed_page[PGLZ_MAX_BLCKSZ]; data/postgresql-13-13.1/src/backend/access/transam/xloginsert.c:720:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scratch, &bkpb, SizeOfXLogRecordBlockHeader); data/postgresql-13-13.1/src/backend/access/transam/xloginsert.c:724:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scratch, &bimg, SizeOfXLogRecordBlockImageHeader); data/postgresql-13-13.1/src/backend/access/transam/xloginsert.c:728:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scratch, &cbimg, data/postgresql-13-13.1/src/backend/access/transam/xloginsert.c:735:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scratch, ®buf->rnode, sizeof(RelFileNode)); data/postgresql-13-13.1/src/backend/access/transam/xloginsert.c:738:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scratch, ®buf->block, sizeof(BlockNumber)); data/postgresql-13-13.1/src/backend/access/transam/xloginsert.c:747:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scratch, &replorigin_session_origin, sizeof(replorigin_session_origin)); data/postgresql-13-13.1/src/backend/access/transam/xloginsert.c:757:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scratch, &mainrdata_len, sizeof(uint32)); data/postgresql-13-13.1/src/backend/access/transam/xloginsert.c:823:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(source, page, hole_offset); data/postgresql-13-13.1/src/backend/access/transam/xloginsert.c:824:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(source + hole_offset, data/postgresql-13-13.1/src/backend/access/transam/xloginsert.c:943:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copied_buffer.data, origdata, lower); data/postgresql-13-13.1/src/backend/access/transam/xloginsert.c:944:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copied_buffer.data + upper, origdata + upper, BLCKSZ - upper); data/postgresql-13-13.1/src/backend/access/transam/xloginsert.c:947:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copied_buffer.data, origdata, BLCKSZ); data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c:429:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->readRecordBuf, data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c:491:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, (char *) contdata, len); data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c:803:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c:817:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c:857:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c:877:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c:902:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c:1185:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_dst, ptr, _size); \ data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c:1438:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(blk->data, ptr, blk->data_len); data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c:1468:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->main_data, ptr, state->main_data_len); data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c:1577:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page, ptr, BLCKSZ); data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c:1581:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page, ptr, bkpb->hole_offset); data/postgresql-13-13.1/src/backend/access/transam/xlogreader.c:1584:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page + (bkpb->hole_offset + bkpb->hole_length), data/postgresql-13-13.1/src/backend/access/transam/xlogutils.c:579:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(RelationGetRelationName(rel), "%u", rnode.relNode); data/postgresql-13-13.1/src/backend/access/transam/xlogutils.c:792:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/access/transam/xlogutils.c:962:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/bootstrap/bootparse.c:1037:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/postgresql-13-13.1/src/backend/bootstrap/bootparse.c:1226:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/postgresql-13-13.1/src/backend/bootstrap/bootstrap.c:91:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/bootstrap/bootstrap.c:262:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). MyAuxProcType = atoi(optarg); data/postgresql-13-13.1/src/backend/bootstrap/bootstrap.c:618:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &(*app)->am_typ, data/postgresql-13-13.1/src/backend/bootstrap/bootstrap.c:639:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. memmove((char *) attrtypes[i], data/postgresql-13-13.1/src/backend/bootstrap/bootstrap.c:1094:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newind->il_info, indexInfo, sizeof(IndexInfo)); data/postgresql-13-13.1/src/backend/catalog/aclchk.c:2742:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char loname[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/catalog/heap.c:851:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&attStruct, SysAtt[i], sizeof(FormData_pg_attribute)); data/postgresql-13-13.1/src/backend/catalog/heap.c:1619:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newattname[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/catalog/namespace.c:1122:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newResult->args, procform->proargtypes.values, data/postgresql-13-13.1/src/backend/catalog/namespace.c:3284:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). result = atoi(nspname + 8); data/postgresql-13-13.1/src/backend/catalog/namespace.c:3286:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). result = atoi(nspname + 14); data/postgresql-13-13.1/src/backend/catalog/namespace.c:3945:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namespaceName[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/catalog/objectaddress.c:1629:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). membernum = atoi(strVal(llast(linitial(object)))); data/postgresql-13-13.1/src/backend/catalog/objectaddress.c:1874:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. objtype = ((char *) strVal(linitial(object)))[0]; data/postgresql-13-13.1/src/backend/catalog/pg_aggregate.c:219:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fnArgs + 1, aggArgTypes + (numArgs - (nargs_transfn - 1)), data/postgresql-13-13.1/src/backend/catalog/pg_aggregate.c:226:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fnArgs + 1, aggArgTypes, numArgs * sizeof(Oid)); data/postgresql-13-13.1/src/backend/catalog/pg_aggregate.c:369:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fnArgs + 1, aggArgTypes, numArgs * sizeof(Oid)); data/postgresql-13-13.1/src/backend/catalog/pg_aggregate.c:532:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fnArgs + 1, aggArgTypes, numArgs * sizeof(Oid)); data/postgresql-13-13.1/src/backend/catalog/pg_constraint.c:491:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modlabel[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/catalog/pg_constraint.c:1193:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(conkey, ARR_DATA_PTR(arr), numkeys * sizeof(int16)); data/postgresql-13-13.1/src/backend/catalog/pg_constraint.c:1207:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(confkey, ARR_DATA_PTR(arr), numkeys * sizeof(int16)); data/postgresql-13-13.1/src/backend/catalog/pg_constraint.c:1224:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pf_eq_oprs, ARR_DATA_PTR(arr), numkeys * sizeof(Oid)); data/postgresql-13-13.1/src/backend/catalog/pg_constraint.c:1241:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pp_eq_oprs, ARR_DATA_PTR(arr), numkeys * sizeof(Oid)); data/postgresql-13-13.1/src/backend/catalog/pg_constraint.c:1258:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ff_eq_oprs, ARR_DATA_PTR(arr), numkeys * sizeof(Oid)); data/postgresql-13-13.1/src/backend/catalog/pg_type.c:827:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arr + i, typeName, NAMEDATALEN - i); data/postgresql-13-13.1/src/backend/catalog/toasting.c:140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char toast_relname[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/catalog/toasting.c:141:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char toast_idxname[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/commands/alter.c:981:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/commands/analyze.c:927:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stats->attr, attr, ATTRIBUTE_FIXED_PART_SIZE); data/postgresql-13-13.1/src/backend/commands/async.c:176:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[NAMEDATALEN + NOTIFY_PAYLOAD_MAX_LENGTH]; data/postgresql-13-13.1/src/backend/commands/async.c:350:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char channel[FLEXIBLE_ARRAY_MEMBER]; /* nul-terminated string */ data/postgresql-13-13.1/src/backend/commands/async.c:394:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/backend/commands/async.c:1427:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(qe->data, n->data, channellen + payloadlen + 2); data/postgresql-13-13.1/src/backend/commands/async.c:1518:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NotifyCtl->shared->page_buffer[slotno] + offset, data/postgresql-13-13.1/src/backend/commands/async.c:1931:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[QUEUE_PAGESIZE]; data/postgresql-13-13.1/src/backend/commands/async.c:2031:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page_buffer.buf + curoffset, data/postgresql-13-13.1/src/backend/commands/cluster.c:609:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char NewHeapName[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/commands/cluster.c:1472:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char NewToastName[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/commands/collationcmds.c:463:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[ULOC_FULLNAME_CAPACITY]; data/postgresql-13-13.1/src/backend/commands/collationcmds.c:537:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localebuf[NAMEDATALEN]; /* we assume ASCII so this is fine */ data/postgresql-13-13.1/src/backend/commands/collationcmds.c:561:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alias[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/commands/conversioncmds.c:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[1]; data/postgresql-13-13.1/src/backend/commands/copy.c:350:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char BinarySignature[11] = "PGCOPY\n\377\r\n\0"; data/postgresql-13-13.1/src/backend/commands/copy.c:2237:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curlineno_str[32]; data/postgresql-13-13.1/src/backend/commands/copy.c:2333:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, str, len); data/postgresql-13-13.1/src/backend/commands/copy.c:2334:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(res + len, "..."); data/postgresql-13-13.1/src/backend/commands/copy.c:3518:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char readSig[11]; data/postgresql-13-13.1/src/backend/commands/copy.c:3936:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mblen_str[2]; data/postgresql-13-13.1/src/backend/commands/event_trigger.c:1712:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(icopy, istmt, sizeof(InternalGrant)); data/postgresql-13-13.1/src/backend/commands/event_trigger.c:1824:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(command->d.atscfg.dictIds, dictIds, sizeof(Oid) * ndicts); data/postgresql-13-13.1/src/backend/commands/explain.c:2960:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hinstrument, hashstate->hinstrument, data/postgresql-13-13.1/src/backend/commands/explain.c:3249:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param[32]; data/postgresql-13-13.1/src/backend/commands/explain.c:4240:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/postgresql-13-13.1/src/backend/commands/explain.c:4253:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/postgresql-13-13.1/src/backend/commands/extension.c:375:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sharepath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/commands/extension.c:388:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sharepath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/commands/extension.c:412:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sharepath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/commands/extension.c:693:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(acontrol, pcontrol, sizeof(ExtensionControlFile)); data/postgresql-13-13.1/src/backend/commands/extension.c:1168:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[MAXPGPATH]; data/postgresql-13-13.1/src/backend/commands/functioncmds.c:2178:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nexpr, fexpr, sizeof(FuncExpr)); data/postgresql-13-13.1/src/backend/commands/indexcmds.c:1161:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(part_oids, partdesc->oids, sizeof(Oid) * nparts); data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2195:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, name1, name1chars); data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2200:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name + ndx, name2, name2chars); data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2245:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modlabel[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2332:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NAMEDATALEN * 2]; data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2375:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2390:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[32]; data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2401:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nbuf, "%d", i); data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2406:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, origname, nlen); data/postgresql-13-13.1/src/backend/commands/sequence.c:704:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/postgresql-13-13.1/src/backend/commands/sequence.c:727:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/postgresql-13-13.1/src/backend/commands/sequence.c:954:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufv[100], data/postgresql-13-13.1/src/backend/commands/sequence.c:1468:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufx[100]; data/postgresql-13-13.1/src/backend/commands/sequence.c:1505:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufm[100]; data/postgresql-13-13.1/src/backend/commands/sequence.c:1518:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufm[100], data/postgresql-13-13.1/src/backend/commands/sequence.c:1545:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufs[100], data/postgresql-13-13.1/src/backend/commands/sequence.c:1557:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufs[100], data/postgresql-13-13.1/src/backend/commands/sequence.c:1587:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufs[100], data/postgresql-13-13.1/src/backend/commands/sequence.c:1599:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufs[100], data/postgresql-13-13.1/src/backend/commands/sequence.c:1616:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/postgresql-13-13.1/src/backend/commands/sequence.c:1925:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page, localpage, BufferGetPageSize(buffer)); data/postgresql-13-13.1/src/backend/commands/statscmds.c:681:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modlabel[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/commands/statscmds.c:720:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NAMEDATALEN * 2]; data/postgresql-13-13.1/src/backend/commands/subscriptioncmds.c:325:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char originname[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/commands/subscriptioncmds.c:835:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char originname[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/commands/tablecmds.c:586:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char relname[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/commands/tablecmds.c:5363:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newslot->tts_values, oldslot->tts_values, data/postgresql-13-13.1/src/backend/commands/tablecmds.c:5365:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newslot->tts_isnull, oldslot->tts_isnull, data/postgresql-13-13.1/src/backend/commands/tablecmds.c:8176:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NAMEDATALEN * 2]; data/postgresql-13-13.1/src/backend/commands/tablecmds.c:15918:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char partattname[16]; data/postgresql-13-13.1/src/backend/commands/tablespace.c:1287:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(myextra->tblSpcs, tblSpcs, numSpcs * sizeof(Oid)); data/postgresql-13-13.1/src/backend/commands/trigger.c:179:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char internaltrigname[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/commands/trigger.c:842:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(d, "\\000"); data/postgresql-13-13.1/src/backend/commands/trigger.c:1640:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(build->tgattr, &(pg_trigger->tgattr.values), data/postgresql-13-13.1/src/backend/commands/trigger.c:1810:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newdesc, trigdesc, sizeof(TriggerDesc)); data/postgresql-13-13.1/src/backend/commands/trigger.c:1813:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(trigger, trigdesc->triggers, data/postgresql-13-13.1/src/backend/commands/trigger.c:1825:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newattr, trigger->tgattr, data/postgresql-13-13.1/src/backend/commands/trigger.c:3673:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newevent, event, eventsize); data/postgresql-13-13.1/src/backend/commands/trigger.c:4925:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->trigstates, origstate->trigstates, data/postgresql-13-13.1/src/backend/commands/typecmds.c:1557:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const prosrc[2] = {"range_constructor2", data/postgresql-13-13.1/src/backend/commands/variable.c:191:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(result, "ISO"); data/postgresql-13-13.1/src/backend/commands/variable.c:194:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(result, "SQL"); data/postgresql-13-13.1/src/backend/commands/variable.c:197:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(result, "German"); data/postgresql-13-13.1/src/backend/commands/variable.c:200:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(result, "Postgres"); data/postgresql-13-13.1/src/backend/commands/variable.c:206:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(result, ", YMD"); data/postgresql-13-13.1/src/backend/commands/variable.c:209:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(result, ", DMY"); data/postgresql-13-13.1/src/backend/commands/variable.c:212:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(result, ", MDY"); data/postgresql-13-13.1/src/backend/executor/execExpr.c:2139:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&es->steps[es->steps_len++], s, sizeof(ExprEvalStep)); data/postgresql-13-13.1/src/backend/executor/execExprInterp.c:2734:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(elem_dims, ARR_DIMS(array), elem_ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/executor/execExprInterp.c:2736:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(elem_lbs, ARR_LBOUND(array), elem_ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/executor/execExprInterp.c:2809:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DIMS(result), dims, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/executor/execExprInterp.c:2810:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_LBOUND(result), lbs, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/executor/execExprInterp.c:2816:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dat, subdata[i], subbytes[i]); data/postgresql-13-13.1/src/backend/executor/execMain.c:2365:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resname[32]; data/postgresql-13-13.1/src/backend/executor/execMain.c:2803:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resultRelInfos, parentestate->es_result_relations, data/postgresql-13-13.1/src/backend/executor/execMain.c:2813:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resultRelInfos, parentestate->es_root_result_relations, data/postgresql-13-13.1/src/backend/executor/execParallel.c:367:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(start_address, &nparams, sizeof(int)); data/postgresql-13-13.1/src/backend/executor/execParallel.c:383:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(start_address, ¶mid, sizeof(int)); data/postgresql-13-13.1/src/backend/executor/execParallel.c:412:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nparams, start_address, sizeof(int)); data/postgresql-13-13.1/src/backend/executor/execParallel.c:420:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(¶mid, start_address, sizeof(int)); data/postgresql-13-13.1/src/backend/executor/execParallel.c:737:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(query_string, estate->es_sourceText, query_len + 1); data/postgresql-13-13.1/src/backend/executor/execParallel.c:742:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pstmt_space, pstmt_data, pstmt_len); data/postgresql-13-13.1/src/backend/executor/execParallel.c:1044:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&planstate->worker_instrument->instrument, instrument, ibytes); data/postgresql-13-13.1/src/backend/executor/execParallel.c:1105:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(planstate->worker_jit_instrument, shared_jit, ibytes); data/postgresql-13-13.1/src/backend/executor/execPartition.c:1721:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pprune->subplan_map, pinfo->subplan_map, data/postgresql-13-13.1/src/backend/executor/execTuples.c:235:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, DatumGetPointer(val), data_length); data/postgresql-13-13.1/src/backend/executor/execTuples.c:784:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bdstslot->base.tupdata, bdstslot->base.tuple, sizeof(HeapTupleData)); data/postgresql-13-13.1/src/backend/executor/execTuples.c:2265:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(slot->tts_values, values, natts * sizeof(Datum)); data/postgresql-13-13.1/src/backend/executor/execTuples.c:2266:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(slot->tts_isnull, isnull, natts * sizeof(bool)); data/postgresql-13-13.1/src/backend/executor/functions.c:217:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argOidVect, data/postgresql-13-13.1/src/backend/executor/nodeAgg.c:5038:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(si, node->shared_info, size); data/postgresql-13-13.1/src/backend/executor/nodeGather.c:198:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->reader, node->pei->reader, data/postgresql-13-13.1/src/backend/executor/nodeGatherMerge.c:239:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->reader, node->pei->reader, data/postgresql-13-13.1/src/backend/executor/nodeHash.c:999:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copyTuple, hashTuple, hashTupleSize); data/postgresql-13-13.1/src/backend/executor/nodeHash.c:1310:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(HJTUPLE_MINTUPLE(copyTuple), tuple, tuple->t_len); data/postgresql-13-13.1/src/backend/executor/nodeHash.c:1625:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(HJTUPLE_MINTUPLE(hashTuple), tuple, tuple->t_len); data/postgresql-13-13.1/src/backend/executor/nodeHash.c:1713:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(HJTUPLE_MINTUPLE(hashTuple), tuple, tuple->t_len); data/postgresql-13-13.1/src/backend/executor/nodeHash.c:1767:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(HJTUPLE_MINTUPLE(hashTuple), tuple, tuple->t_len); data/postgresql-13-13.1/src/backend/executor/nodeHash.c:2430:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(HJTUPLE_MINTUPLE(hashTuple), tuple, tuple->t_len); data/postgresql-13-13.1/src/backend/executor/nodeHash.c:2510:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copyTuple, hashTuple, tupleSize); data/postgresql-13-13.1/src/backend/executor/nodeHash.c:2672:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->shared_info, shared_info, size); data/postgresql-13-13.1/src/backend/executor/nodeHash.c:2967:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXPGPATH]; data/postgresql-13-13.1/src/backend/executor/nodeIncrementalSort.c:1271:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(si, node->shared_info, size); data/postgresql-13-13.1/src/backend/executor/nodeModifyTable.c:321:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nulls, slot->tts_isnull, sizeof(*nulls) * natts); data/postgresql-13-13.1/src/backend/executor/nodeModifyTable.c:357:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(slot->tts_values, values, sizeof(*values) * natts); data/postgresql-13-13.1/src/backend/executor/nodeModifyTable.c:358:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(slot->tts_isnull, nulls, sizeof(*nulls) * natts); data/postgresql-13-13.1/src/backend/executor/nodeSort.c:428:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(si, node->shared_info, size); data/postgresql-13-13.1/src/backend/executor/spi.c:1701:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[64]; data/postgresql-13-13.1/src/backend/executor/spi.c:1763:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "Unrecognized SPI code %d", code); data/postgresql-13-13.1/src/backend/executor/spi.c:2735:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newplan->argtypes, plan->argtypes, plan->nargs * sizeof(Oid)); data/postgresql-13-13.1/src/backend/executor/spi.c:2799:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newplan->argtypes, plan->argtypes, plan->nargs * sizeof(Oid)); data/postgresql-13-13.1/src/backend/foreign/foreign.c:440:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cfdwroutine, fdwroutine, sizeof(FdwRoutine)); data/postgresql-13-13.1/src/backend/foreign/foreign.c:451:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fdwroutine, relation->rd_fdwroutine, sizeof(FdwRoutine)); data/postgresql-13-13.1/src/backend/foreign/foreign.c:772:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hash_path, path, sizeof(HashPath)); data/postgresql-13-13.1/src/backend/foreign/foreign.c:781:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nest_path, path, sizeof(NestPath)); data/postgresql-13-13.1/src/backend/foreign/foreign.c:790:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(merge_path, path, sizeof(MergePath)); data/postgresql-13-13.1/src/backend/jit/jit.c:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/jit/llvm/llvmjit.c:800:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/jit/llvm/llvmjit_inline.cpp:485:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/lib/bloomfilter.c:51:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bitset[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/backend/lib/dshash.c:817:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ENTRY_FROM_ITEM(item), key, hash_table->params.key_size); data/postgresql-13-13.1/src/backend/lib/rbtree.c:129:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest + 1, src + 1, rbt->node_size - sizeof(RBTNode)); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:142:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ClientProof[SCRAM_KEY_LEN]; data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:455:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char saltbuf[SCRAM_DEFAULT_SALT_LEN]; data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:618:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stored_key, decoded_stored_buf, SCRAM_KEY_LEN); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:626:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(server_key, decoded_server_buf, SCRAM_KEY_LEN); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:751:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[5]; data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:771:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[30 + 1]; data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1163:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_nonce[SCRAM_RAW_NONCE_LEN]; data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1267:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cbind_input + cbind_header_len, cbind_data, cbind_data_len); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1323:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->ClientProof, client_proof, SCRAM_KEY_LEN); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1333:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->client_final_message_without_proof, input, proof - begin); data/postgresql-13-13.1/src/backend/libpq/auth.c:414:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostinfo[NI_MAXHOST]; data/postgresql-13-13.1/src/backend/libpq/auth.c:467:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostinfo[NI_MAXHOST]; data/postgresql-13-13.1/src/backend/libpq/auth.c:847:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5Salt[4]; /* Password salt */ data/postgresql-13-13.1/src/backend/libpq/auth.c:1306:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sysmsg[256]; data/postgresql-13-13.1/src/backend/libpq/auth.c:1339:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char accountname[MAXPGPATH]; data/postgresql-13-13.1/src/backend/libpq/auth.c:1340:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char domainname[MAXPGPATH]; data/postgresql-13-13.1/src/backend/libpq/auth.c:1494:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sspictx, &newctx, sizeof(CtxtHandle)); data/postgresql-13-13.1/src/backend/libpq/auth.c:1754:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char response_type[80]; data/postgresql-13-13.1/src/backend/libpq/auth.c:1819:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ident_user[IDENT_USERNAME_MAX + 1]; data/postgresql-13-13.1/src/backend/libpq/auth.c:1823:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_addr_s[NI_MAXHOST]; data/postgresql-13-13.1/src/backend/libpq/auth.c:1824:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_port[NI_MAXSERV]; data/postgresql-13-13.1/src/backend/libpq/auth.c:1825:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_addr_s[NI_MAXHOST]; data/postgresql-13-13.1/src/backend/libpq/auth.c:1826:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_port[NI_MAXSERV]; data/postgresql-13-13.1/src/backend/libpq/auth.c:1827:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ident_port[NI_MAXSERV]; data/postgresql-13-13.1/src/backend/libpq/auth.c:1828:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ident_query[80]; data/postgresql-13-13.1/src/backend/libpq/auth.c:1829:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ident_response[80 + IDENT_USERNAME_MAX]; data/postgresql-13-13.1/src/backend/libpq/auth.c:2213:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostinfo[NI_MAXHOST]; data/postgresql-13-13.1/src/backend/libpq/auth.c:2936:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[RADIUS_BUFFER_SIZE - RADIUS_VECTOR_LENGTH]; data/postgresql-13-13.1/src/backend/libpq/auth.c:2978:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attr->data, data, len); data/postgresql-13-13.1/src/backend/libpq/auth.c:3118:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(portstr); data/postgresql-13-13.1/src/backend/libpq/auth.c:3155:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cryptvector, secret, strlen(secret)); data/postgresql-13-13.1/src/backend/libpq/auth.c:3161:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cryptvector + strlen(secret), md5trailer, RADIUS_VECTOR_LENGTH); data/postgresql-13-13.1/src/backend/libpq/auth.c:3364:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cryptvector, receivepacket, 4); /* code+id+length */ data/postgresql-13-13.1/src/backend/libpq/auth.c:3365:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cryptvector + 4, packet->vector, RADIUS_VECTOR_LENGTH); /* request data/postgresql-13-13.1/src/backend/libpq/auth.c:3370:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cryptvector + RADIUS_HEADER_LENGTH, receive_buffer + RADIUS_HEADER_LENGTH, packetlength - RADIUS_HEADER_LENGTH); data/postgresql-13-13.1/src/backend/libpq/auth.c:3371:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cryptvector + packetlength, secret, strlen(secret)); data/postgresql-13-13.1/src/backend/libpq/be-fsstubs.c:417:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/postgresql-13-13.1/src/backend/libpq/be-fsstubs.c:418:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnamebuf[MAXPGPATH]; data/postgresql-13-13.1/src/backend/libpq/be-fsstubs.c:480:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/postgresql-13-13.1/src/backend/libpq/be-fsstubs.c:481:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnamebuf[MAXPGPATH]; data/postgresql-13-13.1/src/backend/libpq/be-gssapi-common.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_major[128], data/postgresql-13-13.1/src/backend/libpq/be-secure-gssapi.c:213:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PqGSSSendBuffer + PqGSSSendLength, &netlen, sizeof(uint32)); data/postgresql-13-13.1/src/backend/libpq/be-secure-gssapi.c:216:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length); data/postgresql-13-13.1/src/backend/libpq/be-secure-gssapi.c:272:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) ptr + bytes_returned, PqGSSResultBuffer + PqGSSResultNext, bytes_to_copy); data/postgresql-13-13.1/src/backend/libpq/be-secure-gssapi.c:371:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PqGSSResultBuffer, output.value, output.length); data/postgresql-13-13.1/src/backend/libpq/be-secure-gssapi.c:578:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PqGSSSendBuffer, (char *) &netlen, sizeof(uint32)); data/postgresql-13-13.1/src/backend/libpq/be-secure-gssapi.c:581:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length); data/postgresql-13-13.1/src/backend/libpq/be-secure-openssl.c:816:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(my_bio_methods, biom, sizeof(BIO_METHOD)); data/postgresql-13-13.1/src/backend/libpq/be-secure-openssl.c:1136:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errbuf[36]; data/postgresql-13-13.1/src/backend/libpq/be-secure-openssl.c:1234:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[EVP_MAX_MD_SIZE]; /* size for SHA-512 */ data/postgresql-13-13.1/src/backend/libpq/be-secure-openssl.c:1276:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cert_hash, hash, hash_size); data/postgresql-13-13.1/src/backend/libpq/crypt.c:172:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char crypt_pwd[MD5_PASSWD_LEN + 1]; data/postgresql-13-13.1/src/backend/libpq/crypt.c:226:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char crypt_client_pass[MD5_PASSWD_LEN + 1]; data/postgresql-13-13.1/src/backend/libpq/hba.c:298:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hbatoken->string, token, toklen + 1); data/postgresql-13-13.1/src/backend/libpq/hba.c:333:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_TOKEN]; data/postgresql-13-13.1/src/backend/libpq/hba.c:485:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rawline[MAX_LINE]; data/postgresql-13-13.1/src/backend/libpq/hba.c:707:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_hostname[NI_MAXHOST]; data/postgresql-13-13.1/src/backend/libpq/hba.c:1170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&parsedline->addr, gai_result->ai_addr, data/postgresql-13-13.1/src/backend/libpq/hba.c:1271:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&parsedline->mask, gai_result->ai_addr, data/postgresql-13-13.1/src/backend/libpq/hba.c:1842:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hbaline->ldapport = atoi(val); data/postgresql-13-13.1/src/backend/libpq/hba.c:1998:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(lfirst(l)) == 0) data/postgresql-13-13.1/src/backend/libpq/hba.c:2424:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[NI_MAXHOST]; data/postgresql-13-13.1/src/backend/libpq/hba.c:2774:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[100]; data/postgresql-13-13.1/src/backend/libpq/hba.c:2831:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[100]; data/postgresql-13-13.1/src/backend/libpq/hba.c:2870:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(regexp_pgrole, identLine->pg_role, offset); data/postgresql-13-13.1/src/backend/libpq/hba.c:2871:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(regexp_pgrole + offset, data/postgresql-13-13.1/src/backend/libpq/ifaddr.c:148:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mask, &mask4, sizeof(mask4)); data/postgresql-13-13.1/src/backend/libpq/ifaddr.c:174:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mask, &mask6, sizeof(mask6)); data/postgresql-13-13.1/src/backend/libpq/ifaddr.c:429:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lmask, &lifr[i], sizeof(struct lifreq)); data/postgresql-13-13.1/src/backend/libpq/pqcomm.c:140:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char PqRecvBuffer[PQ_RECV_BUFFER_SIZE]; data/postgresql-13-13.1/src/backend/libpq/pqcomm.c:336:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portNumberStr[32]; data/postgresql-13-13.1/src/backend/libpq/pqcomm.c:338:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char familyDescBuf[64]; data/postgresql-13-13.1/src/backend/libpq/pqcomm.c:340:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addrBuf[NI_MAXHOST]; data/postgresql-13-13.1/src/backend/libpq/pqcomm.c:349:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unixSocketPath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/libpq/pqcomm.c:1097:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, PqRecvBuffer + PqRecvPointer, amount); data/postgresql-13-13.1/src/backend/libpq/pqcomm.c:1372:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PqSendBuffer + PqSendPointer, s, amount); data/postgresql-13-13.1/src/backend/libpq/pqformat.c:536:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &msg->data[msg->cursor], datalen); data/postgresql-13-13.1/src/backend/libpq/pqformat.c:566:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, str, rawbytes); data/postgresql-13-13.1/src/backend/nodes/bitmapset.c:83:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, a, size); data/postgresql-13-13.1/src/backend/nodes/copyfuncs.c:61:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newnode->fldname, from->fldname, _size); \ data/postgresql-13-13.1/src/backend/nodes/extensible.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extnodename[EXTNODENAME_MAX_LEN]; data/postgresql-13-13.1/src/backend/nodes/list.c:185:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(list->elements, list->initial_elements, data/postgresql-13-13.1/src/backend/nodes/list.c:218:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newelements, list->elements, data/postgresql-13-13.1/src/backend/nodes/list.c:532:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&list1->elements[list1->length], &list2->elements[0], data/postgresql-13-13.1/src/backend/nodes/list.c:566:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->elements, list1->elements, data/postgresql-13-13.1/src/backend/nodes/list.c:568:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->elements + list1->length, list2->elements, data/postgresql-13-13.1/src/backend/nodes/list.c:731:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newelems, list->elements, n * sizeof(ListCell)); data/postgresql-13-13.1/src/backend/nodes/list.c:732:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newelems[n], &list->elements[n + 1], data/postgresql-13-13.1/src/backend/nodes/list.c:1411:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newlist->elements, oldlist->elements, data/postgresql-13-13.1/src/backend/nodes/list.c:1433:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newlist->elements, &oldlist->elements[nskip], data/postgresql-13-13.1/src/backend/nodes/makefuncs.c:274:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tle, src_tle, sizeof(TargetEntry)); data/postgresql-13-13.1/src/backend/nodes/nodeFuncs.c:2576:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((newnode), (node), sizeof(nodetype)) ) data/postgresql-13-13.1/src/backend/nodes/nodeFuncs.c:2581:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((newnode), (node), sizeof(nodetype)) ) data/postgresql-13-13.1/src/backend/nodes/outfuncs.c:191:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in[2]; data/postgresql-13-13.1/src/backend/nodes/params.c:181:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*start_address, &nparams, sizeof(int)); data/postgresql-13-13.1/src/backend/nodes/params.c:202:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*start_address, &typeOid, sizeof(Oid)); data/postgresql-13-13.1/src/backend/nodes/params.c:206:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*start_address, &prm->pflags, sizeof(uint16)); data/postgresql-13-13.1/src/backend/nodes/params.c:239:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nparams, *start_address, sizeof(int)); data/postgresql-13-13.1/src/backend/nodes/params.c:249:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prm->ptype, *start_address, sizeof(Oid)); data/postgresql-13-13.1/src/backend/nodes/params.c:253:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prm->pflags, *start_address, sizeof(uint16)); data/postgresql-13-13.1/src/backend/nodes/print.c:100:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[LINELEN + 1]; data/postgresql-13-13.1/src/backend/nodes/print.c:156:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[LINELEN + 1]; data/postgresql-13-13.1/src/backend/nodes/read.c:430:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). result = (Node *) makeInteger(atoi(token)); data/postgresql-13-13.1/src/backend/nodes/read.c:436:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fval, token, tok_len); data/postgresql-13-13.1/src/backend/nodes/read.c:450:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, token + 1, tok_len - 1); data/postgresql-13-13.1/src/backend/nodes/readfuncs.c:71:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). local_node->fldname = atoi(token) data/postgresql-13-13.1/src/backend/nodes/readfuncs.c:89:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). local_node->fldname = atol(token) data/postgresql-13-13.1/src/backend/nodes/readfuncs.c:108:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). local_node->fldname = (enumtype) atoi(token) data/postgresql-13-13.1/src/backend/nodes/readfuncs.c:133:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). local_node->fldname = restore_location_fields ? atoi(token) : -1 data/postgresql-13-13.1/src/backend/nodes/readfuncs.c:2930:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). s[i] = (char) atoi(token); data/postgresql-13-13.1/src/backend/nodes/readfuncs.c:2941:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). s[i] = (char) atoi(token); data/postgresql-13-13.1/src/backend/nodes/readfuncs.c:2972:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). attr_vals[i] = atoi(token); data/postgresql-13-13.1/src/backend/nodes/readfuncs.c:3020:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int_vals[i] = atoi(token); data/postgresql-13-13.1/src/backend/nodes/tidbitmap.c:310:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(page, &tbm->entry1, sizeof(PagetableEntry)); data/postgresql-13-13.1/src/backend/nodes/tidbitmap.c:849:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptbase->ptentry, &tbm->entry1, sizeof(PagetableEntry)); data/postgresql-13-13.1/src/backend/optimizer/path/indxpath.c:3268:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newclause, clause, sizeof(OpExpr)); data/postgresql-13-13.1/src/backend/optimizer/path/joinrels.c:1569:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sjinfo, parent_sjinfo, sizeof(SpecialJoinInfo)); data/postgresql-13-13.1/src/backend/optimizer/plan/createplan.c:4700:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newphv, phv, sizeof(PlaceHolderVar)); data/postgresql-13-13.1/src/backend/optimizer/plan/planagg.c:364:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(subroot, root, sizeof(PlannerInfo)); data/postgresql-13-13.1/src/backend/optimizer/plan/planner.c:1307:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(subroot, root, sizeof(PlannerInfo)); data/postgresql-13-13.1/src/backend/optimizer/plan/planner.c:1501:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(subroot, root, sizeof(PlannerInfo)); data/postgresql-13-13.1/src/backend/optimizer/plan/planner.c:3454:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(adjacency[i], adjacency_buf, (n_adj + 1) * sizeof(short)); data/postgresql-13-13.1/src/backend/optimizer/plan/planner.c:5368:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newaggref, aggref, sizeof(Aggref)); data/postgresql-13-13.1/src/backend/optimizer/plan/setrefs.c:246:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newrc, rc, sizeof(PlanRowMark)); data/postgresql-13-13.1/src/backend/optimizer/plan/setrefs.c:425:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newrte, rte, sizeof(RangeTblEntry)); data/postgresql-13-13.1/src/backend/optimizer/plan/setrefs.c:2036:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(child_agg, orig_agg, sizeof(Aggref)); data/postgresql-13-13.1/src/backend/optimizer/plan/subselect.c:568:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. ptr += sprintf(ptr, " (returns "); data/postgresql-13-13.1/src/backend/optimizer/prep/prepjointree.c:301:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(j, jtnode, sizeof(JoinExpr)); data/postgresql-13-13.1/src/backend/optimizer/prep/preptlist.c:131:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resname[32]; data/postgresql-13-13.1/src/backend/optimizer/util/appendinfo.c:433:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newinfo, oldinfo, sizeof(RestrictInfo)); data/postgresql-13-13.1/src/backend/optimizer/util/clauses.c:2923:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ac, node, sizeof(ArrayCoerceExpr)); data/postgresql-13-13.1/src/backend/optimizer/util/clauses.c:4205:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(declared_arg_types, funcform->proargtypes.values, data/postgresql-13-13.1/src/backend/optimizer/util/inherit.c:228:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resname[32]; data/postgresql-13-13.1/src/backend/optimizer/util/inherit.c:446:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(childrte, parentrte, sizeof(RangeTblEntry)); data/postgresql-13-13.1/src/backend/optimizer/util/pathnode.c:3786:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newpath, ipath, sizeof(IndexPath)); data/postgresql-13-13.1/src/backend/optimizer/util/pathnode.c:3882:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((newnode), (node), sizeof(nodetype)) ) data/postgresql-13-13.1/src/backend/optimizer/util/plancat.c:2219:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(part_scheme->partopfamily, partkey->partopfamily, data/postgresql-13-13.1/src/backend/optimizer/util/plancat.c:2223:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(part_scheme->partopcintype, partkey->partopcintype, data/postgresql-13-13.1/src/backend/optimizer/util/plancat.c:2227:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(part_scheme->partcollation, partkey->partcollation, data/postgresql-13-13.1/src/backend/optimizer/util/plancat.c:2231:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(part_scheme->parttyplen, partkey->parttyplen, data/postgresql-13-13.1/src/backend/optimizer/util/plancat.c:2235:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(part_scheme->parttypbyval, partkey->parttypbyval, data/postgresql-13-13.1/src/backend/optimizer/util/restrictinfo.c:316:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newclause, clause, sizeof(OpExpr)); data/postgresql-13-13.1/src/backend/optimizer/util/restrictinfo.c:326:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, rinfo, sizeof(RestrictInfo)); data/postgresql-13-13.1/src/backend/optimizer/util/tlist.c:677:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, sizeof(PathTarget)); data/postgresql-13-13.1/src/backend/optimizer/util/tlist.c:686:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->sortgrouprefs, src->sortgrouprefs, nbytes); data/postgresql-13-13.1/src/backend/parser/analyze.c:1884:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char selectName[32]; data/postgresql-13-13.1/src/backend/parser/gram.c:25448:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/postgresql-13-13.1/src/backend/parser/gram.c:25661:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/postgresql-13-13.1/src/backend/parser/parse_expr.c:2266:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[16]; data/postgresql-13-13.1/src/backend/parser/parse_oper.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oprname[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/parser/parse_relation.c:2044:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attrname[64]; data/postgresql-13-13.1/src/backend/parser/scan.c:6472:21: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). yylval->ival = atol(yytext + 1); data/postgresql-13-13.1/src/backend/parser/scan.c:7854:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(yyext->scanbuf, str, slen); data/postgresql-13-13.1/src/backend/parser/scan.c:7904:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(yyextra->literalbuf + yyextra->literallen, ytext, yleng); data/postgresql-13-13.1/src/backend/parser/scan.c:7935:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, yyextra->literalbuf, llen); data/postgresql-13-13.1/src/backend/parser/scan.c:7966:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_UNICODE_EQUIVALENT_STRING + 1]; data/postgresql-13-13.1/src/backend/parser/scansup.c:197:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/parser/scansup.c:199:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, ident, len); data/postgresql-13-13.1/src/backend/partitioning/partbounds.c:950:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->kind[i], src->kind[i], data/postgresql-13-13.1/src/backend/partitioning/partbounds.c:994:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->indexes, src->indexes, sizeof(int) * num_indexes); data/postgresql-13-13.1/src/backend/partitioning/partbounds.c:4744:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(my_extra->partcollid, key->partcollation, data/postgresql-13-13.1/src/backend/port/posix_sema.c:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[PG_CACHE_LINE_SIZE]; data/postgresql-13-13.1/src/backend/port/posix_sema.c:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char semname[64]; data/postgresql-13-13.1/src/backend/port/sysv_shmem.c:262:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[64]; data/postgresql-13-13.1/src/backend/port/sysv_shmem.c:264:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(line, "%9lu %9lu", data/postgresql-13-13.1/src/backend/port/sysv_shmem.c:496:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/postgresql-13-13.1/src/backend/port/sysv_shmem.c:782:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(AnonymousShmem, hdr, sizeof(PGShmemHeader)); data/postgresql-13-13.1/src/backend/port/win32/crashdump.c:106:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dumpPath[_MAX_PATH]; data/postgresql-13-13.1/src/backend/port/win32/signal.c:185:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pipename[128]; data/postgresql-13-13.1/src/backend/port/win32/signal.c:232:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pipename[128]; data/postgresql-13-13.1/src/backend/port/win32/socket.c:554:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(writefds, &outwritefds, sizeof(fd_set)); data/postgresql-13-13.1/src/backend/port/win32/socket.c:688:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(readfds, &outreadfds, sizeof(fd_set)); data/postgresql-13-13.1/src/backend/port/win32/socket.c:690:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(writefds, &outwritefds, sizeof(fd_set)); data/postgresql-13-13.1/src/backend/port/win32_shmem.c:79:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(retptr, "Global\\PostgreSQL:"); data/postgresql-13-13.1/src/backend/postmaster/autovacuum.c:366:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *av[10]; data/postgresql-13-13.1/src/backend/postmaster/autovacuum.c:1073:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(dbary[i++]), db, sizeof(avl_dbase)); data/postgresql-13-13.1/src/backend/postmaster/autovacuum.c:1436:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *av[10]; data/postgresql-13-13.1/src/backend/postmaster/autovacuum.c:1664:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbname[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/postmaster/autovacuum.c:2128:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&hentry->ar_reloptions, relopts, data/postgresql-13-13.1/src/backend/postmaster/autovacuum.c:2732:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(av, &(((StdRdOptions *) relopts)->autovacuum), sizeof(AutoVacOpts)); data/postgresql-13-13.1/src/backend/postmaster/autovacuum.c:3155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char activity[MAX_AUTOVAC_ACTIV_LEN]; data/postgresql-13-13.1/src/backend/postmaster/autovacuum.c:3190:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char activity[MAX_AUTOVAC_ACTIV_LEN + 12 + 2]; data/postgresql-13-13.1/src/backend/postmaster/autovacuum.c:3191:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char blk[12 + 2]; data/postgresql-13-13.1/src/backend/postmaster/bgworker.c:193:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&slot->worker, &rw->rw_worker, sizeof(BackgroundWorker)); data/postgresql-13-13.1/src/backend/postmaster/bgworker.c:365:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rw->rw_worker.bgw_extra, slot->worker.bgw_extra, BGW_EXTRALEN); data/postgresql-13-13.1/src/backend/postmaster/bgworker.c:571:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&myEntry, &slot->worker, sizeof myEntry); data/postgresql-13-13.1/src/backend/postmaster/bgworker.c:973:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&slot->worker, worker, sizeof(BackgroundWorker)); data/postgresql-13-13.1/src/backend/postmaster/bgworker.c:1242:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char result[BGW_MAXLEN]; data/postgresql-13-13.1/src/backend/postmaster/checkpointer.c:1268:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(requests, CheckpointerShmem->requests, n * sizeof(CheckpointerRequest)); data/postgresql-13-13.1/src/backend/postmaster/fork_process.c:94:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(oomfilename, O_WRONLY, 0); data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:198:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *av[10]; data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:382:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlog[MAX_XFN_CHARS + 1]; data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:398:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathname[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:441:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogready[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:513:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogarchcmd[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:514:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathname[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:515:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char activitymsg[MAXFNAMELEN + 16]; data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:669:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char XLogArchiveStatusDir[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:681:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char basename[MAX_XFN_CHARS + 1]; data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:698:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(basename, rlde->d_name, basenamelen); data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:740:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rlogready[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:741:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rlogdone[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:668:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:728:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *av[10]; data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:914:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&this_ent->t_counts, &entry->t_counts, data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:2952:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lbeentry, data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:3054:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(unvolatize(PgBackendStatus *, vbeentry), data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:3075:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lbeentry.st_sslstatus, &lsslstatus, sizeof(PgBackendSSLStatus)); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:3078:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lbeentry.st_gssstatus, &lgssstatus, sizeof(PgBackendGSSStatus)); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:3198:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) beentry->st_activity_raw, cmd_str, len); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:3327:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) beentry->st_appname, appname, len); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:3442:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&localentry->backendStatus, unvolatize(PgBackendStatus *, beentry), sizeof(PgBackendStatus)); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:3461:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localsslstatus, beentry->st_sslstatus, sizeof(PgBackendSSLStatus)); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:3468:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(localgssstatus, beentry->st_gssstatus, sizeof(PgBackendGSSStatus)); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:4878:23: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). fpout = AllocateFile(tmpfile, PG_BINARY_W); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:4884:7: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile))); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:4957:7: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile))); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:4959:10: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). unlink(tmpfile); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:4966:7: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile))); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:4967:10: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). unlink(tmpfile); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:4969:18: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). else if (rename(tmpfile, statfile) < 0) data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:4974:7: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile, statfile))); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:4975:10: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). unlink(tmpfile); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5030:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpfile[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5030:8: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). char tmpfile[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5031:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char statfile[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5033:45: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). get_dbstat_filename(permanent, true, dbid, tmpfile, MAXPGPATH); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5041:23: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). fpout = AllocateFile(tmpfile, PG_BINARY_W); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5047:7: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile))); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5092:7: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile))); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5094:10: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). unlink(tmpfile); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5101:7: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile))); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5102:10: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). unlink(tmpfile); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5104:18: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). else if (rename(tmpfile, statfile) < 0) data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5109:7: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tmpfile, statfile))); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5110:10: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). unlink(tmpfile); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5301:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dbentry, &dbbuf, sizeof(PgStat_StatDBEntry)); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5404:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char statfile[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5477:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tabentry, &tabbuf, sizeof(tabbuf)); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5511:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(funcentry, &funcbuf, sizeof(funcbuf)); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:6113:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char statfile[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:222:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ExtraOptions[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:492:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char DataDir[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:534:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char my_exec_path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:535:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pkglib_path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:536:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ExtraOptions[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:715:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). set_debug_options(atoi(optarg), PGC_POSTMASTER, PGC_S_ARGV); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:1314:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fpidfile = fopen(external_pid_file, "w"); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:1530:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:1682:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &rmask, (char *) &readmask, sizeof(fd_set)); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:3273:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:3715:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char activity_buffer[1024]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4271:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1000]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4306:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_host[NI_MAXHOST]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4307:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_port[NI_MAXSERV]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4576:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *av[4]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4602:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpfilename[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4697:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdLine[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4701:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramHandleStr[32]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4741:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(paramHandleStr, "%llu", (LONG_PTR) paramHandle); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4743:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(paramHandleStr, "%lu", (DWORD) paramHandle); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:5117:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). shmem_slot = atoi(argv[1] + 15); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:5475:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *av[10]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:5477:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char typebuf[32]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:5693:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(OPTS_FILE, "w")) == NULL) data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:5797:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *av[10]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:5799:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char forkav[MAXPGPATH]; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:5883:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(MyBgworkerEntry, &rw->rw_worker, sizeof(BackgroundWorker)); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:6193:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(¶m->port, port, sizeof(Port)); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:6199:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(¶m->ListenSocket, &ListenSocket, sizeof(ListenSocket)); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:6246:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(¶m->postmaster_alive_fds, &postmaster_alive_fds, data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:6250:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(¶m->syslogPipe, &syslogPipe, sizeof(syslogPipe)); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:6396:25: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). paramHandle = (HANDLE) atol(id); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:6406:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(¶m, paramp, sizeof(BackendParameters)); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:6430:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(port, ¶m->port, sizeof(Port)); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:160:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logbuffer[READ_BUF_SIZE]; data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:187:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(DEVNULL, O_WRONLY, 0); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:743:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *av[10]; data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:745:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filenobuf[32]; data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:746:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char csvfilenobuf[32]; data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:758:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(filenobuf, "-1"); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:773:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(csvfilenobuf, "-1"); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:810:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fd = atoi(*argv++); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:816:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fd = atoi(*argv++); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:823:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fd = atoi(*argv++); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:833:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fd = atoi(*argv++); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:890:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&p, cursor, offsetof(PipeProtoHeader, data)); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:1123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logbuffer[READ_BUF_SIZE]; data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:1207:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(filename, mode); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:1472:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(LOG_METAINFO_DATAFILE_TMP, "w"); data/postgresql-13-13.1/src/backend/regex/regc_color.c:225:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VS(newCd), VS(cm->cdspace), cm->ncds * data/postgresql-13-13.1/src/backend/regex/regc_color.c:452:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newrowptr, data/postgresql-13-13.1/src/backend/regex/regc_locale.c:355:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const classNames[NUM_CCLASSES + 1] = { data/postgresql-13-13.1/src/backend/regex/regc_nfa.c:2535:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(donemap, outerdonemap, nstates * sizeof(char)); data/postgresql-13-13.1/src/backend/regex/regc_pg_locale.c:92:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char pg_char_properties[128] = { data/postgresql-13-13.1/src/backend/regex/regcomp.c:506:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VS(p), VS(v->subs), data/postgresql-13-13.1/src/backend/regex/regcomp.c:1900:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idbuf[50]; data/postgresql-13-13.1/src/backend/regex/regcomp.c:2127:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idbuf[50]; data/postgresql-13-13.1/src/backend/regex/regcomp.c:2181:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", t->id); data/postgresql-13-13.1/src/backend/regex/regcomp.c:2183:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%p", t); data/postgresql-13-13.1/src/backend/regex/regerror.c:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convbuf[sizeof(unk) + 50]; /* 50 = plenty for int */ data/postgresql-13-13.1/src/backend/regex/regerror.c:77:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(convbuf, "%d", r->code); /* -1 for unknown */ data/postgresql-13-13.1/src/backend/regex/regerror.c:81:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). icode = atoi(errbuf); /* not our problem if this fails */ data/postgresql-13-13.1/src/backend/regex/regerror.c:89:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(convbuf, "REG_%u", (unsigned) icode); data/postgresql-13-13.1/src/backend/regex/regerror.c:114:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(errbuf, msg, errbuf_size - 1); data/postgresql-13-13.1/src/backend/regex/regexec.c:294:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VS(pmatch), VS(v->pmatch), n * sizeof(regmatch_t)); data/postgresql-13-13.1/src/backend/regex/regexec.c:384:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). chr *open; /* open and close of range of possible starts */ data/postgresql-13-13.1/src/backend/regex/regexec.c:417:40: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). MDEBUG(("between %ld and %ld\n", LOFF(open), LOFF(close))); data/postgresql-13-13.1/src/backend/regex/regexec.c:421:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). for (begin = open; begin <= close; begin++) data/postgresql-13-13.1/src/backend/regex/regexec.c:516:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). chr *open; /* open and close of range of possible starts */ data/postgresql-13-13.1/src/backend/regex/regexec.c:543:42: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). MDEBUG(("cbetween %ld and %ld\n", LOFF(open), LOFF(close))); data/postgresql-13-13.1/src/backend/regex/regexec.c:544:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). for (begin = open; begin <= close; begin++) data/postgresql-13-13.1/src/backend/replication/backup_manifest.c:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathbuf[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/backup_manifest.c:290:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char checksumstringbuf[PG_SHA256_DIGEST_STRING_LENGTH]; data/postgresql-13-13.1/src/backend/replication/backup_manifest.c:339:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char manifestbuf[BLCKSZ]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:483:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathbuf[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:490:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char firstoff[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:491:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lastoff[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:561:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char startfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:577:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nextfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:587:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char endfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:599:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[TAR_SEND_SIZE]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:937:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char activitymsg[50]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:950:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char is[32]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:1039:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:1128:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:1152:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathbuf[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:1207:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathbuf[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:1303:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char initForkFile[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:1304:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char relOid[OIDCHARS + 1]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:1310:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(relOid, de->d_name, relOidChars); data/postgresql-13-13.1/src/backend/replication/basebackup.c:1411:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linkpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:1570:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[TAR_SEND_SIZE]; data/postgresql-13-13.1/src/backend/replication/basebackup.c:1620:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). segmentno = atoi(segmentpath + 1); data/postgresql-13-13.1/src/backend/replication/basebackup.c:1828:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char h[512]; data/postgresql-13-13.1/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:130:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *keys[5]; data/postgresql-13-13.1/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:131:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *vals[5]; data/postgresql-13-13.1/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:325:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *sender_port = atoi(ret); data/postgresql-13-13.1/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:552:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[64]; data/postgresql-13-13.1/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:584:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*content, PQgetvalue(res, 0, 1), *len); data/postgresql-13-13.1/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:936:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cstrs[MaxTupleAttributeNumber]; data/postgresql-13-13.1/src/backend/replication/logical/decode.c:701:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&change->data.tp.relnode, &target_node, sizeof(RelFileNode)); data/postgresql-13-13.1/src/backend/replication/logical/decode.c:745:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&change->data.tp.relnode, &target_node, sizeof(RelFileNode)); data/postgresql-13-13.1/src/backend/replication/logical/decode.c:818:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&change->data.tp.relnode, &target_node, sizeof(RelFileNode)); data/postgresql-13-13.1/src/backend/replication/logical/decode.c:870:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(change->data.truncate.relids, xlrec->relids, data/postgresql-13-13.1/src/backend/replication/logical/decode.c:930:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&change->data.tp.relnode, &rnode, sizeof(RelFileNode)); data/postgresql-13-13.1/src/backend/replication/logical/decode.c:954:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) tuple->tuple.t_data + SizeofHeapTupleHeader, data/postgresql-13-13.1/src/backend/replication/logical/decode.c:1007:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&change->data.tp.relnode, &target_node, sizeof(RelFileNode)); data/postgresql-13-13.1/src/backend/replication/logical/decode.c:1041:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &xlhdr, data/postgresql-13-13.1/src/backend/replication/logical/decode.c:1047:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char *) tuple->tuple.t_data) + SizeofHeapTupleHeader, data/postgresql-13-13.1/src/backend/replication/logical/launcher.c:1117:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&worker, &LogicalRepCtx->workers[i], data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:675:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(change->data.msg.message, message, message_size); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:1430:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(snap, orig_snap, sizeof(SnapshotData)); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:1437:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(snap->xip, orig_snap->xip, sizeof(TransactionId) * snap->xcnt); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2224:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(txn->invalidations, msgs, data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2444:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2497:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ondisk->change, change, sizeof(ReorderBufferChange)); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2539:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, &oldtup->tuple, sizeof(HeapTupleData)); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2542:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, oldtup->tuple.t_data, oldlen); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2548:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, &newtup->tuple, sizeof(HeapTupleData)); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2551:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, newtup->tuple.t_data, newlen); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2571:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, &prefix_size, sizeof(Size)); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2573:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, change->data.msg.prefix, data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2578:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, &change->data.msg.message_size, sizeof(Size)); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2580:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, change->data.msg.message, data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2603:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, snap, sizeof(SnapshotData)); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2608:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, snap->xip, data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2615:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, snap->subxip, data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2637:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, change->data.truncate.relids, size); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2796:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2916:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(change, &ondisk->change, sizeof(ReorderBufferChange)); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2936:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&change->data.tp.oldtuple->tuple, data, data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2945:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(change->data.tp.oldtuple->tuple.t_data, data, tuplelen); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2954:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tuplelen, data + offsetof(HeapTupleData, t_len), data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2961:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&change->data.tp.newtuple->tuple, data, data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2970:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(change->data.tp.newtuple->tuple.t_data, data, tuplelen); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2980:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&prefix_size, data, sizeof(Size)); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2984:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(change->data.msg.prefix, data, prefix_size); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2989:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&change->data.msg.message_size, data, sizeof(Size)); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2993:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(change->data.msg.message, data, data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:3015:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newsnap, data, size); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:3029:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(relids, data, change->data.truncate.nrelids * sizeof(Oid)); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:3073:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:3093:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH * 2 + 12]; data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:3408:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(reconstructed) + data_done, data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:3425:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA_EXTERNAL(new_datum), &redirect_pointer, data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:3440:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newtup->tuple.t_data, tmphtup->t_data, tmphtup->t_len); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:3534:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:3569:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:506:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(snapshot->xip, data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:908:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(builder->committed.xip, workspace, data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:1486:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmppath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:1487:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:1509:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(path, "pg_logical/snapshots/%X-%X.snap", data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:1552:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmppath, "pg_logical/snapshots/%X-%X.snap.%u.tmp", data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:1580:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ondisk->builder, builder, sizeof(SnapBuild)); data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:1596:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ondisk_c, builder->committed.xip, sz); data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:1693:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:1702:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(path, "pg_logical/snapshots/%X-%X.snap", data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:1938:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH + 21]; data/postgresql-13-13.1/src/backend/replication/logical/tablesync.c:357:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rstate, lfirst(lc), sizeof(SubscriptionRelState)); data/postgresql-13-13.1/src/backend/replication/logical/tablesync.c:572:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outbuf, ©buf->data[copybuf->cursor], avail); data/postgresql-13-13.1/src/backend/replication/logical/tablesync.c:605:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outbuf, ©buf->data[copybuf->cursor], avail); data/postgresql-13-13.1/src/backend/replication/logical/worker.c:417:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(slot->tts_values, srcslot->tts_values, natts * sizeof(Datum)); data/postgresql-13-13.1/src/backend/replication/logical/worker.c:418:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(slot->tts_isnull, srcslot->tts_isnull, natts * sizeof(bool)); data/postgresql-13-13.1/src/backend/replication/logical/worker.c:1954:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char originname[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/replication/repl_gram.c:961:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/postgresql-13-13.1/src/backend/replication/repl_gram.c:1150:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/postgresql-13-13.1/src/backend/replication/repl_scanner.c:2575:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scanbuf, str, slen); data/postgresql-13-13.1/src/backend/replication/slot.c:601:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/slot.c:602:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmppath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/slot.c:699:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/slot.c:1267:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/slot.c:1296:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH + 12]; data/postgresql-13-13.1/src/backend/replication/slot.c:1346:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmppath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/slot.c:1347:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/slot.c:1407:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmppath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/slot.c:1408:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/slot.c:1458:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cp.slotdata, &slot->data, sizeof(ReplicationSlotPersistentData)); data/postgresql-13-13.1/src/backend/replication/slot.c:1563:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slotdir[MAXPGPATH + 12]; data/postgresql-13-13.1/src/backend/replication/slot.c:1564:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH + 22]; data/postgresql-13-13.1/src/backend/replication/slot.c:1740:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&slot->data, &cp.slotdata, data/postgresql-13-13.1/src/backend/replication/syncrep.c:211:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_status, old_status, len); data/postgresql-13-13.1/src/backend/replication/syncrep.c:212:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(new_status + len, " waiting for %X/%X", data/postgresql-13-13.1/src/backend/replication/syncrep.c:1050:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pconf, syncrep_parse_result, syncrep_parse_result->config_size); data/postgresql-13-13.1/src/backend/replication/syncrep_gram.c:870:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/postgresql-13-13.1/src/backend/replication/syncrep_gram.c:1059:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/postgresql-13-13.1/src/backend/replication/syncrep_gram.c:1572:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). config->num_sync = atoi(num_sync); data/postgresql-13-13.1/src/backend/replication/syncrep_scanner.c:2149:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scanbuf, str, slen); data/postgresql-13-13.1/src/backend/replication/walreceiver.c:180:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conninfo[MAXCONNINFO]; data/postgresql-13-13.1/src/backend/replication/walreceiver.c:182:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slotname[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/replication/walreceiver.c:329:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char standby_sysid[32]; data/postgresql-13-13.1/src/backend/replication/walreceiver.c:615:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/replication/walreceiver.c:713:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char activitymsg[50]; data/postgresql-13-13.1/src/backend/replication/walreceiver.c:739:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expectedfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/replication/walreceiver.c:924:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/replication/walreceiver.c:973:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/replication/walreceiver.c:1038:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char activitymsg[50]; data/postgresql-13-13.1/src/backend/replication/walreceiver.c:1367:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sender_host[NI_MAXHOST]; data/postgresql-13-13.1/src/backend/replication/walreceiver.c:1369:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slotname[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/replication/walreceiver.c:1370:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conninfo[MAXCONNINFO]; data/postgresql-13-13.1/src/backend/replication/walsender.c:377:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sysid[32]; data/postgresql-13-13.1/src/backend/replication/walsender.c:378:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xloc[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/replication/walsender.c:467:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char histfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/replication/walsender.c:468:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/walsender.c:764:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char startpos_str[8 + 1 + 8 + 1]; data/postgresql-13-13.1/src/backend/replication/walsender.c:924:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xloc[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/replication/walsender.c:1273:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ctx->out->data[1 + sizeof(int64) + sizeof(int64)], data/postgresql-13-13.1/src/backend/replication/walsender.c:2457:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/replication/walsender.c:2504:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/replication/walsender.c:2802:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&output_message.data[1 + sizeof(int64) + sizeof(int64)], data/postgresql-13-13.1/src/backend/replication/walsender.c:2821:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char activitymsg[50]; data/postgresql-13-13.1/src/backend/rewrite/rewriteHandler.c:1046:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fstore, prior_expr, sizeof(FieldStore)); data/postgresql-13-13.1/src/backend/rewrite/rewriteHandler.c:1057:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fstore, src_expr, sizeof(FieldStore)); data/postgresql-13-13.1/src/backend/rewrite/rewriteHandler.c:1066:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sbsref, src_expr, sizeof(SubscriptingRef)); data/postgresql-13-13.1/src/backend/rewrite/rewriteHandler.c:1081:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newcoerce, coerce_expr, sizeof(CoerceToDomain)); data/postgresql-13-13.1/src/backend/snowball/dict_snowball.c:294:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(txt, d->z->p, d->z->l); data/postgresql-13-13.1/src/backend/statistics/dependencies.c:147:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&state->dependencies[(state->k * state->ndependencies)], data/postgresql-13-13.1/src/backend/statistics/dependencies.c:472:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, &dependencies->magic, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/dependencies.c:474:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, &dependencies->type, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/dependencies.c:476:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, &dependencies->ndeps, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/dependencies.c:484:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, &d->degree, sizeof(double)); data/postgresql-13-13.1/src/backend/statistics/dependencies.c:487:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, &d->nattributes, sizeof(AttrNumber)); data/postgresql-13-13.1/src/backend/statistics/dependencies.c:490:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, d->attributes, sizeof(AttrNumber) * d->nattributes); data/postgresql-13-13.1/src/backend/statistics/dependencies.c:528:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dependencies->magic, tmp, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/dependencies.c:530:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dependencies->type, tmp, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/dependencies.c:532:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dependencies->ndeps, tmp, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/dependencies.c:564:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(°ree, tmp, sizeof(double)); data/postgresql-13-13.1/src/backend/statistics/dependencies.c:568:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&k, tmp, sizeof(AttrNumber)); data/postgresql-13-13.1/src/backend/statistics/dependencies.c:582:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d->attributes, tmp, sizeof(AttrNumber) * d->nattributes); data/postgresql-13-13.1/src/backend/statistics/mcv.c:303:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item->values, groups[i].values, sizeof(Datum) * numattrs); data/postgresql-13-13.1/src/backend/statistics/mcv.c:304:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item->isnull, groups[i].isnull, sizeof(bool) * numattrs); data/postgresql-13-13.1/src/backend/statistics/mcv.c:840:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &mcvlist->magic, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:843:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &mcvlist->type, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:846:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &mcvlist->nitems, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:849:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &mcvlist->ndimensions, sizeof(AttrNumber)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:852:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, mcvlist->types, sizeof(Oid) * ndims); data/postgresql-13-13.1/src/backend/statistics/mcv.c:856:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, info, sizeof(DimensionInfo) * ndims); data/postgresql-13-13.1/src/backend/statistics/mcv.c:884:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &tmp, info[dim].typlen); data/postgresql-13-13.1/src/backend/statistics/mcv.c:890:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, DatumGetPointer(value), info[dim].typlen); data/postgresql-13-13.1/src/backend/statistics/mcv.c:898:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &len, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:902:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, VARDATA_ANY(DatumGetPointer(value)), len); data/postgresql-13-13.1/src/backend/statistics/mcv.c:910:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &len, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:914:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, DatumGetCString(value), len); data/postgresql-13-13.1/src/backend/statistics/mcv.c:935:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, mcvitem->isnull, sizeof(bool) * ndims); data/postgresql-13-13.1/src/backend/statistics/mcv.c:938:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &mcvitem->frequency, sizeof(double)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:941:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &mcvitem->base_frequency, sizeof(double)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:968:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, &index, sizeof(uint16)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1040:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mcvlist->magic, ptr, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1043:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mcvlist->type, ptr, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1046:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mcvlist->nitems, ptr, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1049:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mcvlist->ndimensions, ptr, sizeof(AttrNumber)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1093:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mcvlist->types, ptr, sizeof(Oid) * ndims); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1099:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info, ptr, ndims * sizeof(DimensionInfo)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1190:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, ptr, info[dim].typlen); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1208:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dataptr, ptr, info[dim].typlen); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1224:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&len, ptr, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1229:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(dataptr), ptr, len); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1246:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&len, ptr, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1249:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dataptr, ptr, len); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1283:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item->isnull, ptr, sizeof(bool) * ndims); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1286:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&item->frequency, ptr, sizeof(double)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1289:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&item->base_frequency, ptr, sizeof(double)); data/postgresql-13-13.1/src/backend/statistics/mcv.c:1297:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&index, ptr, sizeof(uint16)); data/postgresql-13-13.1/src/backend/statistics/mvdistinct.c:204:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, &ndistinct->magic, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mvdistinct.c:206:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, &ndistinct->type, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mvdistinct.c:208:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, &ndistinct->nitems, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mvdistinct.c:220:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, &item.ndistinct, sizeof(double)); data/postgresql-13-13.1/src/backend/statistics/mvdistinct.c:222:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, &nmembers, sizeof(int)); data/postgresql-13-13.1/src/backend/statistics/mvdistinct.c:230:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, &value, sizeof(AttrNumber)); data/postgresql-13-13.1/src/backend/statistics/mvdistinct.c:269:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ndist.magic, tmp, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mvdistinct.c:271:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ndist.type, tmp, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mvdistinct.c:273:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ndist.nitems, tmp, sizeof(uint32)); data/postgresql-13-13.1/src/backend/statistics/mvdistinct.c:309:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&item->ndistinct, tmp, sizeof(double)); data/postgresql-13-13.1/src/backend/statistics/mvdistinct.c:313:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&nelems, tmp, sizeof(int)); data/postgresql-13-13.1/src/backend/statistics/mvdistinct.c:321:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&attno, tmp, sizeof(AttrNumber)); data/postgresql-13-13.1/src/backend/statistics/mvdistinct.c:683:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&state->combinations[(state->k * state->current)], data/postgresql-13-13.1/src/backend/storage/buffer/bufmgr.c:3852:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_status, old_status, len); data/postgresql-13-13.1/src/backend/storage/buffer/bufmgr.c:3853:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(new_status + len, " waiting"); data/postgresql-13-13.1/src/backend/storage/file/buffile.c:224:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/buffile.c:283:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char segment_name[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/buffile.c:345:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char segment_name[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/buffile.c:564:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, file->buffer.data + file->pos, nthistime); data/postgresql-13-13.1/src/backend/storage/file/buffile.c:610:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file->buffer.data + file->pos, ptr, nthistime); data/postgresql-13-13.1/src/backend/storage/file/copydir.c:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fromfile[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/storage/file/copydir.c:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tofile[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/storage/file/fd.c:1012:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fileName, fileFlags, fileMode); data/postgresql-13-13.1/src/backend/storage/file/fd.c:1114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/postgresql-13-13.1/src/backend/storage/file/fd.c:1657:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempdirpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/fd.c:1658:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempfilepath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/fd.c:2340:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((file = fopen(name, mode)) != NULL) data/postgresql-13-13.1/src/backend/storage/file/fd.c:3008:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_path[MAXPGPATH + 10 + sizeof(TABLESPACE_VERSION_DIRECTORY) + sizeof(PG_TEMP_FILES_DIR)]; data/postgresql-13-13.1/src/backend/storage/file/fd.c:3069:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rm_path[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/storage/file/fd.c:3135:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbspace_path[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/storage/file/fd.c:3163:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rm_path[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/storage/file/fd.c:3343:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subpath[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/storage/file/fd.c:3544:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parentpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/reinit.c:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oid[OIDCHARS + 1]; data/postgresql-13-13.1/src/backend/storage/file/reinit.c:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_path[MAXPGPATH + 10 + sizeof(TABLESPACE_VERSION_DIRECTORY)]; data/postgresql-13-13.1/src/backend/storage/file/reinit.c:106:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbspace_path[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/storage/file/reinit.c:153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rm_path[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/storage/file/reinit.c:202:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ent.oid, de->d_name, oidchars); data/postgresql-13-13.1/src/backend/storage/file/reinit.c:244:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ent.oid, de->d_name, oidchars); data/postgresql-13-13.1/src/backend/storage/file/reinit.c:282:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oidbuf[OIDCHARS + 1]; data/postgresql-13-13.1/src/backend/storage/file/reinit.c:283:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char srcpath[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/storage/file/reinit.c:284:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/reinit.c:300:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oidbuf, de->d_name, oidchars); data/postgresql-13-13.1/src/backend/storage/file/reinit.c:325:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oidbuf[OIDCHARS + 1]; data/postgresql-13-13.1/src/backend/storage/file/reinit.c:326:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mainpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/reinit.c:338:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oidbuf, de->d_name, oidchars); data/postgresql-13-13.1/src/backend/storage/file/sharedfileset.c:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/sharedfileset.c:132:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempdirpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/sharedfileset.c:133:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filesetpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/sharedfileset.c:152:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/sharedfileset.c:169:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/sharedfileset.c:182:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/sharedfileset.c:232:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempdirpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/file/sharedfileset.c:258:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/ipc/dsm.c:292:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPGPATH + sizeof(PG_DYNSHMEM_DIR)]; data/postgresql-13-13.1/src/backend/storage/ipc/dsm_impl.c:215:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/postgresql-13-13.1/src/backend/storage/ipc/dsm_impl.c:419:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/postgresql-13-13.1/src/backend/storage/ipc/dsm_impl.c:605:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/postgresql-13-13.1/src/backend/storage/ipc/dsm_impl.c:785:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/postgresql-13-13.1/src/backend/storage/ipc/dsm_impl.c:966:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/postgresql-13-13.1/src/backend/storage/ipc/dsm_impl.c:1014:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/postgresql-13-13.1/src/backend/storage/ipc/ipc.c:133:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gprofDirName[32]; data/postgresql-13-13.1/src/backend/storage/ipc/latch.c:1932:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/postgresql-13-13.1/src/backend/storage/ipc/procarray.c:1652:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(snapshot->subxip + subcount, data/postgresql-13-13.1/src/backend/storage/ipc/procarray.c:2055:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&xids[count], (void *) proc->subxids.xids, data/postgresql-13-13.1/src/backend/storage/ipc/shm_mq.c:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mq_ring[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/backend/storage/ipc/shm_mq.c:432:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpbuf[MAXIMUM_ALIGNOF]; data/postgresql-13-13.1/src/backend/storage/ipc/shm_mq.c:668:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mqh->mqh_buffer[mqh->mqh_partial_bytes], rawdata, data/postgresql-13-13.1/src/backend/storage/ipc/shm_mq.c:751:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mqh->mqh_buffer[mqh->mqh_partial_bytes], rawdata, rb); data/postgresql-13-13.1/src/backend/storage/ipc/shm_mq.c:1001:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mq->mq_ring[mq->mq_ring_offset + offset], data/postgresql-13-13.1/src/backend/storage/ipc/standby.c:265:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_status, old_status, len); data/postgresql-13-13.1/src/backend/storage/ipc/standby.c:266:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(new_status + len, " waiting"); data/postgresql-13-13.1/src/backend/storage/large_object/inv_api.c:570:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + nread, VARDATA(datafield) + off, n); data/postgresql-13-13.1/src/backend/storage/large_object/inv_api.c:606:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[LOBLKSIZE + VARHDRSZ]; data/postgresql-13-13.1/src/backend/storage/large_object/inv_api.c:688:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(workb, VARDATA(datafield), len); data/postgresql-13-13.1/src/backend/storage/large_object/inv_api.c:704:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(workb + off, buf + nwritten, n); data/postgresql-13-13.1/src/backend/storage/large_object/inv_api.c:749:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(workb + off, buf + nwritten, n); data/postgresql-13-13.1/src/backend/storage/large_object/inv_api.c:797:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[LOBLKSIZE + VARHDRSZ]; data/postgresql-13-13.1/src/backend/storage/large_object/inv_api.c:873:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(workb, VARDATA(datafield), pagelen); data/postgresql-13-13.1/src/backend/storage/lmgr/lock.c:1831:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_status, old_status, len); data/postgresql-13-13.1/src/backend/storage/lmgr/lock.c:1832:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(new_status + len, " waiting"); data/postgresql-13-13.1/src/backend/storage/lmgr/lock.c:3316:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(record.locktag), &(locallock->tag.lock), sizeof(LOCKTAG)); data/postgresql-13-13.1/src/backend/storage/lmgr/lock.c:3699:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&instance->locktag, &lock->tag, sizeof(LOCKTAG)); data/postgresql-13-13.1/src/backend/storage/lmgr/lock.c:3877:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&instance->locktag, &lock->tag, sizeof(LOCKTAG)); data/postgresql-13-13.1/src/backend/storage/lmgr/lwlock.c:223:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tranche_name[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/storage/page/bufpage.c:348:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) page + upper, item, size); data/postgresql-13-13.1/src/backend/storage/page/bufpage.c:389:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, page, pageSize); data/postgresql-13-13.1/src/backend/storage/page/bufpage.c:410:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PageGetSpecialPointer(temp), data/postgresql-13-13.1/src/backend/storage/page/bufpage.c:428:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) oldPage, (char *) tempPage, pageSize); data/postgresql-13-13.1/src/backend/storage/page/bufpage.c:951:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(phdr->pd_linp, newitemids, nused * sizeof(ItemIdData)); data/postgresql-13-13.1/src/backend/storage/page/bufpage.c:1164:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PageGetItem(page, tupid), newtup, newsize); data/postgresql-13-13.1/src/backend/storage/page/bufpage.c:1202:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pageCopy, (char *) page, BLCKSZ); data/postgresql-13-13.1/src/backend/storage/sync/sync.c:182:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/storage/sync/sync.c:362:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/tcop/dest.c:168:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char completionTag[COMPLETION_TAG_BUFSIZE]; data/postgresql-13-13.1/src/backend/tcop/fastpath.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NAMEDATALEN]; /* function name for logging */ data/postgresql-13-13.1/src/backend/tcop/fastpath.c:231:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fip->argtypes, pp->proargtypes.values, pp->pronargs * sizeof(Oid)); data/postgresql-13-13.1/src/backend/tcop/fastpath.c:270:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msec_str[32]; data/postgresql-13-13.1/src/backend/tcop/postgres.c:992:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msec_str[32]; data/postgresql-13-13.1/src/backend/tcop/postgres.c:1362:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msec_str[32]; data/postgresql-13-13.1/src/backend/tcop/postgres.c:1624:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msec_str[32]; data/postgresql-13-13.1/src/backend/tcop/postgres.c:2055:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msec_str[32]; data/postgresql-13-13.1/src/backend/tcop/postgres.c:3411:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char debugstr[64]; data/postgresql-13-13.1/src/backend/tcop/postgres.c:3413:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(debugstr, "debug%d", debug_flag); data/postgresql-13-13.1/src/backend/tcop/postgres.c:3581:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). set_debug_options(atoi(optarg), ctx, gucsource); data/postgresql-13-13.1/src/backend/tcop/postgres.c:3686:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). FrontendProtocol = (ProtocolVersion) atoi(optarg); data/postgresql-13-13.1/src/backend/tcop/postgres.c:4628:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &user, (char *) &r.ru_utime, sizeof(user)); data/postgresql-13-13.1/src/backend/tcop/postgres.c:4629:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &sys, (char *) &r.ru_stime, sizeof(sys)); data/postgresql-13-13.1/src/backend/tcop/pquery.c:631:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(portal->formats, formats, natts * sizeof(int16)); data/postgresql-13-13.1/src/backend/tsearch/dict_ispell.c:141:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cptr, ptr, sizeof(TSLexeme)); data/postgresql-13-13.1/src/backend/tsearch/dict_thesaurus.c:95:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr->lexeme, b, e - b); data/postgresql-13-13.1/src/backend/tsearch/dict_thesaurus.c:150:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr->res[nres].lexeme, b, e - b); data/postgresql-13-13.1/src/backend/tsearch/spell.c:386:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sflag += sprintf(sflag, "%0d", s); data/postgresql-13-13.1/src/backend/tsearch/spell.c:456:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flag[BUFSIZ]; data/postgresql-13-13.1/src/backend/tsearch/spell.c:737:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errstr[100]; data/postgresql-13-13.1/src/backend/tsearch/spell.c:1062:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sbuf[BUFSIZ]; data/postgresql-13-13.1/src/backend/tsearch/spell.c:1121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sflag[BUFSIZ]; data/postgresql-13-13.1/src/backend/tsearch/spell.c:1191:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[BUFSIZ], data/postgresql-13-13.1/src/backend/tsearch/spell.c:1193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sflag[BUFSIZ]; data/postgresql-13-13.1/src/backend/tsearch/spell.c:1194:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mask[BUFSIZ], data/postgresql-13-13.1/src/backend/tsearch/spell.c:1196:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char find[BUFSIZ], data/postgresql-13-13.1/src/backend/tsearch/spell.c:1198:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char repl[BUFSIZ], data/postgresql-13-13.1/src/backend/tsearch/spell.c:1310:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). naffix = atoi(sflag); data/postgresql-13-13.1/src/backend/tsearch/spell.c:1421:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flag[BUFSIZ]; data/postgresql-13-13.1/src/backend/tsearch/spell.c:1422:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mask[BUFSIZ]; data/postgresql-13-13.1/src/backend/tsearch/spell.c:1423:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char find[BUFSIZ]; data/postgresql-13-13.1/src/backend/tsearch/spell.c:1424:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char repl[BUFSIZ]; data/postgresql-13-13.1/src/backend/tsearch/spell.c:1860:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->aff, aff, sizeof(AFFIX *) * naff); data/postgresql-13-13.1/src/backend/tsearch/spell.c:1881:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->aff, aff, sizeof(AFFIX *) * naff); data/postgresql-13-13.1/src/backend/tsearch/spell.c:2174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newword[2 * MAXNORMLEN] = ""; data/postgresql-13-13.1/src/backend/tsearch/spell.c:2175:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pnewword[2 * MAXNORMLEN] = ""; data/postgresql-13-13.1/src/backend/tsearch/spell.c:2389:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXNORMLEN]; data/postgresql-13-13.1/src/backend/tsearch/spell.c:2403:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, word + startpos, lenaff); data/postgresql-13-13.1/src/backend/tsearch/to_tsany.c:199:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str + stroff, prs->words[i].word, prs->words[i].len); data/postgresql-13-13.1/src/backend/tsearch/ts_locale.c:39:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t character[WC_BUF_LEN]; data/postgresql-13-13.1/src/backend/tsearch/ts_locale.c:55:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t character[WC_BUF_LEN]; data/postgresql-13-13.1/src/backend/tsearch/ts_locale.c:71:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t character[WC_BUF_LEN]; data/postgresql-13-13.1/src/backend/tsearch/ts_locale.c:87:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t character[WC_BUF_LEN]; data/postgresql-13-13.1/src/backend/tsearch/ts_locale.c:236:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; /* lines must not be longer than this */ data/postgresql-13-13.1/src/backend/tsearch/ts_parse.c:448:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prs->words[prs->curwords].word, buf, buflen); data/postgresql-13-13.1/src/backend/tsearch/ts_parse.c:475:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(prs->words[prs->curwords]), word, sizeof(HeadlineWordEntry)); data/postgresql-13-13.1/src/backend/tsearch/ts_parse.c:629:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, prs->fragdelim, prs->fragdelimlen); data/postgresql-13-13.1/src/backend/tsearch/ts_parse.c:643:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, prs->startsel, prs->startsellen); data/postgresql-13-13.1/src/backend/tsearch/ts_parse.c:646:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, wrd->word, wrd->len); data/postgresql-13-13.1/src/backend/tsearch/ts_parse.c:650:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, prs->stopsel, prs->stopsellen); data/postgresql-13-13.1/src/backend/tsearch/ts_typanalyze.c:270:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(item->key.lexeme, hash_key.lexeme, hash_key.length); data/postgresql-13-13.1/src/backend/tsearch/ts_utils.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sharepath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/tsearch/wparser.c:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[3]; data/postgresql-13-13.1/src/backend/tsearch/wparser.c:91:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txtid[16]; data/postgresql-13-13.1/src/backend/tsearch/wparser.c:94:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(txtid, "%d", st->list[st->cur].lexid); data/postgresql-13-13.1/src/backend/tsearch/wparser.c:200:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(st->list[st->cur].lexeme, lex, llen); data/postgresql-13-13.1/src/backend/tsearch/wparser.c:231:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[2]; data/postgresql-13-13.1/src/backend/tsearch/wparser.c:232:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tid[16]; data/postgresql-13-13.1/src/backend/tsearch/wparser.c:236:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tid, "%d", st->list[st->cur].type); data/postgresql-13-13.1/src/backend/tsearch/wparser_def.c:275:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, prev, sizeof(TParserPosition)); data/postgresql-13-13.1/src/backend/utils/adt/acl.c:244:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/utils/adt/acl.c:245:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name2[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/utils/adt/acl.c:406:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ACL_DAT(result_acl), data/postgresql-13-13.1/src/backend/utils/adt/acl.c:426:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ACL_DAT(result_acl), data/postgresql-13-13.1/src/backend/utils/adt/acl.c:430:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ACL_DAT(result_acl) + ACL_NUM(left_acl), data/postgresql-13-13.1/src/backend/utils/adt/acl.c:611:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(p, "%u", aip->ai_grantee); data/postgresql-13-13.1/src/backend/utils/adt/acl.c:639:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(p, "%u", aip->ai_grantor); data/postgresql-13-13.1/src/backend/utils/adt/acl.c:961:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_acl, old_acl, ACL_SIZE(old_acl)); data/postgresql-13-13.1/src/backend/utils/adt/acl.c:971:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_aip, old_aip, num * sizeof(AclItem)); data/postgresql-13-13.1/src/backend/utils/adt/acl.c:1069:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_aip, old_aip, num * sizeof(AclItem)); data/postgresql-13-13.1/src/backend/utils/adt/acl.c:1170:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(acl, old_acl, ACL_SIZE(old_acl)); data/postgresql-13-13.1/src/backend/utils/adt/array_expanded.c:198:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eah->dims, oldeah->dims, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/array_expanded.c:199:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eah->lbound, oldeah->lbound, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/array_expanded.c:210:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eah->dvalues, oldeah->dvalues, dvalueslen * sizeof(Datum)); data/postgresql-13-13.1/src/backend/utils/adt/array_expanded.c:215:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eah->dnulls, oldeah->dnulls, dvalueslen * sizeof(bool)); data/postgresql-13-13.1/src/backend/utils/adt/array_expanded.c:308:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, eah->fvalue, allocated_size); data/postgresql-13-13.1/src/backend/utils/adt/array_expanded.c:331:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DIMS(aresult), eah->dims, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/array_expanded.c:332:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_LBOUND(aresult), eah->lbound, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/array_userfuncs.c:366:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dims, dims2, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/array_userfuncs.c:367:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lbs, lbs2, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/array_userfuncs.c:394:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dims, dims1, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/array_userfuncs.c:395:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lbs, lbs1, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/array_userfuncs.c:432:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DIMS(result), dims, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/array_userfuncs.c:433:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_LBOUND(result), lbs, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/array_userfuncs.c:435:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DATA_PTR(result), dat1, ndatabytes1); data/postgresql-13-13.1/src/backend/utils/adt/array_userfuncs.c:436:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DATA_PTR(result) + ndatabytes1, dat2, ndatabytes2); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:277:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lBound[ndim] = atoi(p); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:300:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ub = atoi(p); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:409:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DIMS(retval), dim, ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:410:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_LBOUND(retval), lBound, ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:1021:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:1186:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptr, "[%d:%d]", lb[i], lb[i] + dims[i] - 1); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:1407:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DIMS(retval), dim, ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:1408:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_LBOUND(retval), lBound, ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:1681:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDIM * 33 + 1]; data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:1693:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(p, "[%d:%d]", lb[i], dimv[i] + lb[i] - 1); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2148:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DIMS(newarray), span, ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2257:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resultarray, DatumGetPointer(arraydatum), arraytyplen); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2318:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dim, ARR_DIMS(array), ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2319:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lb, ARR_LBOUND(array), ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2421:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DIMS(newarray), dim, ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2422:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_LBOUND(newarray), lb, ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2427:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) newarray + overheadlen, data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2433:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) newarray + overheadlen + lenbefore + newitemlen, data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2518:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dim, eah->dims, ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2519:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lb, eah->lbound, ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2660:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eah->dims, dim, ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2661:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eah->lbound, lb, ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2694:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. oldValue = (char *) DatumGetPointer(dvalues[offset]); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2865:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dim, ARR_DIMS(array), ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:2866:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lb, ARR_LBOUND(array), ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:3020:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DIMS(newarray), dim, ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:3021:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_LBOUND(newarray), lb, ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:3037:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) newarray + overheadlen, data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:3040:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) newarray + overheadlen + lenbefore, data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:3043:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) newarray + overheadlen + lenbefore + newitemsize, data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:3257:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DIMS(result), AARR_DIMS(v), ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:3258:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_LBOUND(result), AARR_LBOUND(v), ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:3396:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DIMS(result), dims, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:3397:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_LBOUND(result), lbs, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:4671:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(destptr, srcptr, numbytes); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:5317:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&astate->dims[1], dims, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:5319:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&astate->lbs[1], lbs, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:5355:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(astate->data + astate->nbytes, data, ndatabytes); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:5445:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DIMS(result), astate->dims, astate->ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:5446:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_LBOUND(result), astate->lbs, astate->ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:5447:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DATA_PTR(result), astate->data, astate->nbytes); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:5775:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DIMS(result), dimv, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:5776:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_LBOUND(result), lbsv, ndims * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:6304:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_DIMS(result), ARR_DIMS(array), ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:6305:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ARR_LBOUND(result), ARR_LBOUND(array), ndim * sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:41:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[128]; data/postgresql-13-13.1/src/backend/utils/adt/cash.c:314:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/postgresql-13-13.1/src/backend/utils/adt/cash.c:393:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bufptr, ssymbol, strlen(ssymbol)); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:949:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/postgresql-13-13.1/src/backend/utils/adt/cash.c:963:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "minus "); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:983:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, " quadrillion "); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:989:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, " trillion "); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:995:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, " billion "); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:1001:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, " million "); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:1007:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, " thousand "); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:1014:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "zero"); data/postgresql-13-13.1/src/backend/utils/adt/cryptohashes.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexsum[MD5_HASH_LEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/cryptohashes.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexsum[MD5_HASH_LEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/cryptohashes.c:82:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[PG_SHA224_DIGEST_LENGTH]; data/postgresql-13-13.1/src/backend/utils/adt/cryptohashes.c:94:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(result), buf, sizeof(buf)); data/postgresql-13-13.1/src/backend/utils/adt/cryptohashes.c:106:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[PG_SHA256_DIGEST_LENGTH]; data/postgresql-13-13.1/src/backend/utils/adt/cryptohashes.c:118:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(result), buf, sizeof(buf)); data/postgresql-13-13.1/src/backend/utils/adt/cryptohashes.c:130:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[PG_SHA384_DIGEST_LENGTH]; data/postgresql-13-13.1/src/backend/utils/adt/cryptohashes.c:142:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(result), buf, sizeof(buf)); data/postgresql-13-13.1/src/backend/utils/adt/cryptohashes.c:154:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[PG_SHA512_DIGEST_LENGTH]; data/postgresql-13-13.1/src/backend/utils/adt/cryptohashes.c:166:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(result), buf, sizeof(buf)); data/postgresql-13-13.1/src/backend/utils/adt/date.c:121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXDATEFIELDS]; data/postgresql-13-13.1/src/backend/utils/adt/date.c:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/date.c:181:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/date.c:1217:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/date.c:1218:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXDATEFIELDS]; data/postgresql-13-13.1/src/backend/utils/adt/date.c:1333:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/date.c:2073:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/date.c:2074:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXDATEFIELDS]; data/postgresql-13-13.1/src/backend/utils/adt/date.c:2101:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/date.c:2800:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzname[TZ_STRLEN_MAX + 1]; data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:1672:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char upabbr[TZ_STRLEN_MAX + 1]; data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:2337:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXDATEFIELDS]; data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:2812:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_mday = atoi(str + (len - 2)); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:2814:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_mon = atoi(str + (len - 4)); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:2816:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_year = atoi(str); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:2831:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_sec = atoi(str + 4); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:2833:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_min = atoi(str + 2); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:2835:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_hour = atoi(str); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:2844:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_min = atoi(str + 2); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:2846:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_hour = atoi(str); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:3911:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, " BC", 3); /* Don't copy NUL */ data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4023:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, " %.*s", MAXTZLEN, tzn); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4050:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, " %.*s", MAXTZLEN, tzn); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4063:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, days[tm->tm_wday], 3); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4070:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, months[tm->tm_mon - 1], 3); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4075:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, months[tm->tm_mon - 1], 3); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4094:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, " %.*s", MAXTZLEN, tzn); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4114:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, " BC", 3); /* Don't copy NUL */ data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4131:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "%d%c", value, units); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4267:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "%c%d-%d %c%d %c%d:%02d:", data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4277:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "%d-%d", year, mon); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4281:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "%d %d:%02d:", mday, hour, min); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4288:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "%d:%02d:", hour, min); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4302:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "PT0S"); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4377:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(cp, " 0"); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4379:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(cp, " ago"); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4624:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[TOKMAXLEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/datum.c:162:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resultptr, vl, realSize); data/postgresql-13-13.1/src/backend/utils/adt/datum.c:175:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resultptr, DatumGetPointer(value), realSize); data/postgresql-13-13.1/src/backend/utils/adt/datum.c:426:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*start_address, &header, sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/datum.c:434:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*start_address, &value, sizeof(Datum)); data/postgresql-13-13.1/src/backend/utils/adt/datum.c:447:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*start_address, tmp, header); data/postgresql-13-13.1/src/backend/utils/adt/datum.c:455:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*start_address, DatumGetPointer(value), header); data/postgresql-13-13.1/src/backend/utils/adt/datum.c:475:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&header, *start_address, sizeof(int)); data/postgresql-13-13.1/src/backend/utils/adt/datum.c:493:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, *start_address, sizeof(Datum)); data/postgresql-13-13.1/src/backend/utils/adt/datum.c:501:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, *start_address, header); data/postgresql-13-13.1/src/backend/utils/adt/dbsize.c:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/utils/adt/dbsize.c:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/adt/dbsize.c:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathname[MAXPGPATH + 21 + sizeof(TABLESPACE_VERSION_DIRECTORY)]; data/postgresql-13-13.1/src/backend/utils/adt/dbsize.c:169:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tblspcPath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/adt/dbsize.c:170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathname[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/utils/adt/dbsize.c:277:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathname[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/adt/dbsize.c:537:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/postgresql-13-13.1/src/backend/utils/adt/expandeddatum.c:61:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA_EXTERNAL(eohptr->eoh_rw_ptr), &ptr, sizeof(ptr)); data/postgresql-13-13.1/src/backend/utils/adt/expandeddatum.c:64:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA_EXTERNAL(eohptr->eoh_ro_ptr), &ptr, sizeof(ptr)); data/postgresql-13-13.1/src/backend/utils/adt/expandedrecord.c:778:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tuphdr, erh->fvalue->t_data, allocated_size); data/postgresql-13-13.1/src/backend/utils/adt/expandedrecord.c:1205:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. oldValue = (char *) DatumGetPointer(dvalues[fnumber - 1]); data/postgresql-13-13.1/src/backend/utils/adt/expandedrecord.c:1337:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. oldValue = (char *) DatumGetPointer(dvalues[fnumber]); data/postgresql-13-13.1/src/backend/utils/adt/expandedrecord.c:1512:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dummy_erh->dvalues, erh->dvalues, data/postgresql-13-13.1/src/backend/utils/adt/expandedrecord.c:1514:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dummy_erh->dnulls, erh->dnulls, data/postgresql-13-13.1/src/backend/utils/adt/format_type.c:460:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(result, ", "); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:198:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char character[MAX_MULTIBYTE_CHAR_LEN + 1]; /* if type is CHAR */ data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:413:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[DCH_CACHE_SIZE + 1]; data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:422:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[NUM_CACHE_SIZE + 1]; data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:1427:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n->character, str, chlen); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:1452:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n->character, str, chlen); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2349:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char copy[DCH_MAX_ITEM_SIZ + 1]; data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2708:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : (tm->tm_hour >= 0) ? 2 : 3, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2716:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : (tm->tm_hour >= 0) ? 2 : 3, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2723:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : (tm->tm_min >= 0) ? 2 : 3, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2730:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : (tm->tm_sec >= 0) ? 2 : 3, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2765:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d", tm->tm_hour * SECS_PER_HOUR + data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2794:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%c%02d", data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2801:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%02d", data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2807:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%c%0*d", data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2814:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, ":%02d", data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2961:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : (tm->tm_mon >= 0) ? 2 : 3, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3074:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : 3, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3083:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : 2, tm->tm_mday); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3090:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d", tm->tm_wday + 1); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3097:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d", (tm->tm_wday == 0) ? 7 : tm->tm_wday); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3103:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : 2, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3110:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : 2, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3119:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d", (tm->tm_mon - 1) / 3 + 1); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3137:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%0*d", S_FM(n->suffix) ? 0 : (i >= 0) ? 2 : 3, i); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3139:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d", i); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3146:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d,%03d", i, data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3154:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%0*d", data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3169:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%0*d", data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3184:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%0*d", data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3199:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%1d", data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3225:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d", (tm->tm_mday - 1) / 7 + 1); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3231:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d", date2j(tm->tm_year, tm->tm_mon, tm->tm_mday)); data/postgresql-13-13.1/src/backend/utils/adt/genfile.c:169:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[1]; data/postgresql-13-13.1/src/backend/utils/adt/genfile.c:626:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/utils/adt/genfile.c:681:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/adt/geo_spgist.c:209:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(next_rect_box, rect_box, sizeof(RectBox)); data/postgresql-13-13.1/src/backend/utils/adt/geo_spgist.c:599:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->distances[i], distances, data/postgresql-13-13.1/src/backend/utils/adt/inet_cidr_ntop.c:176:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char inbuf[16]; data/postgresql-13-13.1/src/backend/utils/adt/inet_cidr_ntop.c:177:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outbuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255/128")]; data/postgresql-13-13.1/src/backend/utils/adt/inet_cidr_ntop.c:200:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inbuf, src, p); data/postgresql-13-13.1/src/backend/utils/adt/inet_net_pton.c:553:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, tmp, NS_IN6ADDRSZ); data/postgresql-13-13.1/src/backend/utils/adt/int.c:121:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->values, int2s, n * sizeof(int16)); data/postgresql-13-13.1/src/backend/utils/adt/int8.c:150:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXINT8LEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/json.c:303:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/json.c:311:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/json.c:319:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/json.c:981:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(result), buffer->data, buflen); data/postgresql-13-13.1/src/backend/utils/adt/json.c:982:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(result) + buflen, addon, addlen); data/postgresql-13-13.1/src/backend/utils/adt/jsonb_gin.c:1330:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hashbuf[10]; data/postgresql-13-13.1/src/backend/utils/adt/jsonb_gin.c:1353:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(item) + 1, str, len); data/postgresql-13-13.1/src/backend/utils/adt/jsonb_util.c:115:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(out), val->val.binary.data, val->val.binary.len); data/postgresql-13-13.1/src/backend/utils/adt/jsonb_util.c:1449:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->data + offset, data, len); data/postgresql-13-13.1/src/backend/utils/adt/jsonb_util.c:1791:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/jsonb_util.c:1908:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, ptr, sizeof(JsonbPair)); data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:142:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[NAMEDATALEN]; /* hash key (MUST BE FIRST) */ data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:580:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cstr, v.val.string.val, v.val.string.len); data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:682:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctxt, context_start, ctxtlen); data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:2864:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, json, len); data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:3530:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, _state->save_json_start, len); data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:3957:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, _state->save_json_start, len); data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_gram.c:1067:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_gram.c:1261:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_scan.c:4111:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scanbuf, str, slen); data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_scan.c:4158:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(scanstring.val + scanstring.len, s, l); data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_scan.c:4216:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[MAX_UNICODE_EQUIVALENT_STRING + 1]; data/postgresql-13-13.1/src/backend/utils/adt/like_match.c:303:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, pat, VARSIZE_ANY(pat)); data/postgresql-13-13.1/src/backend/utils/adt/like_support.c:1020:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(patt, VARDATA_ANY(bstr), pattlen); data/postgresql-13-13.1/src/backend/utils/adt/like_support.c:1558:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(workstr, VARDATA_ANY(bstr), len); data/postgresql-13-13.1/src/backend/utils/adt/like_support.c:1597:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmptxt, workstr, len); data/postgresql-13-13.1/src/backend/utils/adt/like_support.c:1606:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(cmptxt), workstr, len); data/postgresql-13-13.1/src/backend/utils/adt/like_support.c:1756:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(bstr), str, str_len); data/postgresql-13-13.1/src/backend/utils/adt/lockfuncs.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vxidstr[32]; data/postgresql-13-13.1/src/backend/utils/adt/lockfuncs.c:172:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tnbuf[32]; data/postgresql-13-13.1/src/backend/utils/adt/mac.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char junk[2]; data/postgresql-13-13.1/src/backend/utils/adt/mac.c:512:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&res, authoritative, sizeof(macaddr)); data/postgresql-13-13.1/src/backend/utils/adt/mac.c:514:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&res, authoritative, SIZEOF_DATUM); data/postgresql-13-13.1/src/backend/utils/adt/mac8.c:40:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const signed char hexlookup[128] = { data/postgresql-13-13.1/src/backend/utils/adt/misc.c:306:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sourcepath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/adt/misc.c:307:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char targetpath[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/adt/misc.c:436:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[3]; data/postgresql-13-13.1/src/backend/utils/adt/misc.c:740:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lbuffer[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/adt/name.c:62:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NameStr(*result), s, len); data/postgresql-13-13.1/src/backend/utils/adt/name.c:97:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, str, nbytes); data/postgresql-13-13.1/src/backend/utils/adt/name.c:382:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char suffix[20]; data/postgresql-13-13.1/src/backend/utils/adt/name.c:395:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NameStr(*result), NameStr(*nam), namlen); data/postgresql-13-13.1/src/backend/utils/adt/name.c:396:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NameStr(*result) + namlen, suffix, suflen); data/postgresql-13-13.1/src/backend/utils/adt/network.c:144:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255/128")]; data/postgresql-13-13.1/src/backend/utils/adt/network.c:341:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, VARSIZE_ANY(src)); data/postgresql-13-13.1/src/backend/utils/adt/network.c:381:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ip_addr(dst), ip_addr(src), (bits + 7) / 8); data/postgresql-13-13.1/src/backend/utils/adt/network.c:667:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ipaddr_datum32, ip_addr(authoritative), sizeof(uint32)); data/postgresql-13-13.1/src/backend/utils/adt/network.c:681:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ipaddr_datum, ip_addr(authoritative), sizeof(Datum)); data/postgresql-13-13.1/src/backend/utils/adt/network.c:1192:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255/128")]; data/postgresql-13-13.1/src/backend/utils/adt/network.c:1218:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255/128")]; data/postgresql-13-13.1/src/backend/utils/adt/network.c:1241:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255/128")]; data/postgresql-13-13.1/src/backend/utils/adt/network.c:1259:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255.255.255.255/128")]; data/postgresql-13-13.1/src/backend/utils/adt/network.c:1734:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_host[NI_MAXHOST]; data/postgresql-13-13.1/src/backend/utils/adt/network.c:1773:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_port[NI_MAXSERV]; data/postgresql-13-13.1/src/backend/utils/adt/network.c:1810:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_host[NI_MAXHOST]; data/postgresql-13-13.1/src/backend/utils/adt/network.c:1849:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_port[NI_MAXSERV]; data/postgresql-13-13.1/src/backend/utils/adt/network_gist.c:84:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipaddr[16]; /* up to 128 bits of common address */ data/postgresql-13-13.1/src/backend/utils/adt/network_gist.c:485:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gk_ip_addr(result), addr, (commonbits + 7) / 8); data/postgresql-13-13.1/src/backend/utils/adt/network_gist.c:559:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gk_ip_addr(r), ip_addr(in), gk_ip_addrsize(r)); data/postgresql-13-13.1/src/backend/utils/adt/network_gist.c:600:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ip_addr(dst), gk_ip_addr(key), ip_addrsize(dst)); data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:974:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, num, VARSIZE(num)); data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:999:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, num, VARSIZE(num)); data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:1110:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, num, VARSIZE(num)); data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:1138:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, num, VARSIZE(num)); data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:1170:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, num, VARSIZE(num)); data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:1713:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(buf), VARDATA_SHORT(original_varatt), sz); data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:3574:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[DBL_DIG + 100]; data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:3645:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[FLT_DIG + 100]; data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:6135:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->digits, NUMERIC_DIGITS(num), ndigits * sizeof(NumericDigit)); data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:6178:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newbuf + 1, value->digits, data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:6507:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NUMERIC_DIGITS(result), digits, n * sizeof(NumericDigit)); data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:7499:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dividend + 1, var1->digits, var1ndigits * sizeof(NumericDigit)); data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:7500:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(divisor + 1, var2->digits, var2ndigits * sizeof(NumericDigit)); data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:8669:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a1_var.digits, arg->digits + src_idx, data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:8687:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a0_var.digits, arg->digits + src_idx, data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:10112:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new_pos_digits[weightdiff], accum->pos_digits, data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:10116:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&new_neg_digits[weightdiff], accum->neg_digits, data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:10199:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->pos_digits, src->pos_digits, src->ndigits * sizeof(int32)); data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:10200:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->neg_digits, src->neg_digits, src->ndigits * sizeof(int32)); data/postgresql-13-13.1/src/backend/utils/adt/numutils.c:29:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char DIGIT_TABLE[200] = data/postgresql-13-13.1/src/backend/utils/adt/numutils.c:375:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos - 2, DIGIT_TABLE + c0, 2); data/postgresql-13-13.1/src/backend/utils/adt/numutils.c:376:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos - 4, DIGIT_TABLE + c1, 2); data/postgresql-13-13.1/src/backend/utils/adt/numutils.c:387:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos - 2, DIGIT_TABLE + c, 2); data/postgresql-13-13.1/src/backend/utils/adt/numutils.c:396:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos - 2, DIGIT_TABLE + c, 2); data/postgresql-13-13.1/src/backend/utils/adt/numutils.c:465:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos - 2, DIGIT_TABLE + c0, 2); data/postgresql-13-13.1/src/backend/utils/adt/numutils.c:466:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos - 4, DIGIT_TABLE + c1, 2); data/postgresql-13-13.1/src/backend/utils/adt/numutils.c:467:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos - 6, DIGIT_TABLE + d0, 2); data/postgresql-13-13.1/src/backend/utils/adt/numutils.c:468:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos - 8, DIGIT_TABLE + d1, 2); data/postgresql-13-13.1/src/backend/utils/adt/numutils.c:485:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos - 2, DIGIT_TABLE + c0, 2); data/postgresql-13-13.1/src/backend/utils/adt/numutils.c:486:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos - 4, DIGIT_TABLE + c1, 2); data/postgresql-13-13.1/src/backend/utils/adt/numutils.c:496:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos - 2, DIGIT_TABLE + c, 2); data/postgresql-13-13.1/src/backend/utils/adt/numutils.c:504:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pos - 2, DIGIT_TABLE + c, 2); data/postgresql-13-13.1/src/backend/utils/adt/numutils.c:565:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, DIGIT_TABLE + value * 2, 2); data/postgresql-13-13.1/src/backend/utils/adt/oid.c:174:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->values, oids, n * sizeof(Oid)); data/postgresql-13-13.1/src/backend/utils/adt/oid.c:245:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(rp, "%u", oidArray->values[num]); data/postgresql-13-13.1/src/backend/utils/adt/oracle_compat.c:199:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr_ret, ptr2, mlen); data/postgresql-13-13.1/src/backend/utils/adt/oracle_compat.c:212:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr_ret, ptr1, mlen); data/postgresql-13-13.1/src/backend/utils/adt/oracle_compat.c:295:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr_ret, ptr1, mlen); data/postgresql-13-13.1/src/backend/utils/adt/oracle_compat.c:307:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr_ret, ptr2, mlen); data/postgresql-13-13.1/src/backend/utils/adt/oracle_compat.c:599:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(ret), ptr, m); data/postgresql-13-13.1/src/backend/utils/adt/oracle_compat.c:793:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target, p, len); data/postgresql-13-13.1/src/backend/utils/adt/oracle_compat.c:802:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target, source, source_len); data/postgresql-13-13.1/src/backend/utils/adt/oracle_compat.c:1063:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, sp, slen); data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:106:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *localized_abbrev_days[7 + 1]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:107:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *localized_full_days[7 + 1]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:108:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *localized_abbrev_months[12 + 1]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:109:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *localized_full_months[12 + 1]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:119:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lc_collate_envbuf[LC_ENV_BUFSIZE]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:120:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lc_ctype_envbuf[LC_ENV_BUFSIZE]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:123:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lc_messages_envbuf[LC_ENV_BUFSIZE]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:125:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lc_monetary_envbuf[LC_ENV_BUFSIZE]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:126:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lc_numeric_envbuf[LC_ENV_BUFSIZE]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:127:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lc_time_envbuf[LC_ENV_BUFSIZE]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:206:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char save_lc_ctype[LC_ENV_BUFSIZE]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:714:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wformat[8]; /* formats used below need 3 chars */ data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:715:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wbuf[MAX_L10N_DATA]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:721:8: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). len = MultiByteToWideChar(CP_UTF8, 0, format, -1, data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:783:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[(2 * 7 + 2 * 12) * MAX_L10N_DATA]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1013:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t test_locale[LOCALE_NAME_MAX_LENGTH]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1079:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wc_locale_name[LOCALE_NAME_MAX_LENGTH]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1080:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buffer[LOCALE_NAME_MAX_LENGTH]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1081:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char iso_lc_messages[LOCALE_NAME_MAX_LENGTH]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1101:2: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_ACP, 0, winlocname, len, wc_locale_name, data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1116:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t *argv[3]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1153:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char iso_lc_messages[LOCALE_NAME_MAX_LENGTH]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1223:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1690:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[U_MAX_VERSION_STRING_LENGTH]; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1743:3: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_ACP, 0, collcollate, -1, wide_collcollate, data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:2080:13: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). result = MultiByteToWideChar(CP_UTF8, 0, from, fromlen, to, tolen - 1); data/postgresql-13-13.1/src/backend/utils/adt/pg_lsn.c:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPG_LSNLEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/pg_lsn.c:234:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/postgresql-13-13.1/src/backend/utils/adt/pgstatfuncs.c:804:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_host[NI_MAXHOST]; data/postgresql-13-13.1/src/backend/utils/adt/pgstatfuncs.c:805:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_port[NI_MAXSERV]; data/postgresql-13-13.1/src/backend/utils/adt/pgstatfuncs.c:825:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). values[14] = Int32GetDatum(atoi(remote_port)); data/postgresql-13-13.1/src/backend/utils/adt/pgstatfuncs.c:1150:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_host[NI_MAXHOST]; data/postgresql-13-13.1/src/backend/utils/adt/pgstatfuncs.c:1197:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_port[NI_MAXSERV]; data/postgresql-13-13.1/src/backend/utils/adt/rangetypes.c:2455:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, val, data_length); data/postgresql-13-13.1/src/backend/utils/adt/rangetypes.c:2463:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr + 1, VARDATA(val), data_length - 1); data/postgresql-13-13.1/src/backend/utils/adt/rangetypes.c:2470:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, val, data_length); data/postgresql-13-13.1/src/backend/utils/adt/rangetypes.c:2478:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, DatumGetPointer(datum), data_length); data/postgresql-13-13.1/src/backend/utils/adt/rangetypes.c:2486:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, DatumGetPointer(datum), data_length); data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_gist.c:1100:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(by_upper, by_lower, nentries * sizeof(NonEmptyRange)); data/postgresql-13-13.1/src/backend/utils/adt/regexp.c:146:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errMsg[100]; data/postgresql-13-13.1/src/backend/utils/adt/regexp.c:225:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(re_temp.cre_pat, text_re_val, text_re_len); data/postgresql-13-13.1/src/backend/utils/adt/regexp.c:270:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errMsg[100]; data/postgresql-13-13.1/src/backend/utils/adt/regexp.c:777:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, p, mblen); data/postgresql-13-13.1/src/backend/utils/adt/regexp.c:793:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, p, mblen); data/postgresql-13-13.1/src/backend/utils/adt/regexp.c:1509:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errMsg[100]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:345:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pkrelname[MAX_QUOTED_REL_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:346:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attname[MAX_QUOTED_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:347:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[16]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:374:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(paramname, "$%d", i + 1); data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:473:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pkrelname[MAX_QUOTED_REL_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:474:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attname[MAX_QUOTED_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:475:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[16]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:501:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(paramname, "$%d", i + 1); data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:660:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fkrelname[MAX_QUOTED_REL_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:661:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attname[MAX_QUOTED_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:662:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[16]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:691:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(paramname, "$%d", i + 1); data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:767:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fkrelname[MAX_QUOTED_REL_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:768:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attname[MAX_QUOTED_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:769:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[16]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:797:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(paramname, "$%d", i + 1); data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:877:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fkrelname[MAX_QUOTED_REL_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:878:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attname[MAX_QUOTED_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:879:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[16]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:916:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(paramname, "$%d", j + 1); data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1058:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fkrelname[MAX_QUOTED_REL_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1059:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attname[MAX_QUOTED_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1060:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramname[16]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1096:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(paramname, "$%d", i + 1); data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1299:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pkrelname[MAX_QUOTED_REL_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1300:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fkrelname[MAX_QUOTED_REL_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1301:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pkattname[MAX_QUOTED_NAME_LEN + 3]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1302:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fkattname[MAX_QUOTED_NAME_LEN + 3]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1309:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workmembuf[32]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1398:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pkattname, "pk."); data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1399:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(fkattname, "fk."); data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1524:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fake_riinfo, riinfo, sizeof(RI_ConstraintInfo)); data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1580:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pkrelname[MAX_QUOTED_REL_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1581:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fkrelname[MAX_QUOTED_REL_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1582:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pkattname[MAX_QUOTED_NAME_LEN + 3]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1583:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fkattname[MAX_QUOTED_NAME_LEN + 3]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1587:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workmembuf[32]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1633:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pkattname, "pk."); data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1634:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(fkattname, "fk."); data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1764:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fake_riinfo, riinfo, sizeof(RI_ConstraintInfo)); data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1865:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char onename[MAX_QUOTED_NAME_LEN]; data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:2056:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&riinfo->conname, &conForm->conname, sizeof(NameData)); data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:2197:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nulls[RI_MAX_NUMKEYS * 2]; data/postgresql-13-13.1/src/backend/utils/adt/rowtypes.c:287:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, tuple->t_data, tuple->t_len); data/postgresql-13-13.1/src/backend/utils/adt/rowtypes.c:635:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, tuple->t_data, tuple->t_len); data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:297:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NAMEDATALEN]; /* Hash key --- must be first */ data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:535:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nulls[1]; data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:728:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nulls[2]; data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:2496:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(NameStr(*result), "unknown (OID=%u)", roleid); data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:3562:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(modname, refname, refnamelen); data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:3563:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(modname + refnamelen, "_%d", hentry->counter); data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:4446:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(modname, colname, colnamelen); data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:4447:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(modname + colnamelen, "_%d", i); data/postgresql-13-13.1/src/backend/utils/adt/tid.c:58:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, data/postgresql-13-13.1/src/backend/utils/adt/tid.c:112:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:159:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXDATEFIELDS]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[MAXDATELEN + MAXDATEFIELDS]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:213:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:417:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXDATEFIELDS]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:419:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[MAXDATELEN + MAXDATEFIELDS]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:470:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzname[TZ_STRLEN_MAX + 1]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:770:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:892:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXDATEFIELDS]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:894:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[256]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:959:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:1623:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char templ[128]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:1624:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:1738:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:4088:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzname[TZ_STRLEN_MAX + 1]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:5014:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzname[TZ_STRLEN_MAX + 1]; data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:5268:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzname[TZ_STRLEN_MAX + 1]; data/postgresql-13-13.1/src/backend/utils/adt/tsgistidx.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/backend/utils/adt/tsgistidx.c:159:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(GETSIGN(res), sign, len); data/postgresql-13-13.1/src/backend/utils/adt/tsgistidx.c:578:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) item->sign, (void *) GETSIGN(key), siglen); data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:618:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) state->curop, (void *) strval, lenval); data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:899:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ptr[i], item, sizeof(QueryOperand)); data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:905:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ptr[i], item, sizeof(QueryOperator)); data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:914:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) GETOPERAND(query), (void *) state.op, state.sumlen); data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:1051:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(in->cur, "( "); data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:1064:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(in->cur, " )"); data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:1083:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(in->cur, "( "); data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:1125:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(in->cur, " )"); data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:1328:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, operands[i], item->qoperand.length + 1); data/postgresql-13-13.1/src/backend/utils/adt/tsquery_cleanup.c:71:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) &(state->ptr[state->cur]), (void *) node->valnode, sizeof(QueryItem)); data/postgresql-13-13.1/src/backend/utils/adt/tsquery_cleanup.c:426:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(GETQUERY(out), items, len * sizeof(QueryItem)); data/postgresql-13-13.1/src/backend/utils/adt/tsquery_cleanup.c:437:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(operands, GETOPERAND(in) + op->distance, op->length); data/postgresql-13-13.1/src/backend/utils/adt/tsquery_op.c:284:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, operand + ptr->qoperand.distance, len); data/postgresql-13-13.1/src/backend/utils/adt/tsquery_util.c:234:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(in->child + i, cc->child, cc->nchild * sizeof(QTNode *)); data/postgresql-13-13.1/src/backend/utils/adt/tsquery_util.c:329:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->curitem, in->valnode, sizeof(QueryOperand)); data/postgresql-13-13.1/src/backend/utils/adt/tsquery_util.c:331:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->curoperand, in->word, in->valnode->qoperand.length); data/postgresql-13-13.1/src/backend/utils/adt/tsquery_util.c:343:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->curitem, in->valnode, sizeof(QueryOperator)); data/postgresql-13-13.1/src/backend/utils/adt/tsquery_util.c:412:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->word, in->word, in->valnode->qoperand.length); data/postgresql-13-13.1/src/backend/utils/adt/tsvector.c:130:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, ptr, sizeof(WordEntryIN)); data/postgresql-13-13.1/src/backend/utils/adt/tsvector.c:141:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&res->pos[res->poslen], ptr->pos, data/postgresql-13-13.1/src/backend/utils/adt/tsvector.c:244:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) cur, (void *) token, toklen); data/postgresql-13-13.1/src/backend/utils/adt/tsvector.c:283:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(strbuf + stroff, &tmpbuf[arr[i].entry.pos], arr[i].entry.len); data/postgresql-13-13.1/src/backend/utils/adt/tsvector.c:297:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(strbuf + stroff, arr[i].pos, arr[i].poslen * sizeof(WordEntryPos)); data/postgresql-13-13.1/src/backend/utils/adt/tsvector.c:360:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. curout += sprintf(curout, "%d", WEP_GETPOS(*wptr)); data/postgresql-13-13.1/src/backend/utils/adt/tsvector.c:504:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(STRPTR(vec) + datalen, lexeme, lex_len); data/postgresql-13-13.1/src/backend/utils/adt/tsvector.c:530:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(STRPTR(vec) + datalen, &npos, sizeof(uint16)); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lexeme[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:185:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cur, STRPTR(in) + arrin[i].pos, arrin[i].len); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:242:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, in, VARSIZE(in)); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:308:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tsout, tsin, VARSIZE(tsin)); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:518:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dataout + curoff, data + arrin[i].pos, arrin[i].len); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:529:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dataout + curoff, data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:798:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cur, lex, lex_len); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:901:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dataout + cur_pos, datain + arrin[i].pos, arrin[i].len); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:993:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + dataoff, data1 + ptr1->pos, ptr1->len); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:999:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + dataoff, _POSVECPTR(in1, ptr1), POSDATALEN(in1, ptr1) * sizeof(WordEntryPos) + sizeof(uint16)); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:1011:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + dataoff, data2 + ptr2->pos, ptr2->len); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:1035:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + dataoff, data1 + ptr1->pos, ptr1->len); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:1043:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + dataoff, _POSVECPTR(in1, ptr1), POSDATALEN(in1, ptr1) * sizeof(WordEntryPos) + sizeof(uint16)); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:1074:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + dataoff, data1 + ptr1->pos, ptr1->len); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:1080:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + dataoff, _POSVECPTR(in1, ptr1), POSDATALEN(in1, ptr1) * sizeof(WordEntryPos) + sizeof(uint16)); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:1093:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + dataoff, data2 + ptr2->pos, ptr2->len); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:1398:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(allpos + npos, data->pos, sizeof(WordEntryPos) * data->npos); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:2168:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->lexeme, STRPTR(txt) + we->pos, node->lenlexeme); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:2362:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[3]; data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:2363:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ndoc[16]; data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:2364:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nentry[16]; data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:2368:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(values[0], entry->lexeme, entry->lenlexeme); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:2370:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ndoc, "%d", entry->ndoc); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_op.c:2372:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nentry, "%d", entry->nentry); data/postgresql-13-13.1/src/backend/utils/adt/tsvector_parser.c:313:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). WEP_SETPOS(pos[npos - 1], LIMITPOS(atoi(state->prsbuf))); data/postgresql-13-13.1/src/backend/utils/adt/uuid.c:105:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_buf[3]; data/postgresql-13-13.1/src/backend/utils/adt/uuid.c:109:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str_buf, src, 2); data/postgresql-13-13.1/src/backend/utils/adt/uuid.c:147:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uuid->data, pq_getmsgbytes(buffer, UUID_LEN), UUID_LEN); data/postgresql-13-13.1/src/backend/utils/adt/uuid.c:374:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&res, authoritative->data, sizeof(Datum)); data/postgresql-13-13.1/src/backend/utils/adt/varbit.c:414:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARBITS(result), VARBITS(arg), data/postgresql-13-13.1/src/backend/utils/adt/varbit.c:764:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARBITS(result), VARBITS(arg), VARBITBYTES(result)); data/postgresql-13-13.1/src/backend/utils/adt/varbit.c:1002:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARBITS(result), VARBITS(arg1), VARBITBYTES(arg1)); data/postgresql-13-13.1/src/backend/utils/adt/varbit.c:1008:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARBITS(result) + VARBITBYTES(arg1), VARBITS(arg2), data/postgresql-13-13.1/src/backend/utils/adt/varbit.c:1113:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARBITS(result), VARBITS(arg) + (s1 - 1) / BITS_PER_BYTE, data/postgresql-13-13.1/src/backend/utils/adt/varbit.c:1414:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, p, len); data/postgresql-13-13.1/src/backend/utils/adt/varbit.c:1485:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, p, len); data/postgresql-13-13.1/src/backend/utils/adt/varbit.c:1823:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, p, VARBITBYTES(arg1)); data/postgresql-13-13.1/src/backend/utils/adt/varchar.c:180:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, s, len); data/postgresql-13-13.1/src/backend/utils/adt/varchar.c:337:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, s, len); data/postgresql-13-13.1/src/backend/utils/adt/varchar.c:393:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NameStr(*result), s_data, len); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:189:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(result), s, len); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:213:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, VARDATA_ANY(tunpacked), len); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:249:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, VARDATA_ANY(srcunpacked), dst_len); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:531:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(result), state->data, state->len); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:754:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, VARDATA_ANY(t1), len1); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:756:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr + len1, VARDATA_ANY(t2), len2); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:1023:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(ret), s, (p - s)); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:1514:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a1buf[TEXTBUFLEN]; data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:1515:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a2buf[TEXTBUFLEN]; data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:1570:9: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). r = MultiByteToWideChar(CP_UTF8, 0, arg1, len1, data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:1583:9: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). r = MultiByteToWideChar(CP_UTF8, 0, arg2, len2, data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:1631:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a1p, arg1, len1); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:1633:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a2p, arg2, len2); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:2327:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sss->buf1, a1p, len1); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:2340:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sss->buf2, a2p, len2); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:2494:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pres, authoritative_data, Min(len, sizeof(Datum))); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:2520:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pres, sss->buf2, Min(sizeof(Datum), sss->last_len2)); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:2525:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sss->buf1, authoritative_data, len); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:2615:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pres, sss->buf2, Min(sizeof(Datum), bsize)); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3227:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, VARDATA_ANY(t1), len1); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3229:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr + len1, VARDATA_ANY(t2), len2); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3453:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. byte = ((unsigned char *) VARDATA_ANY(v))[n]; data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3488:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. byte = ((unsigned char *) VARDATA_ANY(v))[byteNo]; data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3523:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) VARDATA(res))[n] = newByte; data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3571:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. oldByte = ((unsigned char *) VARDATA(res))[byteNo]; data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3578:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) VARDATA(res))[byteNo] = newByte; data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3602:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NameStr(*result), VARDATA_ANY(s), len); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:4487:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errMsg[100]; data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:5040:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; /* bigger than needed, but reasonable */ data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:5064:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; /* bigger than needed, but reasonable */ data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:5431:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, p, sz); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:6062:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/postgresql-13-13.1/src/backend/utils/adt/xid8funcs.c:635:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(snap, arg, VARSIZE(arg)); data/postgresql-13-13.1/src/backend/utils/adt/xml.c:378:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(result), str, nbytes); data/postgresql-13-13.1/src/backend/utils/adt/xml.c:1162:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, str, len * sizeof(xmlChar)); data/postgresql-13-13.1/src/backend/utils/adt/xml.c:1174:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, str, len); data/postgresql-13-13.1/src/backend/utils/adt/xml.c:2108:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[MAX_UNICODE_EQUIVALENT_STRING + 1]; data/postgresql-13-13.1/src/backend/utils/adt/xml.c:2203:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/xml.c:2224:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/xml.c:2251:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/backend/utils/adt/xml.c:2390:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, s, len); data/postgresql-13-13.1/src/backend/utils/cache/attoptcache.c:156:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opts, bytea_opts, VARSIZE(bytea_opts)); data/postgresql-13-13.1/src/backend/utils/cache/attoptcache.c:176:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, attopt->opts, VARSIZE(attopt->opts)); data/postgresql-13-13.1/src/backend/utils/cache/catcache.c:1336:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cur_skey, cache->cc_skey, sizeof(ScanKeyData) * nkeys); data/postgresql-13-13.1/src/backend/utils/cache/catcache.c:1624:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cur_skey, cache->cc_skey, sizeof(ScanKeyData) * cache->cc_nkeys); data/postgresql-13-13.1/src/backend/utils/cache/catcache.c:1843:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) ct->tuple.t_data, data/postgresql-13-13.1/src/backend/utils/cache/inval.c:809:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(SharedInvalidMessagesArray + numSharedInvalidMessagesArray, data/postgresql-13-13.1/src/backend/utils/cache/lsyscache.c:1624:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*argtypes, procstruct->proargtypes.values, *nargs * sizeof(Oid)); data/postgresql-13-13.1/src/backend/utils/cache/partcache.c:188:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key->partattrs, attrs, key->partnatts * sizeof(int16)); data/postgresql-13-13.1/src/backend/utils/cache/plancache.c:419:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(plansource->param_types, param_types, num_params * sizeof(Oid)); data/postgresql-13-13.1/src/backend/utils/cache/plancache.c:1536:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newsource->param_types, plansource->param_types, data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:416:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(relationForm, relp, CLASS_TUPLE_SIZE); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:485:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(relation->rd_options, options, VARSIZE(options)); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:562:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(TupleDescAttr(relation->rd_att, attnum - 1), data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:1361:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cached, tmp, sizeof(IndexAmRoutine)); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:1480:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(relation->rd_indcollation, indcoll->values, indnkeyatts * sizeof(Oid)); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:1512:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(relation->rd_indoption, indoption->values, indnkeyatts * sizeof(int16)); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:1565:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&indexSupport[attIndex * maxSupportNumber], data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:1904:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(TupleDescAttr(relation->rd_att, i), data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:2205:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(relation->rd_rel, relp, CLASS_TUPLE_SIZE); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:2325:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(relation->rd_rel, relp, CLASS_TUPLE_SIZE); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:2619:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmpstruct, newrel, sizeof(RelationData)); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:2620:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newrel, relation, sizeof(RelationData)); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:2621:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(relation, &tmpstruct, sizeof(RelationData)); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:2638:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(relation->rd_rel, newrel->rd_rel, CLASS_TUPLE_SIZE); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:4030:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) relation->rd_rel, (char *) relp, CLASS_TUPLE_SIZE); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:4195:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(TupleDescAttr(result, i), &attrs[i], ATTRIBUTE_FIXED_PART_SIZE); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:5208:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ops, indexRelation->rd_exclops, sizeof(Oid) * indnkeyatts); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:5209:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(funcs, indexRelation->rd_exclprocs, sizeof(Oid) * indnkeyatts); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:5210:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(strats, indexRelation->rd_exclstrats, sizeof(uint16) * indnkeyatts); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:5268:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ops, ARR_DATA_PTR(arr), sizeof(Oid) * indnkeyatts); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:5295:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(indexRelation->rd_exclops, ops, sizeof(Oid) * indnkeyatts); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:5296:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(indexRelation->rd_exclprocs, funcs, sizeof(Oid) * indnkeyatts); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:5297:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(indexRelation->rd_exclstrats, strats, sizeof(uint16) * indnkeyatts); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:5320:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return memcpy(pubactions, relation->rd_pubactions, data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:5379:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(relation->rd_pubactions, pubactions, sizeof(PublicationActions)); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:5617:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char initfilename[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:6033:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempfilename[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:6034:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char finalfilename[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:6299:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localinitfname[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:6300:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sharedinitfname[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:6342:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH + 10 + sizeof(TABLESPACE_VERSION_DIRECTORY)]; data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:6374:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char initfilename[MAXPGPATH * 2]; data/postgresql-13-13.1/src/backend/utils/cache/relmapper.c:701:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mapfilename[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/cache/relmapper.c:802:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mapfilename[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/cache/relmapper.c:932:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(realmap, newmap, sizeof(RelMapFile)); data/postgresql-13-13.1/src/backend/utils/cache/relmapper.c:969:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newmap, &shared_map, sizeof(RelMapFile)); data/postgresql-13-13.1/src/backend/utils/cache/relmapper.c:971:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newmap, &local_map, sizeof(RelMapFile)); data/postgresql-13-13.1/src/backend/utils/cache/spccache.c:155:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opts, bytea_opts, VARSIZE(bytea_opts)); data/postgresql-13-13.1/src/backend/utils/cache/ts_cache.c:507:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(maplists[maxtokentype].dictIds, mapdicts, data/postgresql-13-13.1/src/backend/utils/cache/ts_cache.c:534:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(maplists[maxtokentype].dictIds, mapdicts, data/postgresql-13-13.1/src/backend/utils/cache/ts_cache.c:541:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entry->map, maplists, data/postgresql-13-13.1/src/backend/utils/cache/typcache.c:2549:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(enumdata->enum_values, items, numitems * sizeof(EnumItem)); data/postgresql-13-13.1/src/backend/utils/error/elog.c:158:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char formatted_start_time[FORMATTED_TS_LEN]; data/postgresql-13-13.1/src/backend/utils/error/elog.c:159:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char formatted_log_time[FORMATTED_TS_LEN]; data/postgresql-13-13.1/src/backend/utils/error/elog.c:1489:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newedata, edata, sizeof(ErrorData)); data/postgresql-13-13.1/src/backend/utils/error/elog.c:1674:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newedata, edata, sizeof(ErrorData)); data/postgresql-13-13.1/src/backend/utils/error/elog.c:1854:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(OutputFileName, O_CREAT | O_APPEND | O_WRONLY, data/postgresql-13-13.1/src/backend/utils/error/elog.c:1964:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PG_SYSLOG_LIMIT + 1]; data/postgresql-13-13.1/src/backend/utils/error/elog.c:1984:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, line, buflen); data/postgresql-13-13.1/src/backend/utils/error/elog.c:2215:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msbuf[13]; data/postgresql-13-13.1/src/backend/utils/error/elog.c:2236:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msbuf, ".%03d", (int) (saved_timeval.tv_usec / 1000)); data/postgresql-13-13.1/src/backend/utils/error/elog.c:2237:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(formatted_log_time + 19, msbuf, 4); data/postgresql-13-13.1/src/backend/utils/error/elog.c:2436:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strfbuf[128]; data/postgresql-13-13.1/src/backend/utils/error/elog.c:2467:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strfbuf[128]; data/postgresql-13-13.1/src/backend/utils/error/elog.c:2480:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strfbuf[128]; data/postgresql-13-13.1/src/backend/utils/error/elog.c:2586:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strfbuf[128]; data/postgresql-13-13.1/src/backend/utils/error/elog.c:2857:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[12]; data/postgresql-13-13.1/src/backend/utils/error/elog.c:3125:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p.proto.data, data, PIPE_MAX_PAYLOAD); data/postgresql-13-13.1/src/backend/utils/error/elog.c:3135:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p.proto.data, data, len); data/postgresql-13-13.1/src/backend/utils/error/elog.c:3176:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[12]; data/postgresql-13-13.1/src/backend/utils/error/elog.c:3428:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[2048]; /* Arbitrary size? */ data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varName[NAMEDATALEN]; /* hash key (must be first) */ data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FLEXIBLE_ARRAY_MEMBER]; /* Full pathname of file */ data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:318:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char library_version[32]; data/postgresql-13-13.1/src/backend/utils/fmgr/fmgr.c:615:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstinfo, srcinfo, sizeof(FmgrInfo)); data/postgresql-13-13.1/src/backend/utils/fmgr/fmgr.c:1745:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, datum, len); data/postgresql-13-13.1/src/backend/utils/fmgr/funcapi.c:1129:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*p_argtypes, ARR_DATA_PTR(arr), data/postgresql-13-13.1/src/backend/utils/fmgr/funcapi.c:1138:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*p_argtypes, procStruct->proargtypes.values, data/postgresql-13-13.1/src/backend/utils/fmgr/funcapi.c:1175:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*p_argmodes, ARR_DATA_PTR(arr), data/postgresql-13-13.1/src/backend/utils/fmgr/funcapi.c:1216:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*p_trftypes, ARR_DATA_PTR(arr), data/postgresql-13-13.1/src/backend/utils/hash/dynahash.c:403:20: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. hashp->keycopy = memcpy; data/postgresql-13-13.1/src/backend/utils/hash/dynahash.c:1623:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, old_p, old_dirsize); data/postgresql-13-13.1/src/backend/utils/init/globals.c:70:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char OutputFileName[MAXPGPATH]; /* debugging output file */ data/postgresql-13-13.1/src/backend/utils/init/globals.c:72:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char my_exec_path[MAXPGPATH]; /* full path to my executable */ data/postgresql-13-13.1/src/backend/utils/init/globals.c:73:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pkglib_path[MAXPGPATH]; /* full path to lib directory */ data/postgresql-13-13.1/src/backend/utils/init/globals.c:76:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char postgres_exec_path[MAXPGPATH]; /* full path to backend */ data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:945:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAXPGPATH * 2 + 256]; data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:988:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). my_gp_pid = atoi(envvar); data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1005:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDWR | O_CREAT | O_EXCL, pg_file_create_mode); data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1022:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY, pg_file_create_mode); data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1050:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). encoded_pid = atoi(buffer); data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1257:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lockfile[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1308:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char srcbuffer[BLCKSZ]; data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1309:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char destbuffer[BLCKSZ]; data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1311:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(DIRECTORY_LOCK_FILE, O_RDWR | PG_BINARY, 0); data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1347:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(destbuffer, srcbuffer, srcptr - srcbuffer); data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1433:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BLCKSZ]; data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1435:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(DIRECTORY_LOCK_FILE, O_RDWR | PG_BINARY, 0); data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1476:13: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). file_pid = atol(buffer); data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1502:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1508:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_version_string[64]; data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1658:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char locale_path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/init/postinit.c:596:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbname[NAMEDATALEN]; data/postgresql-13-13.1/src/backend/utils/mb/iso.c:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char koitab[128], data/postgresql-13-13.1/src/backend/utils/mb/iso.c:18:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:539:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(retval), dest_str, len); data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:808:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c_as_utf8[MAX_MULTIBYTE_CHAR_LEN + 1]; data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:1578:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8 * 5 + 1]; data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:1588:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "0x%02x", (unsigned char) mbstr[j]); data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:1611:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8 * 5 + 1]; data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:1621:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "0x%02x", (unsigned char) mbstr[j]); data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:1664:12: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). dstlen = MultiByteToWideChar(codepage, 0, str, len, utf16, len); data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:1688:12: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). dstlen = MultiByteToWideChar(CP_UTF8, 0, utf8, len, utf16, len); data/postgresql-13-13.1/src/backend/utils/mb/win1251.c:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char koitab[128], data/postgresql-13-13.1/src/backend/utils/mb/win1251.c:18:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/postgresql-13-13.1/src/backend/utils/mb/win866.c:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char koitab[128], data/postgresql-13-13.1/src/backend/utils/mb/win866.c:18:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/postgresql-13-13.1/src/backend/utils/misc/guc-file.c:2525:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char abs_path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/misc/guc-file.c:3024:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:824:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unit[MAX_UNIT_LEN + 1]; /* unit, as a string, like "kB" or data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5423:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char limbuf[16]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5426:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(limbuf, "%ld", new_limit); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:6290:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unitstr[MAX_UNIT_LEN + 1]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:6444:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char bbuf[8]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:6453:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char xbuf[8]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:7763:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[256]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:7819:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[256]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:8163:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char AutoConfFileName[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:8164:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char AutoConfTmpFileName[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:9261:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:9621:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[NUM_PG_SETTINGS_ATTS]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:9784:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:10313:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*destptr, val, valsize); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:10414:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(start_address, &actual_size, sizeof(actual_size)); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:10452:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, *srcptr, size); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:10511:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *error_context_name_and_value[2]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11208:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*extra, newwalconsistency, (RM_MAX_ID + 1) * sizeof(bool)); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11477:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nbuf[16]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11494:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nbuf[16]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11511:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nbuf[16]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11528:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nbuf[16]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11676:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[12]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11685:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[12]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11694:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[12]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11925:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXDATEFIELDS]; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11927:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[MAXDATELEN + MAXDATEFIELDS]; data/postgresql-13-13.1/src/backend/utils/misc/pg_config.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[2]; data/postgresql-13-13.1/src/backend/utils/misc/pg_controldata.c:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfilename[MAXFNAMELEN]; data/postgresql-13-13.1/src/backend/utils/misc/pg_rusage.c:42:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char result[100]; data/postgresql-13-13.1/src/backend/utils/misc/ps_status.c:98:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ps_buffer[PS_BUFFER_SIZE]; data/postgresql-13-13.1/src/backend/utils/misc/ps_status.c:409:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[PS_BUFFER_SIZE + 32]; data/postgresql-13-13.1/src/backend/utils/misc/tzparser.c:258:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arrayptr, entry, sizeof(tzEntry)); data/postgresql-13-13.1/src/backend/utils/misc/tzparser.c:278:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char share_path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/misc/tzparser.c:279:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/misc/tzparser.c:281:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzbuf[1024]; data/postgresql-13-13.1/src/backend/utils/mmgr/aset.c:188:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding[MAXIMUM_ALIGNOF - ALLOCCHUNK_RAWSIZE % MAXIMUM_ALIGNOF]; data/postgresql-13-13.1/src/backend/utils/mmgr/aset.c:1288:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newPointer, pointer, oldsize); data/postgresql-13-13.1/src/backend/utils/mmgr/aset.c:1376:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stats_string[200]; data/postgresql-13-13.1/src/backend/utils/mmgr/freepage.c:728:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&btp->u.leaf_key[btp->hdr.nused], &np->u.leaf_key[0], data/postgresql-13-13.1/src/backend/utils/mmgr/freepage.c:734:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&btp->u.internal_key[btp->hdr.nused], &np->u.internal_key[0], data/postgresql-13-13.1/src/backend/utils/mmgr/freepage.c:753:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&np->u.leaf_key[np->hdr.nused], &btp->u.leaf_key[0], data/postgresql-13-13.1/src/backend/utils/mmgr/freepage.c:759:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&np->u.internal_key[np->hdr.nused], &btp->u.internal_key[0], data/postgresql-13-13.1/src/backend/utils/mmgr/freepage.c:1212:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newsibling->u.leaf_key, data/postgresql-13-13.1/src/backend/utils/mmgr/freepage.c:1218:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newsibling->u.internal_key, data/postgresql-13-13.1/src/backend/utils/mmgr/generation.c:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding[MAXIMUM_ALIGNOF - GENERATIONCHUNK_RAWSIZE % MAXIMUM_ALIGNOF]; data/postgresql-13-13.1/src/backend/utils/mmgr/generation.c:624:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newPointer, pointer, oldsize); data/postgresql-13-13.1/src/backend/utils/mmgr/generation.c:701:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stats_string[200]; data/postgresql-13-13.1/src/backend/utils/mmgr/mcxt.c:1180:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nstr, string, len); data/postgresql-13-13.1/src/backend/utils/mmgr/mcxt.c:1204:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, in, len); data/postgresql-13-13.1/src/backend/utils/mmgr/portalmem.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portalname[MAX_PORTALNAME_LEN]; data/postgresql-13-13.1/src/backend/utils/mmgr/portalmem.c:238:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portalname[MAX_PORTALNAME_LEN]; data/postgresql-13-13.1/src/backend/utils/mmgr/portalmem.c:244:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(portalname, "<unnamed portal %u>", unnamed_portal_count); data/postgresql-13-13.1/src/backend/utils/mmgr/slab.c:668:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stats_string[200]; data/postgresql-13-13.1/src/backend/utils/sort/logtape.c:558:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/sort/logtape.c:720:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/sort/logtape.c:837:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lt->buffer + lt->pos, ptr, nthistime); data/postgresql-13-13.1/src/backend/utils/sort/logtape.c:1003:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, lt->buffer + lt->pos, nthistime); data/postgresql-13-13.1/src/backend/utils/sort/sharedtuplestore.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/backend/utils/sort/sharedtuplestore.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[NAMEDATALEN]; /* A name for this tuplestore. */ data/postgresql-13-13.1/src/backend/utils/sort/sharedtuplestore.c:309:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/sort/sharedtuplestore.c:360:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(accessor->write_pointer, meta_data, data/postgresql-13-13.1/src/backend/utils/sort/sharedtuplestore.c:369:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(accessor->write_pointer + accessor->sts->meta_data_size, data/postgresql-13-13.1/src/backend/utils/sort/sharedtuplestore.c:389:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(accessor->write_pointer, (char *) tuple + written, data/postgresql-13-13.1/src/backend/utils/sort/sharedtuplestore.c:401:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(accessor->write_pointer, meta_data, data/postgresql-13-13.1/src/backend/utils/sort/sharedtuplestore.c:403:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(accessor->write_pointer + accessor->sts->meta_data_size, tuple, data/postgresql-13-13.1/src/backend/utils/sort/sharedtuplestore.c:558:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/sort/tuplesort.c:201:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[SLAB_SLOT_SIZE]; data/postgresql-13-13.1/src/backend/utils/time/combocid.c:332:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(start_address + sizeof(int), comboCids, data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:597:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(CurrentSnapshot->xip, sourcesnap->xip, data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:601:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(CurrentSnapshot->subxip, sourcesnap->subxip, data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:677:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newsnap, snapshot, sizeof(SnapshotData)); data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:687:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newsnap->xip, snapshot->xip, data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:703:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newsnap->subxip, snapshot->subxip, data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:1202:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:1203:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathtmp[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:1464:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:1652:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPGPATH + sizeof(SNAPSHOT_EXPORT_DIR)]; data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:2128:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(start_address, data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:2133:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((TransactionId *) (start_address + data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:2148:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((TransactionId *) (start_address + subxipoff), data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:2168:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&serialized_snapshot, start_address, data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:2197:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(snapshot->xip, serialized_xids, data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:2206:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(snapshot->subxip, serialized_xids + serialized_snapshot.xcnt, data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:27:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tzdirpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[MAXPGPATH]; data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:78:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(fullname, O_RDONLY | PG_BINARY, 0); data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:239:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[TZ_STRLEN_MAX + 1]; data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:332:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char resultbuf[TZ_STRLEN_MAX + 1]; data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:339:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmptzdir[MAXPGPATH]; data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:341:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char std_zone_name[TZ_STRLEN_MAX + 1], data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:343:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[TZ_STRLEN_MAX + 1]; data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:547:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char link_target[MAXPGPATH]; data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:1512:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzname[128]; data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:1513:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localtzname[256]; data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:1564:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyname[256]; data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:1565:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zonename[256]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:166:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char infoversion[100]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:228:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char bin_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:229:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char backend_exec[MAXPGPATH]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:287:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. #define PG_CMD_DECL char cmd[MAXPGPATH]; FILE *cmdfd data/postgresql-13-13.1/src/bin/initdb/initdb.c:364:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(resultp, "\\042"); data/postgresql-13-13.1/src/bin/initdb/initdb.c:418:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. newline = (char *) pg_malloc(strlen(lines[i]) + diff + 1); data/postgresql-13-13.1/src/bin/initdb/initdb.c:422:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newline, lines[i], pre); data/postgresql-13-13.1/src/bin/initdb/initdb.c:424:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newline + pre, replacement, replen); data/postgresql-13-13.1/src/bin/initdb/initdb.c:479:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((infile = fopen(path, "r")) == NULL) data/postgresql-13-13.1/src/bin/initdb/initdb.c:534:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out_file = fopen(path, "w")) == NULL) data/postgresql-13-13.1/src/bin/initdb/initdb.c:653:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[20]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:655:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result, "%d", enc); data/postgresql-13-13.1/src/bin/initdb/initdb.c:844:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((version_file = fopen(path, PG_BINARY_W)) == NULL) data/postgresql-13-13.1/src/bin/initdb/initdb.c:869:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). conf_file = fopen(path, PG_BINARY_W); data/postgresql-13-13.1/src/bin/initdb/initdb.c:906:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:953:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXPGPATH]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:1070:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char repltok[MAXPGPATH]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:1071:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:1072:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *autoconflines[3]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:1134:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(repltok, "datestyle = 'iso, ymd'"); data/postgresql-13-13.1/src/bin/initdb/initdb.c:1137:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(repltok, "datestyle = 'iso, dmy'"); data/postgresql-13-13.1/src/bin/initdb/initdb.c:1141:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(repltok, "datestyle = 'iso, mdy'"); data/postgresql-13-13.1/src/bin/initdb/initdb.c:1366:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char headerline[MAXPGPATH]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:1367:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:1391:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", NAMEDATALEN); data/postgresql-13-13.1/src/bin/initdb/initdb.c:1394:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", (int) sizeof(Pointer)); data/postgresql-13-13.1/src/bin/initdb/initdb.c:1472:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pwd1[100]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:1473:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pwd2[100]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:1500:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *pwf = fopen(pwfilename, "r"); data/postgresql-13-13.1/src/bin/initdb/initdb.c:2076:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:2428:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/initdb/initdb.c:2998:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pg_ctl_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_archivecleanup/pg_archivecleanup.c:30:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exclusiveCleanupFileName[MAXFNAMELEN]; /* the oldest file we want data/postgresql-13-13.1/src/bin/pg_archivecleanup/pg_archivecleanup.c:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char walfile[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_archivecleanup/pg_archivecleanup.c:124:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char WALFilePath[MAXPGPATH * 2]; /* the file path data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_dir[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_dir[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:63:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tarhdr[512]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char current_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:463:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogend[64]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:525:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlog[MAXPGPATH]; /* directory or tarfile depending on mode */ data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:599:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char statusdir[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:780:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char totaldone_str[32]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:781:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char totalsize_str[32]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1041:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zerobuf[1024]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1116:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). state.tarfile = fopen(state.filename, "wb"); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1145:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). state.tarfile = fopen(state.filename, "wb"); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1186:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[512]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1241:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[512]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1348:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&state->tarhdr[state->tarhdrsz], copybuf + pos, data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1385:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[512]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1450:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zerobuf[512]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1491:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char canon_dir[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1668:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). state->file = fopen(state->filename, "wb"); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1744:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). state.file = fopen(state.filename, "wb"); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1804:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char escaped_label[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1809:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogstart[64]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1810:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogend[64]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1941:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). starttli = atoi(PQgetvalue(res, 0, 1)); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1974:19: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). totalsize_kb += atol(PQgetvalue(res, i, 2)); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:2205:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_filename[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:2206:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:2374:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). compresslevel = atoi(optarg); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:2412:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). standby_message_timeout = atoi(optarg) * 1000; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c:261:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath[MAXPGPATH * 2]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c:280:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c:282:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath[MAXPGPATH * 2]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c:287:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fullpath, O_RDONLY | PG_BINARY, 0); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c:535:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(optarg) <= 0) data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c:552:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). standby_message_timeout = atoi(optarg) * 1000; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c:577:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). compresslevel = atoi(optarg); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_recvlogical.c:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char replybuf[1 + 8 + 8 + 8 + 8 + 1]; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_recvlogical.c:331:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfd = open(outfile, O_CREAT | O_APPEND | O_WRONLY | PG_BINARY, data/postgresql-13-13.1/src/bin/pg_basebackup/pg_recvlogical.c:739:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fsync_interval = atoi(optarg) * 1000; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_recvlogical.c:760:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(optarg) <= 0) data/postgresql-13-13.1/src/bin/pg_basebackup/pg_recvlogical.c:817:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). standby_message_timeout = atoi(optarg) * 1000; data/postgresql-13-13.1/src/bin/pg_basebackup/receivelog.c:32:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char current_walfile_name[MAXPGPATH] = ""; data/postgresql-13-13.1/src/bin/pg_basebackup/receivelog.c:61:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmppath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/receivelog.c:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/receivelog.c:244:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char histfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/bin/pg_basebackup/receivelog.c:262:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char histfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/bin/pg_basebackup/receivelog.c:322:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char replybuf[1 + 8 + 8 + 8 + 8 + 1]; data/postgresql-13-13.1/src/bin/pg_basebackup/receivelog.c:438:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[128]; data/postgresql-13-13.1/src/bin/pg_basebackup/receivelog.c:439:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slotcmd[128]; data/postgresql-13-13.1/src/bin/pg_basebackup/receivelog.c:499:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (stream->timeline > atoi(PQgetvalue(res, 0, 1))) data/postgresql-13-13.1/src/bin/pg_basebackup/receivelog.c:710:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *timeline = atoi(PQgetvalue(res, 0, 0)); data/postgresql-13-13.1/src/bin/pg_basebackup/streamutil.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char password[100]; data/postgresql-13-13.1/src/bin/pg_basebackup/streamutil.c:279:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlog_unit[3]; data/postgresql-13-13.1/src/bin/pg_basebackup/streamutil.c:442:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *starttli = atoi(PQgetvalue(res, 0, 1)); data/postgresql-13-13.1/src/bin/pg_basebackup/streamutil.c:665:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &n64, sizeof(n64)); data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:74:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmppath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:92:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(tmppath, O_WRONLY | O_CREAT | PG_BINARY, pg_file_create_mode); data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:218:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmppath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:219:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmppath2[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:305:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmppath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:319:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmppath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:325:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(tmppath, O_RDONLY | PG_BINARY, 0); data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:389:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[512]; data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:401:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lasterror[1024]; data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:534:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmppath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:543:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tar_data->fd = open(tar_data->tarfilename, data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:788:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zerobuf[512]; data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:887:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zerobuf[1024]; data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char total_size_str[32]; data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:132:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char current_size_str[32]; data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:203:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open(fn, PG_BINARY | flags, 0); data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:302:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:315:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:342:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnonly[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:361:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). segmentno = atoi(segmentpath); data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:401:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tblspc_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:495:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(optarg) == 0) data/postgresql-13-13.1/src/bin/pg_config/pg_config.c:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char my_exec_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_controldata/pg_controldata.c:100:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pgctime_str[128]; data/postgresql-13-13.1/src/bin/pg_controldata/pg_controldata.c:101:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ckpttime_str[128]; data/postgresql-13-13.1/src/bin/pg_controldata/pg_controldata.c:102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mock_auth_nonce_str[MOCK_AUTH_NONCE_LEN * 2 + 1]; data/postgresql-13-13.1/src/bin/pg_controldata/pg_controldata.c:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfilename[MAXFNAMELEN]; data/postgresql-13-13.1/src/bin/pg_controldata/pg_controldata.c:222:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(xlogfilename, _("???")); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:101:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char postopts_file[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:102:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char version_file[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:103:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pid_file[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:104:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char backup_file[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:105:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char promote_file[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:106:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char logrotate_file[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:221:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[2048]; /* Arbitrary size? */ data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:279:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pidf = fopen(pid_file, "r"); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:339:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDONLY | PG_BINARY, 0); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:392:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(linebuf, linebegin, slen); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:445:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:537:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(log_file, O_RDWR, 0); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:620:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pmpid = atol(optlines[LOCK_FILE_LINE_PID - 1]); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:621:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pmstart = atol(optlines[LOCK_FILE_LINE_START_TIME - 1]); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:807:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:831:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:892:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char env_var[32]; data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:1205:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((prmfile = fopen(promote_file, "w")) == NULL) data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:1291:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((logrotatefile = fopen(logrotate_file, "w")) == NULL) data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:1432:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdPath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:1896:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char jobname[128]; data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:1898:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(jobname, "PostgreSQL_%lu", data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:2184:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXPGPATH], data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:2195:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(filename, "r")) == NULL) data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:2201:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(filename, "r")) != NULL) data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:2327:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wait_seconds = atoi(env_wait); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:2406:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wait_seconds = atoi(optarg); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:2469:16: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). killproc = atol(argv[++optind]); data/postgresql-13-13.1/src/bin/pg_dump/common.c:1053:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[100]; data/postgresql-13-13.1/src/bin/pg_dump/compress_io.c:528:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode_compression[32]; data/postgresql-13-13.1/src/bin/pg_dump/compress_io.c:555:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp->uncompressedfp = fopen(path, mode); data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:219:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *getMessageFromMaster(int pipefd[2]); data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:435:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[1]; data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:553:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[1]; data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:642:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[1]; data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:1218:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:1347:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:1520:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char * data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:590:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[40]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:596:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buffer, "DROP CONSTRAINT"); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:1091:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newToc->dependencies, opts->deps, opts->nDeps * sizeof(DumpId)); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:1123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stamp_str[64]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:1131:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(stamp_str, "[unknown]"); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:1368:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:1375:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(ropt->tocFile, PG_BINARY_R); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:1526:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmode[14]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:1529:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fmode, "wb%d", compression); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:1544:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). AH->OF = fopen(filename, PG_BINARY_A); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:1551:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). AH->OF = fopen(filename, PG_BINARY_W); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:1701:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) AH->lo_buf + AH->lo_buf_used, ptr, avail); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:1708:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) AH->lo_buf + AH->lo_buf_used, ptr, remaining); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2074:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sig[6]; /* More than enough */ data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2100:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2127:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(AH->fSpec, PG_BINARY_R); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2149:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&AH->lookahead[0], sig, 5); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2501:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[32]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2526:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(workbuf, "%u", te->catalogId.tableoid); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2528:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(workbuf, "%u", te->catalogId.oid); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2546:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(workbuf, "%d", te->dependencies[i]); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:3770:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpMag[7]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:3898:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:4801:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(clone, AH, sizeof(ArchiveHandle)); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_custom.c:154:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). AH->FH = fopen(AH->fSpec, PG_BINARY_W); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_custom.c:171:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). AH->FH = fopen(AH->fSpec, PG_BINARY_R); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_custom.c:810:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). AH->FH = fopen(AH->fSpec, PG_BINARY_R); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_custom.c:889:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(AH->formatData, ctx, sizeof(lclContext)); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_db.c:120:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char passbuf[100]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_db.c:143:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *keywords[8]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_db.c:144:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *values[8]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_db.c:236:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[1]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_db.c:493:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, buf, bufLen); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:200:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:236:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:326:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:424:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:436:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:437:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:452:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:453:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:575:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:641:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:660:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:679:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:746:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:799:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(AH->formatData, ctx, sizeof(lclContext)); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:175:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ctx->tarFH = fopen(AH->fSpec, PG_BINARY_W); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:209:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ctx->tarFH = fopen(AH->fSpec, PG_BINARY_R); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:252:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[K_STD_BUF_SIZE]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:259:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "%d.dat", te->dumpId); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:261:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "%d.dat.gz", te->dumpId); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:263:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "%d.dat", te->dumpId); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:330:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmode[14]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:379:15: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). tm->tmpFH = tmpfile(); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:395:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(name, O_RDWR | O_CREAT | O_EXCL | O_BINARY | data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:418:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fmode, "wb%d", AH->compression); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:530:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, AH->lookahead + AH->lookaheadPos, used); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:542:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. res = fread(&((char *) buf)[used], 1, len, fh); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:550:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. res = GZREAD(&((char *) buf)[used], 1, len, th->zFH); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:567:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. res = fread(&((char *) buf)[used], 1, len, th->nFH); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:637:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:722:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:868:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ropt, AH->public.ropt, sizeof(RestoreOptions)); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:936:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[K_STD_BUF_SIZE]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:938:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "blobs.toc"); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:954:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[255]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1075:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32768]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1109:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[32], data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1135:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[512]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1146:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[100], data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1159:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1187:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). id = atoi(th->targetFile); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1215:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char h[512]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1216:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[100 + 1]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1270:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char posbuf[32]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1271:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lenbuf[32]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1281:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char posbuf[32]; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:1299:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char h[512]; data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:467:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numWorkers = atoi(optarg); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:530:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). compressLevel = atoi(optarg); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:568:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). extra_float_digits = atoi(optarg); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:3511:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LOBBUFSIZE]; data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:4234:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atoi(PQgetvalue(res, 0, 0)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:5784:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). agginfo[i].aggfn.nargs = atoi(PQgetvalue(res, i, i_pronargs)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:6016:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). finfo[i].nargs = atoi(PQgetvalue(res, i, i_pronargs)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:6762:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tblinfo[i].relpages = atoi(PQgetvalue(res, i, i_relpages)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:6772:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tblinfo[i].ncheck = atoi(PQgetvalue(res, i, i_relchecks)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:6781:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tblinfo[i].owning_col = atoi(PQgetvalue(res, i, i_owning_col)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:7287:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). indxinfo[j].indnkeyattrs = atoi(PQgetvalue(res, j, i_indnkeyatts)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:7288:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). indxinfo[j].indnattrs = atoi(PQgetvalue(res, j, i_indnatts)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:7410:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). statsextinfo[i].stattarget = atoi(PQgetvalue(res, i, i_stattarget)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:7946:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tginfo[j].tgtype = atoi(PQgetvalue(res, j, i_tgtype)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:7947:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tginfo[j].tgnargs = atoi(PQgetvalue(res, j, i_tgnargs)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:8650:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (j + 1 != atoi(PQgetvalue(res, j, i_attnum))) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:8655:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tbinfo->atttypmod[j] = atoi(PQgetvalue(res, j, i_atttypmod)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:8656:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tbinfo->attstattarget[j] = atoi(PQgetvalue(res, j, i_attstattarget)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:8663:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tbinfo->attlen[j] = atoi(PQgetvalue(res, j, i_attlen)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:8707:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). adnum = atoi(PQgetvalue(res, j, 2)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:10020:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). comments[i].objsubid = atoi(PQgetvalue(res, i, i_objsubid)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:11480:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(PQgetvalue(res, i, i_attnum)) == comments->objsubid) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:12961:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[128]; data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:15520:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). labels[i].objsubid = atoi(PQgetvalue(res, i, i_objsubid)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:17185:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufm[32], data/postgresql-13-13.1/src/bin/pg_dump/pg_dump_sort.c:277:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(objs, ordering, numObjs * sizeof(DumpableObject *)); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump_sort.c:1191:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postgresql-13-13.1/src/bin/pg_dump/pg_dumpall.c:58:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pg_dump_bin[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_dumpall.c:85:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char role_catalog[10]; data/postgresql-13-13.1/src/bin/pg_dump/pg_dumpall.c:193:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_dump/pg_dumpall.c:481:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). OPF = fopen(filename, PG_BINARY_W); data/postgresql-13-13.1/src/bin/pg_dump/pg_dumpall.c:1537:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). OPF = fopen(filename, PG_BINARY_A); data/postgresql-13-13.1/src/bin/pg_dump/pg_dumpall.c:1647:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char password[100]; data/postgresql-13-13.1/src/bin/pg_dump/pg_dumpall.c:1928:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/postgresql-13-13.1/src/bin/pg_dump/pg_restore.c:184:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numWorkers = atoi(optarg); data/postgresql-13-13.1/src/bin/pg_resetwal/pg_resetwal.c:377:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open("postmaster.pid", O_RDONLY, 0)) < 0) data/postgresql-13-13.1/src/bin/pg_resetwal/pg_resetwal.c:540:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rawline[64]; data/postgresql-13-13.1/src/bin/pg_resetwal/pg_resetwal.c:542:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ver_fd = fopen(ver_file, "r")) == NULL) data/postgresql-13-13.1/src/bin/pg_resetwal/pg_resetwal.c:588:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(XLOG_CONTROL_FILE, O_RDONLY | PG_BINARY, 0)) < 0) data/postgresql-13-13.1/src/bin/pg_resetwal/pg_resetwal.c:816:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXFNAMELEN]; data/postgresql-13-13.1/src/bin/pg_resetwal/pg_resetwal.c:1019:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH + sizeof(XLOGDIR)]; data/postgresql-13-13.1/src/bin/pg_resetwal/pg_resetwal.c:1066:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH + sizeof(ARCHSTATDIR)]; data/postgresql-13-13.1/src/bin/pg_resetwal/pg_resetwal.c:1118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_resetwal/pg_resetwal.c:1148:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(recptr, &ControlFile.checkPointCopy, data/postgresql-13-13.1/src/bin/pg_resetwal/pg_resetwal.c:1163:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDWR | O_CREAT | O_EXCL | PG_BINARY, data/postgresql-13-13.1/src/bin/pg_rewind/copy_fetch.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullparentpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/copy_fetch.c:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath[MAXPGPATH * 2]; data/postgresql-13-13.1/src/bin/pg_rewind/copy_fetch.c:66:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH * 2]; data/postgresql-13-13.1/src/bin/pg_rewind/copy_fetch.c:112:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char link_target[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/copy_fetch.c:159:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char srcpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/copy_fetch.c:164:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). srcfd = open(srcpath, O_RDONLY | PG_BINARY, 0); data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.c:30:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dstpath[MAXPGPATH] = ""; data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.c:60:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dstfd = open(dstpath, mode, pg_file_create_mode); data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.c:174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.c:193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.c:201:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(dstpath, O_WRONLY, pg_file_create_mode); data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.c:216:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.c:230:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.c:244:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.c:258:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.c:289:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.c:295:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(fullpath, O_RDONLY | PG_BINARY, 0)) == -1) data/postgresql-13-13.1/src/bin/pg_rewind/filemap.c:161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/filemap.c:504:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/libpq_fetch.c:232:14: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). filesize = atol(PQgetvalue(res, i, 1)); data/postgresql-13-13.1/src/bin/pg_rewind/libpq_fetch.c:322:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&chunkoff, PQgetvalue(res, 0, 1), sizeof(int64)); data/postgresql-13-13.1/src/bin/pg_rewind/libpq_fetch.c:328:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(filename, PQgetvalue(res, 0, 0), filenamelen); data/postgresql-13-13.1/src/bin/pg_rewind/libpq_fetch.c:373:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *paramValues[1]; data/postgresql-13-13.1/src/bin/pg_rewind/libpq_fetch.c:391:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, PQgetvalue(res, 0, 0), len); data/postgresql-13-13.1/src/bin/pg_rewind/libpq_fetch.c:413:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuf[MAXPGPATH + 23]; data/postgresql-13-13.1/src/bin/pg_rewind/parsexlog.c:33:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *RmgrNames[RM_MAX_ID + 1] = { data/postgresql-13-13.1/src/bin/pg_rewind/parsexlog.c:41:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char xlogfpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/parsexlog.c:219:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&checkPoint, XLogRecGetData(xlogreader), sizeof(CheckPoint)); data/postgresql-13-13.1/src/bin/pg_rewind/parsexlog.c:268:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfname[MAXFNAMELEN]; data/postgresql-13-13.1/src/bin/pg_rewind/parsexlog.c:289:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). xlogreadfd = open(xlogfpath, O_RDONLY | PG_BINARY, 0); data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:438:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ControlFile_new, &ControlFile_source, sizeof(ControlFileData)); data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:532:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fetch_done_str[32]; data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:533:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fetch_size_str[32]; data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:619:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:728:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strfbuf[128]; data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:729:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogfilename[MAXFNAMELEN]; data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:731:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:791:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ControlFile, src, sizeof(ControlFileData)); data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:834:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char postgres_exec_path[MAXPGPATH], data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:848:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:898:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exec_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:899:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXCMDLEN]; data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:906:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:67:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char full_buf[DEFAULT_XLOG_SEG_SIZE], data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:176:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). secs_per_test = atoi(optarg); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:222:8: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). int tmpfile; data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:227:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmpfile = open(filename, O_RDWR | O_CREAT | PG_BINARY, S_IRUSR | S_IWUSR)) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:230:12: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (write(tmpfile, full_buf, DEFAULT_XLOG_SEG_SIZE) != data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:235:12: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (fsync(tmpfile) != 0) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:238:8: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). close(tmpfile); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:244:8: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). int tmpfile, data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:262:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmpfile = open(filename, O_RDWR | O_DSYNC | PG_O_DIRECT | PG_BINARY, 0)) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:273:15: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:275:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (lseek(tmpfile, 0, SEEK_SET) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:279:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). close(tmpfile); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:292:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:298:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:300:13: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). fdatasync(tmpfile); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:301:13: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (lseek(tmpfile, 0, SEEK_SET) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:305:8: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). close(tmpfile); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:316:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:322:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:324:13: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (fsync(tmpfile) != 0) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:326:13: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (lseek(tmpfile, 0, SEEK_SET) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:330:8: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). close(tmpfile); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:339:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:345:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:347:29: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (pg_fsync_writethrough(tmpfile) != 0) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:349:13: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (lseek(tmpfile, 0, SEEK_SET) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:353:8: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). close(tmpfile); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:365:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmpfile = open(filename, O_RDWR | OPEN_SYNC_FLAG | PG_O_DIRECT | PG_BINARY, 0)) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:376:15: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:385:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (lseek(tmpfile, 0, SEEK_SET) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:389:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). close(tmpfile); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:423:8: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). int tmpfile, data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:432:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmpfile = open(filename, O_RDWR | OPEN_SYNC_FLAG | PG_O_DIRECT | PG_BINARY, 0)) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:440:15: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (write(tmpfile, buf, writes_size * 1024) != data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:443:14: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (lseek(tmpfile, 0, SEEK_SET) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:447:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). close(tmpfile); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:457:8: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). int tmpfile, data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:480:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:482:13: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:484:13: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (fsync(tmpfile) != 0) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:486:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). close(tmpfile); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:492:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:494:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). close(tmpfile); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:508:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:510:13: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:512:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). close(tmpfile); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:514:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:516:13: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (fsync(tmpfile) != 0) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:518:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). close(tmpfile); data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:526:8: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). int tmpfile, data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:539:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((tmpfile = open(filename, O_RDWR | PG_BINARY, 0)) == -1) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:541:13: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (write(tmpfile, buf, XLOG_BLCKSZ) != XLOG_BLCKSZ) data/postgresql-13-13.1/src/bin/pg_test_fsync/pg_test_fsync.c:543:9: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). close(tmpfile); data/postgresql-13-13.1/src/bin/pg_test_timing/pg_test_timing.c:71:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). test_duration = atoi(optarg); data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:543:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_tablespace_dir[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:573:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_cluster_pgdata[MAXPGPATH], data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:605:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_tablespace_dir[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:849:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:935:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:1020:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:1126:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufin[MAX_STRING]; data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:678:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_path[MAXPGPATH], data/postgresql-13-13.1/src/bin/pg_upgrade/dump.c:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql_file_name[MAXPGPATH], data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXPGPATH], data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXCMDLEN]; data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:127:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). log = fopen(log_file, "a"); data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:143:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). log = fopen(log_file, "a"); data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:203:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((log = fopen(log_file, "a")) == NULL) data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:221:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:226:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_RDONLY, 0)) < 0) data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:283:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(GLOBALS_DUMP_FILE, O_RDWR | O_CREAT, S_IRUSR | S_IWUSR)) < 0) data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:302:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subDirName[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:420:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:49:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((src_fd = open(src, O_RDONLY | PG_BINARY, 0)) < 0) data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:53:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((dest_fd = open(dst, O_RDWR | O_CREAT | O_EXCL | PG_BINARY, data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:86:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((src_fd = open(src, O_RDONLY | PG_BINARY, 0)) < 0) data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:90:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((dest_fd = open(dst, O_RDWR | O_CREAT | O_EXCL | PG_BINARY, data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:189:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((src_fd = open(fromfile, O_RDONLY | PG_BINARY, 0)) < 0) data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:197:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((dst_fd = open(tofile, O_RDWR | O_CREAT | O_EXCL | PG_BINARY, data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:234:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pageheader, buffer.data, SizeOfPageHeaderData); data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:253:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_vmbuf.data, &pageheader, SizeOfPageHeaderData); data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:319:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char existing_file[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:320:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_link_file[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:335:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((src_fd = open(existing_file, O_RDONLY | PG_BINARY, 0)) < 0) data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:339:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((dest_fd = open(new_link_file, O_RDWR | O_CREAT | O_EXCL | PG_BINARY, data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:361:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char existing_file[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:362:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_link_file[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/function.c:187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/function.c:206:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[7 + 2 * MAXPGPATH + 1]; data/postgresql-13-13.1/src/bin/pg_upgrade/function.c:228:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(cmd, "LOAD '"); data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:225:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reldesc[1000]; data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:351:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[QUERY_ALLOC]; data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:382:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). dbinfos[tupnum].db_encoding = atoi(PQgetvalue(res, tupnum, i_encoding)); data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:427:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[QUERY_ALLOC]; data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:74:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). old_cluster.port = getenv("PGPORTOLD") ? atoi(getenv("PGPORTOLD")) : DEF_PGUPORT; data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:75:43: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new_cluster.port = getenv("PGPORTNEW") ? atoi(getenv("PGPORTNEW")) : DEF_PGUPORT; data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:130:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). user_opts.jobs = atoi(optarg); data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:169:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((old_cluster.port = atoi(optarg)) <= 0) data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:174:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((new_cluster.port = atoi(optarg)) <= 0) data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:269:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cwd[MAXPGPATH], data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:371:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cwd[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:406:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:407:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXPGPATH], data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:417:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "r")) == NULL) data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:423:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "r")) != NULL) data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:489:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPGPATH], data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:496:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "r")) == NULL) data/postgresql-13-13.1/src/bin/pg_upgrade/parallel.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAX_STRING]; data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:217:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exec_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:330:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql_file_name[MAXPGPATH], data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:366:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql_file_name[MAXPGPATH], data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:423:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:440:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:441:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:698:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql_file_name[MAXPGPATH], data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.h:180:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char db_tablespace[MAXPGPATH]; /* database default tablespace data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.h:203:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nextxlogfile[25]; data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.h:268:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char major_version_str[64]; /* string PG_VERSION of cluster */ data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.h:380:32: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define fopen_priv(path, mode) fopen(path, mode) data/postgresql-13-13.1/src/bin/pg_upgrade/relfilenode.c:187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_file[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/relfilenode.c:188:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_file[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/relfilenode.c:190:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extent_suffix[65]; data/postgresql-13-13.1/src/bin/pg_upgrade/server.c:122:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char query[QUERY_ALLOC]; data/postgresql-13-13.1/src/bin/pg_upgrade/server.c:160:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ver_filename[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/server.c:166:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((version_fd = fopen(ver_filename, "r")) == NULL) data/postgresql-13-13.1/src/bin/pg_upgrade/server.c:198:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXPGPATH * 4 + 1000]; data/postgresql-13-13.1/src/bin/pg_upgrade/server.c:201:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char socket_string[MAXPGPATH + 200]; data/postgresql-13-13.1/src/bin/pg_upgrade/server.c:215:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(socket_string, data/postgresql-13-13.1/src/bin/pg_upgrade/tablespace.c:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[QUERY_ALLOC]; data/postgresql-13-13.1/src/bin/pg_upgrade/util.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[MAX_STRING]; data/postgresql-13-13.1/src/bin/pg_upgrade/util.c:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[MAX_STRING]; data/postgresql-13-13.1/src/bin/pg_upgrade/util.c:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[QUERY_ALLOC]; data/postgresql-13-13.1/src/bin/pg_upgrade/version.c:27:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/version.c:46:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(PQgetvalue(res, 0, i_count)) != 0) data/postgresql-13-13.1/src/bin/pg_upgrade/version.c:237:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/version.c:274:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_upgrade/version.c:416:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_verifybackup/pg_verifybackup.c:293:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_verifybackup/pg_verifybackup.c:386:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(manifest_path, O_RDONLY | PG_BINARY, 0)) < 0) data/postgresql-13-13.1/src/bin/pg_verifybackup/pg_verifybackup.c:721:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(fullpath, O_RDONLY | PG_BINARY, 0)) < 0) data/postgresql-13-13.1/src/bin/pg_waldump/compat.c:51:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/bin/pg_waldump/compat.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ts[MAXDATELEN + 1]; data/postgresql-13-13.1/src/bin/pg_waldump/compat.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zone[MAXDATELEN + 1]; data/postgresql-13-13.1/src/bin/pg_waldump/pg_waldump.c:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_waldump/pg_waldump.c:143:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fpath, O_RDONLY | PG_BINARY, 0); data/postgresql-13-13.1/src/bin/pg_waldump/pg_waldump.c:240:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_waldump/pg_waldump.c:288:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pg_waldump/pg_waldump.c:359:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pgbench/exprparse.c:988:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/postgresql-13-13.1/src/bin/pgbench/exprparse.c:1182:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/postgresql-13-13.1/src/bin/pgbench/exprscan.c:2811:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, scanptr, slen); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:528:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[MAX_ARGS]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:1178:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char password[100]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:1188:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *keywords[PARAMS_ARRAY_SIZE]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:1189:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *values[PARAMS_ARRAY_SIZE]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:1279:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stringform[64]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:1529:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, &sql[1], i - 1); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:1551:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(param, value, valueln); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:2509:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[SHELL_COMMAND_SIZE]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:2513:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res[64]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:2553:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(command + len, arg, arglen); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:2611:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "P%d_%d", file, state); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:2660:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *params[MAX_ARGS]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:2670:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_PREPARE_NAME]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:2671:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *params[MAX_ARGS]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:2681:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_PREPARE_NAME]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:2856:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). usec = atoi(var); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:2859:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). usec = atoi(argv[1]); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3634:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ff[64]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3651:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[256]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3656:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char minvalue[32], data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3666:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(minvalue, "minvalue"); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3673:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(maxvalue, "maxvalue"); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3752:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char opts[256]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3753:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3823:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[256]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3967:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sql[256]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:4031:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:4216:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). scale = atoi(PQgetvalue(res, 0, 0)); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:4297:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). partitions = atoi(PQgetvalue(res, 0, 2)); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:4318:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char var[13]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:4344:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(var, "$%d", cmd->argc); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:4490:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:4944:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fd = fopen(filename, "r")) == NULL) data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tbuf[315]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5530:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nclients = atoi(optarg); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5557:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nthreads = atoi(optarg); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5581:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). scale = atoi(optarg); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5590:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nxacts = atoi(optarg); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5599:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). duration = atoi(optarg); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5662:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fillfactor = atoi(optarg); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5682:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). progress = atoi(optarg); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5741:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). agg_interval = atoi(optarg); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5778:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). partitions = atoi(optarg); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:6262:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:6270:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). thread->logfile = fopen(logpath, "w"); data/postgresql-13-13.1/src/bin/pgevent/pgevent.c:25:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char event_source[256] = DEFAULT_EVENT_SOURCE; data/postgresql-13-13.1/src/bin/pgevent/pgevent.c:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[_MAX_PATH]; data/postgresql-13-13.1/src/bin/pgevent/pgevent.c:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_name[400]; data/postgresql-13-13.1/src/bin/pgevent/pgevent.c:129:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_name[400]; data/postgresql-13-13.1/src/bin/psql/command.c:995:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lineno = atoi(ln); data/postgresql-13-13.1/src/bin/psql/command.c:1047:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/command.c:1967:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pw1[100]; data/postgresql-13-13.1/src/bin/psql/command.c:1968:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pw2[100]; data/postgresql-13-13.1/src/bin/psql/command.c:2342:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/command.c:2572:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(fname, "w"); data/postgresql-13-13.1/src/bin/psql/command.c:2985:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/postgresql-13-13.1/src/bin/psql/command.c:3421:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cverbuf[32]; data/postgresql-13-13.1/src/bin/psql/command.c:3422:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/command.c:3541:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vbuf[32]; data/postgresql-13-13.1/src/bin/psql/command.c:3670:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnametmp[MAXPGPATH]; data/postgresql-13-13.1/src/bin/psql/command.c:3690:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpdir[MAXPGPATH]; data/postgresql-13-13.1/src/bin/psql/command.c:3717:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fname, O_WRONLY | O_CREAT | O_EXCL, 0600); data/postgresql-13-13.1/src/bin/psql/command.c:3777:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream = fopen(fname, PG_BINARY_R); data/postgresql-13-13.1/src/bin/psql/command.c:3786:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/postgresql-13-13.1/src/bin/psql/command.c:3837:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char relpath[MAXPGPATH]; data/postgresql-13-13.1/src/bin/psql/command.c:3865:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(filename, PG_BINARY_R); data/postgresql-13-13.1/src/bin/psql/command.c:4121:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). popt->topt.border = atoi(value); data/postgresql-13-13.1/src/bin/psql/command.c:4277:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). popt->topt.pager_min_lines = atoi(value); data/postgresql-13-13.1/src/bin/psql/command.c:4293:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). popt->topt.columns = atoi(value); data/postgresql-13-13.1/src/bin/psql/command.c:4505:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save, popt, sizeof(printQueryOpt)); data/postgresql-13-13.1/src/bin/psql/command.c:4558:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(popt, save, sizeof(printQueryOpt)); data/postgresql-13-13.1/src/bin/psql/command.c:4766:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timebuf[128]; data/postgresql-13-13.1/src/bin/psql/command.c:5136:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lineno = atoi(c); data/postgresql-13-13.1/src/bin/psql/common.c:64:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *fout = fopen(fname, "w"); data/postgresql-13-13.1/src/bin/psql/common.c:1081:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/postgresql-13-13.1/src/bin/psql/common.c:1204:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[3]; data/postgresql-13-13.1/src/bin/psql/common.c:1260:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/common.c:1593:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fetch_cmd[64]; data/postgresql-13-13.1/src/bin/psql/common.c:1788:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/postgresql-13-13.1/src/bin/psql/common.c:2244:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char home[MAXPGPATH]; data/postgresql-13-13.1/src/bin/psql/copy.c:297:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). copystream = fopen(options->file, PG_BINARY_R); data/postgresql-13-13.1/src/bin/psql/copy.c:317:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). copystream = fopen(options->file, PG_BINARY_W); data/postgresql-13-13.1/src/bin/psql/copy.c:516:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[COPYBUFSIZ]; data/postgresql-13-13.1/src/bin/psql/crosstabview.c:604:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hmap[i * 2] = atoi(val); data/postgresql-13-13.1/src/bin/psql/crosstabview.c:642:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). idx = atoi(arg) - 1; data/postgresql-13-13.1/src/bin/psql/describe.c:158:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:227:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:339:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:350:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:1099:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:1458:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *headers[11]; data/postgresql-13-13.1/src/bin/psql/describe.c:1664:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tableinfo.checks = atoi(PQgetvalue(res, 0, 0)); data/postgresql-13-13.1/src/bin/psql/describe.c:1699:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *footers[2] = {NULL, NULL}; data/postgresql-13-13.1/src/bin/psql/describe.c:3536:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). conns = atoi(PQgetvalue(res, i, 6)); data/postgresql-13-13.1/src/bin/psql/describe.c:3603:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:3897:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:4513:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:4668:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:4915:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:4986:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:5057:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:5263:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:5346:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:5428:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:5489:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:5567:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:5624:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:5738:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:5814:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/describe.c:5980:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sverbuf[32]; data/postgresql-13-13.1/src/bin/psql/input.c:192:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/postgresql-13-13.1/src/bin/psql/input.c:352:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char home[MAXPGPATH]; data/postgresql-13-13.1/src/bin/psql/input.c:447:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fname, O_CREAT | O_WRONLY | PG_BINARY, 0600); data/postgresql-13-13.1/src/bin/psql/input.c:506:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). output = fopen(fname, "w"); data/postgresql-13-13.1/src/bin/psql/large_obj.c:180:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oidbuf[32]; data/postgresql-13-13.1/src/bin/psql/large_obj.c:206:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cmdbuf, "COMMENT ON LARGE OBJECT %u IS '", loid); data/postgresql-13-13.1/src/bin/psql/large_obj.c:226:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(oidbuf, "%u", loid); data/postgresql-13-13.1/src/bin/psql/large_obj.c:277:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postgresql-13-13.1/src/bin/psql/prompt.c:68:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char destination[MAX_PROMPT_SIZE + 1]; data/postgresql-13-13.1/src/bin/psql/prompt.c:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_PROMPT_SIZE + 1]; data/postgresql-13-13.1/src/bin/psql/psqlscanslash.c:3430:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/postgresql-13-13.1/src/bin/psql/settings.h:100:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ctv_args[4]; /* \crosstabview arguments */ data/postgresql-13-13.1/src/bin/psql/startup.c:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char password[100]; data/postgresql-13-13.1/src/bin/psql/startup.c:176:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pset.popt.topt.env_columns = getenv("COLUMNS") ? atoi(getenv("COLUMNS")) : 0; data/postgresql-13-13.1/src/bin/psql/startup.c:324:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pset.logfile = fopen(options.logfilename, "a"); data/postgresql-13-13.1/src/bin/psql/startup.c:755:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char home[MAXPGPATH]; data/postgresql-13-13.1/src/bin/psql/startup.c:756:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rc_file[MAXPGPATH]; data/postgresql-13-13.1/src/bin/psql/startup.c:757:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char my_exec_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/psql/startup.c:758:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char etc_path[MAXPGPATH]; data/postgresql-13-13.1/src/bin/psql/tab-complete.c:3564:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char querybuf[1024]; data/postgresql-13-13.1/src/bin/psql/tab-complete.c:4680:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, tab_completion_query_buf->data, i); data/postgresql-13-13.1/src/bin/psql/tab-complete.c:4682:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + i, rl_line_buffer, point); data/postgresql-13-13.1/src/bin/psql/tab-complete.c:4767:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outptr, &buf[start], i); data/postgresql-13-13.1/src/bin/scripts/common.c:70:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char password[100]; data/postgresql-13-13.1/src/bin/scripts/common.c:90:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *keywords[8]; data/postgresql-13-13.1/src/bin/scripts/common.c:91:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *values[8]; data/postgresql-13-13.1/src/bin/scripts/common.c:198:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[256]; data/postgresql-13-13.1/src/bin/scripts/common.c:454:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[256]; data/postgresql-13-13.1/src/bin/scripts/common.c:464:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resp[10]; data/postgresql-13-13.1/src/bin/scripts/createuser.c:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newuser_buf[128]; data/postgresql-13-13.1/src/bin/scripts/createuser.c:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newpassword_buf[100]; data/postgresql-13-13.1/src/bin/scripts/createuser.c:210:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pw2[100]; data/postgresql-13-13.1/src/bin/scripts/dropuser.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dropuser_buf[128]; data/postgresql-13-13.1/src/bin/scripts/pg_isready.c:40:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *keywords[PARAMS_ARRAY_SIZE]; data/postgresql-13-13.1/src/bin/scripts/pg_isready.c:41:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *values[PARAMS_ARRAY_SIZE]; data/postgresql-13-13.1/src/bin/scripts/reindexdb.c:149:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). concurrentCons = atoi(optarg); data/postgresql-13-13.1/src/bin/scripts/vacuumdb.c:181:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). concurrentCons = atoi(optarg); data/postgresql-13-13.1/src/bin/scripts/vacuumdb.c:189:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). vacopts.parallel_workers = atoi(optarg); data/postgresql-13-13.1/src/bin/scripts/vacuumdb.c:209:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). vacopts.min_xid_age = atoi(optarg); data/postgresql-13-13.1/src/bin/scripts/vacuumdb.c:217:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). vacopts.min_mxid_age = atoi(optarg); data/postgresql-13-13.1/src/common/checksum_helper.c:168:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output, &context->raw_context.c_crc32c, retval); data/postgresql-13-13.1/src/common/config_info.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/common/controldata_utils.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ControlFilePath[MAXPGPATH]; data/postgresql-13-13.1/src/common/controldata_utils.c:71:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(ControlFilePath, O_RDONLY | PG_BINARY, 0)) == -1) data/postgresql-13-13.1/src/common/controldata_utils.c:160:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[PG_CONTROL_FILE_SIZE]; data/postgresql-13-13.1/src/common/controldata_utils.c:161:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ControlFilePath[MAXPGPATH]; data/postgresql-13-13.1/src/common/controldata_utils.c:184:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, ControlFile, sizeof(ControlFileData)); data/postgresql-13-13.1/src/common/controldata_utils.c:200:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(ControlFilePath, O_WRONLY | PG_BINARY, data/postgresql-13-13.1/src/common/d2s.c:662:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, "0.000000", 8); data/postgresql-13-13.1/src/common/d2s.c:703:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 2, DIGIT_TABLE + c0, 2); data/postgresql-13-13.1/src/common/d2s.c:704:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 4, DIGIT_TABLE + c1, 2); data/postgresql-13-13.1/src/common/d2s.c:705:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 6, DIGIT_TABLE + d0, 2); data/postgresql-13-13.1/src/common/d2s.c:706:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 8, DIGIT_TABLE + d1, 2); data/postgresql-13-13.1/src/common/d2s.c:719:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 2, DIGIT_TABLE + c0, 2); data/postgresql-13-13.1/src/common/d2s.c:720:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 4, DIGIT_TABLE + c1, 2); data/postgresql-13-13.1/src/common/d2s.c:728:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 2, DIGIT_TABLE + c, 2); data/postgresql-13-13.1/src/common/d2s.c:735:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 2, DIGIT_TABLE + c, 2); data/postgresql-13-13.1/src/common/d2s.c:877:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 1, DIGIT_TABLE + c0, 2); data/postgresql-13-13.1/src/common/d2s.c:878:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 3, DIGIT_TABLE + c1, 2); data/postgresql-13-13.1/src/common/d2s.c:879:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 5, DIGIT_TABLE + d0, 2); data/postgresql-13-13.1/src/common/d2s.c:880:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 7, DIGIT_TABLE + d1, 2); data/postgresql-13-13.1/src/common/d2s.c:895:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 1, DIGIT_TABLE + c0, 2); data/postgresql-13-13.1/src/common/d2s.c:896:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 3, DIGIT_TABLE + c1, 2); data/postgresql-13-13.1/src/common/d2s.c:904:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 1, DIGIT_TABLE + c, 2); data/postgresql-13-13.1/src/common/d2s.c:948:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index, DIGIT_TABLE + 2 * (exp / 10), 2); data/postgresql-13-13.1/src/common/d2s.c:954:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index, DIGIT_TABLE + 2 * exp, 2); data/postgresql-13-13.1/src/common/digit_table.h:8:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char DIGIT_TABLE[200] = { data/postgresql-13-13.1/src/common/encnames.c:557:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[NAMEDATALEN], data/postgresql-13-13.1/src/common/exec.c:74:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path_exe[MAXPGPATH + sizeof(".exe") - 1]; data/postgresql-13-13.1/src/common/exec.c:81:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(path_exe, ".exe"); data/postgresql-13-13.1/src/common/exec.c:130:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cwd[MAXPGPATH], data/postgresql-13-13.1/src/common/exec.c:235:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char orig_wd[MAXPGPATH], data/postgresql-13-13.1/src/common/exec.c:326:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXPGPATH]; data/postgresql-13-13.1/src/common/exec.c:327:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXPGPATH]; data/postgresql-13-13.1/src/common/exec.c:436:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPGPATH]; data/postgresql-13-13.1/src/common/exec.c:437:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char my_exec_path[MAXPGPATH]; data/postgresql-13-13.1/src/common/exec.c:438:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char env_path[MAXPGPATH + sizeof("PGSYSCONFDIR=")]; /* longer than data/postgresql-13-13.1/src/common/f2s.c:471:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, "0.000000", 8); data/postgresql-13-13.1/src/common/f2s.c:500:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 2, DIGIT_TABLE + c0, 2); data/postgresql-13-13.1/src/common/f2s.c:501:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 4, DIGIT_TABLE + c1, 2); data/postgresql-13-13.1/src/common/f2s.c:509:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 2, DIGIT_TABLE + c, 2); data/postgresql-13-13.1/src/common/f2s.c:516:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 2, DIGIT_TABLE + c, 2); data/postgresql-13-13.1/src/common/f2s.c:633:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 1, DIGIT_TABLE + c0, 2); data/postgresql-13-13.1/src/common/f2s.c:634:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 3, DIGIT_TABLE + c1, 2); data/postgresql-13-13.1/src/common/f2s.c:642:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index + olength - i - 1, DIGIT_TABLE + c, 2); data/postgresql-13-13.1/src/common/f2s.c:682:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + index, DIGIT_TABLE + 2 * exp, 2); data/postgresql-13-13.1/src/common/fe_memutils.c:166:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, in, len); data/postgresql-13-13.1/src/common/file_utils.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pg_wal[MAXPGPATH]; data/postgresql-13-13.1/src/common/file_utils.c:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pg_tblspc[MAXPGPATH]; data/postgresql-13-13.1/src/common/file_utils.c:164:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subpath[MAXPGPATH * 2]; data/postgresql-13-13.1/src/common/file_utils.c:218:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fname, O_RDONLY | PG_BINARY, 0); data/postgresql-13-13.1/src/common/file_utils.c:278:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(fname, flags, 0); data/postgresql-13-13.1/src/common/file_utils.c:313:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parentpath[MAXPGPATH]; data/postgresql-13-13.1/src/common/file_utils.c:352:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(newfile, PG_BINARY | O_RDWR, 0); data/postgresql-13-13.1/src/common/jsonapi.c:230:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(©lex, lex, sizeof(JsonLexContext)); data/postgresql-13-13.1/src/common/jsonapi.c:301:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, lex->token_start, len); data/postgresql-13-13.1/src/common/jsonapi.c:791:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cbuf[MAX_UNICODE_EQUIVALENT_STRING + 1]; data/postgresql-13-13.1/src/common/jsonapi.c:800:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8str[5]; data/postgresql-13-13.1/src/common/jsonapi.c:1129:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(token, lex->token_start, toklen); data/postgresql-13-13.1/src/common/md5.c:58:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, b, sizeof(uint8) * len); data/postgresql-13-13.1/src/common/md5.c:339:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crypt_buf, passwd, passwd_len); data/postgresql-13-13.1/src/common/md5.c:340:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crypt_buf + passwd_len, salt, salt_len); data/postgresql-13-13.1/src/common/md5.c:342:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "md5"); data/postgresql-13-13.1/src/common/pg_lzcompress.c:765:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, dp - off, off); data/postgresql-13-13.1/src/common/pg_lzcompress.c:795:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, dp - off, len); data/postgresql-13-13.1/src/common/rmtree.c:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathbuf[MAXPGPATH]; data/postgresql-13-13.1/src/common/ryu_common.h:99:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, "NaN", 3); data/postgresql-13-13.1/src/common/ryu_common.h:108:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + sign, "Infinity", 8); data/postgresql-13-13.1/src/common/ryu_common.h:120:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bits, &f, sizeof(float)); data/postgresql-13-13.1/src/common/ryu_common.h:129:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bits, &d, sizeof(double)); data/postgresql-13-13.1/src/common/saslprep.c:1234:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/postgresql-13-13.1/src/common/scram-common.c:127:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, Ui_prev, SCRAM_KEY_LEN); data/postgresql-13-13.1/src/common/scram-common.c:137:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Ui_prev, Ui, SCRAM_KEY_LEN); data/postgresql-13-13.1/src/common/scram-common.c:240:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p = result + sprintf(result, "SCRAM-SHA-256$%d:", iterations); data/postgresql-13-13.1/src/common/sha2.c:272:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state, sha256_initial_hash_value, PG_SHA256_DIGEST_LENGTH); data/postgresql-13-13.1/src/common/sha2.c:483:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, freespace); data/postgresql-13-13.1/src/common/sha2.c:492:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, len); data/postgresql-13-13.1/src/common/sha2.c:510:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->buffer, data, len); data/postgresql-13-13.1/src/common/sha2.c:584:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state, PG_SHA256_DIGEST_LENGTH); data/postgresql-13-13.1/src/common/sha2.c:598:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state, sha512_initial_hash_value, PG_SHA512_DIGEST_LENGTH); data/postgresql-13-13.1/src/common/sha2.c:809:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, freespace); data/postgresql-13-13.1/src/common/sha2.c:818:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[usedspace], data, len); data/postgresql-13-13.1/src/common/sha2.c:836:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->buffer, data, len); data/postgresql-13-13.1/src/common/sha2.c:913:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state, PG_SHA512_DIGEST_LENGTH); data/postgresql-13-13.1/src/common/sha2.c:927:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state, sha384_initial_hash_value, PG_SHA512_DIGEST_LENGTH); data/postgresql-13-13.1/src/common/sha2.c:958:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state, PG_SHA384_DIGEST_LENGTH); data/postgresql-13-13.1/src/common/sha2.c:971:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(context->state, sha224_initial_hash_value, PG_SHA256_DIGEST_LENGTH); data/postgresql-13-13.1/src/common/sha2.c:1001:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest, context->state, PG_SHA224_DIGEST_LENGTH); data/postgresql-13-13.1/src/common/stringinfo.c:235:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str->data + str->len, data, datalen); data/postgresql-13-13.1/src/common/stringinfo.c:261:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str->data + str->len, data, datalen); data/postgresql-13-13.1/src/common/unicode/norm_test.c:26:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[BUF_DIGITS * 11 + 1]; data/postgresql-13-13.1/src/common/unicode/norm_test.c:34:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. p += sprintf(p, "U+%04X ", *s); data/postgresql-13-13.1/src/common/username.c:53:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char username[256 + 1]; data/postgresql-13-13.1/src/common/wait_error.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[512]; data/postgresql-13-13.1/src/fe_utils/archive.c:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlogpath[MAXPGPATH]; data/postgresql-13-13.1/src/fe_utils/archive.c:81:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int xlogfd = open(xlogpath, O_RDONLY | PG_BINARY, 0); data/postgresql-13-13.1/src/fe_utils/cancel.c:149:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[256]; data/postgresql-13-13.1/src/fe_utils/cancel.c:190:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[256]; data/postgresql-13-13.1/src/fe_utils/mbprint.c:326:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char *) ptr, "\\r"); data/postgresql-13-13.1/src/fe_utils/mbprint.c:340:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *) ptr, "\\x%02X", *pwcs); data/postgresql-13-13.1/src/fe_utils/mbprint.c:353:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *) ptr, "\\u%04X", utf8_to_unicode(pwcs)); data/postgresql-13-13.1/src/fe_utils/mbprint.c:361:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *) ptr, "\\u????"); data/postgresql-13-13.1/src/fe_utils/print.c:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char default_footer[100]; data/postgresql-13-13.1/src/fe_utils/print.c:104:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *vertical_and_right[2]; data/postgresql-13-13.1/src/fe_utils/print.c:105:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *vertical_and_left[2]; data/postgresql-13-13.1/src/fe_utils/print.c:111:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *vertical_and_horizontal[2]; data/postgresql-13-13.1/src/fe_utils/print.c:112:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *up_and_horizontal[2]; data/postgresql-13-13.1/src/fe_utils/print.c:113:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *down_and_horizontal[2]; data/postgresql-13-13.1/src/fe_utils/print.c:978:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pg_wcsformat((const unsigned char *) ptr[j], strlen(ptr[j]), encoding, data/postgresql-13-13.1/src/fe_utils/print.c:1640:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fputnbytes(fout, (char *) (dlineptr[dline].ptr + offset), data/postgresql-13-13.1/src/fe_utils/psqlscan.c:4846:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newtxt, txt, len); data/postgresql-13-13.1/src/fe_utils/psqlscan.c:4913:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, txt, len); data/postgresql-13-13.1/src/fe_utils/recovery_gen.c:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[MAXPGPATH]; data/postgresql-13-13.1/src/fe_utils/recovery_gen.c:131:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cf = fopen(filename, use_recovery_conf ? "w" : "a"); data/postgresql-13-13.1/src/fe_utils/recovery_gen.c:149:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cf = fopen(filename, "w"); data/postgresql-13-13.1/src/include/access/detoast.h:37:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(toast_pointer), VARDATA_EXTERNAL(attre), sizeof(toast_pointer)); \ data/postgresql-13-13.1/src/include/access/ginblock.h:340:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[FLEXIBLE_ARRAY_MEMBER]; /* varbyte encoded items */ data/postgresql-13-13.1/src/include/access/gist_private.h:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tupledata[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/include/access/htup_details.h:630:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mt_padding[MINIMAL_TUPLE_PADDING]; data/postgresql-13-13.1/src/include/access/relscan.h:160:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ps_snapshot_data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/include/access/slru.h:130:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Dir[64]; data/postgresql-13-13.1/src/include/access/xact.h:337:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char twophase_gid[GIDSIZE]; /* only for 2PC */ data/postgresql-13-13.1/src/include/access/xact.h:362:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char twophase_gid[GIDSIZE]; /* only for 2PC */ data/postgresql-13-13.1/src/include/access/xlog_internal.h:252:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rp_name[MAXFNAMELEN]; data/postgresql-13-13.1/src/include/access/xlogreader.h:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ws_dir[MAXPGPATH]; data/postgresql-13-13.1/src/include/c.h:557:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vl_len_[4]; /* Do not touch this field directly! */ data/postgresql-13-13.1/src/include/c.h:558:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vl_dat[FLEXIBLE_ARRAY_MEMBER]; /* Data content is here */ data/postgresql-13-13.1/src/include/c.h:611:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[NAMEDATALEN]; data/postgresql-13-13.1/src/include/c.h:1104:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[BLCKSZ]; data/postgresql-13-13.1/src/include/c.h:1112:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[XLOG_BLCKSZ]; data/postgresql-13-13.1/src/include/catalog/pg_control.h:227:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mock_authentication_nonce[MOCK_AUTH_NONCE_LEN]; data/postgresql-13-13.1/src/include/catalog/pg_proc.h:103:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proargmodes[1] BKI_DEFAULT(_null_); data/postgresql-13-13.1/src/include/catalog/pg_statistic_ext.h:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stxkind[1] BKI_FORCE_NOT_NULL; /* statistics kinds requested data/postgresql-13-13.1/src/include/commands/prepare.h:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stmt_name[NAMEDATALEN]; data/postgresql-13-13.1/src/include/commands/tablespace.h:29:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ts_path[FLEXIBLE_ARRAY_MEMBER]; /* null-terminated string */ data/postgresql-13-13.1/src/include/commands/vacuum.h:163:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char statypalign[STATISTIC_NUM_SLOTS]; data/postgresql-13-13.1/src/include/fe_utils/print.h:118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char csvFieldSep[2]; /* field separator for csv format */ data/postgresql-13-13.1/src/include/fe_utils/simple_list.h:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[FLEXIBLE_ARRAY_MEMBER]; /* null-terminated string here */ data/postgresql-13-13.1/src/include/fmgr.h:116:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fcinfo_data[SizeForFunctionCallInfo(nargs)]; \ data/postgresql-13-13.1/src/include/jit/llvmjit_emit.h:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/postgresql-13-13.1/src/include/jit/llvmjit_emit.h:158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/postgresql-13-13.1/src/include/lib/qunique.h:35:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bytes + j * width, bytes + i * width, width); data/postgresql-13-13.1/src/include/lib/qunique.h:61:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bytes + j * width, bytes + i * width, width); data/postgresql-13-13.1/src/include/lib/simplehash.h:500:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newentry, oldentry, sizeof(SH_ELEMENT_TYPE)); data/postgresql-13-13.1/src/include/lib/simplehash.h:648:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lastentry, moveentry, sizeof(SH_ELEMENT_TYPE)); data/postgresql-13-13.1/src/include/lib/simplehash.h:823:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lastentry, curentry, sizeof(SH_ELEMENT_TYPE)); data/postgresql-13-13.1/src/include/libpq/pqcomm.h:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss_pad[128]; /* ensures struct has desired size */ data/postgresql-13-13.1/src/include/libpq/pqcomm.h:144:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char database[SM_DATABASE]; /* Database name */ data/postgresql-13-13.1/src/include/libpq/pqcomm.h:146:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[SM_USER]; /* User name */ data/postgresql-13-13.1/src/include/libpq/pqcomm.h:147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char options[SM_OPTIONS]; /* Optional additional args */ data/postgresql-13-13.1/src/include/libpq/pqcomm.h:148:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused[SM_UNUSED]; /* Unused */ data/postgresql-13-13.1/src/include/libpq/pqcomm.h:149:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tty[SM_TTY]; /* Tty for debug output */ data/postgresql-13-13.1/src/include/libpq/pqformat.h:52:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *pg_restrict) (buf->data + buf->len), &ni, sizeof(uint8)); data/postgresql-13-13.1/src/include/libpq/pqformat.h:66:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *pg_restrict) (buf->data + buf->len), &ni, sizeof(uint16)); data/postgresql-13-13.1/src/include/libpq/pqformat.h:80:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *pg_restrict) (buf->data + buf->len), &ni, sizeof(uint32)); data/postgresql-13-13.1/src/include/libpq/pqformat.h:94:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *pg_restrict) (buf->data + buf->len), &ni, sizeof(uint64)); data/postgresql-13-13.1/src/include/libpq/pqformat.h:120:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char *pg_restrict) buf->data + buf->len), p, slen + 1); data/postgresql-13-13.1/src/include/nodes/execnodes.h:1558:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char phs_snapshot_data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/include/pgstat.h:415:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_xlog[MAX_XFN_CHARS + 1]; data/postgresql-13-13.1/src/include/pgstat.h:719:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_archived_wal[MAX_XFN_CHARS + 1]; /* last WAL file data/postgresql-13-13.1/src/include/pgstat.h:723:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_failed_wal[MAX_XFN_CHARS + 1]; /* WAL file involved in data/postgresql-13-13.1/src/include/pgstat.h:1021:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ssl_version[NAMEDATALEN]; data/postgresql-13-13.1/src/include/pgstat.h:1022:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ssl_cipher[NAMEDATALEN]; data/postgresql-13-13.1/src/include/pgstat.h:1023:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ssl_client_dn[NAMEDATALEN]; data/postgresql-13-13.1/src/include/pgstat.h:1029:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ssl_client_serial[NAMEDATALEN]; data/postgresql-13-13.1/src/include/pgstat.h:1031:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ssl_issuer_dn[NAMEDATALEN]; data/postgresql-13-13.1/src/include/pgstat.h:1045:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gss_princ[NAMEDATALEN]; /* GSSAPI Principal used to auth */ data/postgresql-13-13.1/src/include/port.h:276:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define open(a,b,c) pgwin32_open(a,b,c) data/postgresql-13-13.1/src/include/port.h:277:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define fopen(a,b) pgwin32_fopen(a,b) data/postgresql-13-13.1/src/include/port/win32.h:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sun_path[108]; data/postgresql-13-13.1/src/include/port/win32_msvc/dirent.h:14:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d_name[MAX_PATH]; data/postgresql-13-13.1/src/include/postgres.h:143:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char va_data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/include/postgres.h:149:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char va_data[FLEXIBLE_ARRAY_MEMBER]; /* Compressed data */ data/postgresql-13-13.1/src/include/postgres.h:156:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char va_data[FLEXIBLE_ARRAY_MEMBER]; /* Data begins here */ data/postgresql-13-13.1/src/include/postgres.h:164:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char va_data[FLEXIBLE_ARRAY_MEMBER]; /* Type-specific data */ data/postgresql-13-13.1/src/include/postmaster/bgworker.h:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bgw_name[BGW_MAXLEN]; data/postgresql-13-13.1/src/include/postmaster/bgworker.h:91:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bgw_type[BGW_MAXLEN]; data/postgresql-13-13.1/src/include/postmaster/bgworker.h:95:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bgw_library_name[BGW_MAXLEN]; data/postgresql-13-13.1/src/include/postmaster/bgworker.h:96:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bgw_function_name[BGW_MAXLEN]; data/postgresql-13-13.1/src/include/postmaster/bgworker.h:98:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bgw_extra[BGW_EXTRALEN]; data/postgresql-13-13.1/src/include/postmaster/syslogger.h:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nuls[2]; /* always \0\0 */ data/postgresql-13-13.1/src/include/postmaster/syslogger.h:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FLEXIBLE_ARRAY_MEMBER]; /* data payload starts here */ data/postgresql-13-13.1/src/include/postmaster/syslogger.h:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filler[PIPE_CHUNK_SIZE]; data/postgresql-13-13.1/src/include/replication/logicalproto.h:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *values[MaxTupleAttributeNumber]; data/postgresql-13-13.1/src/include/replication/message.h:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[FLEXIBLE_ARRAY_MEMBER]; /* message including the null data/postgresql-13-13.1/src/include/replication/syncrep.h:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char member_names[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/include/replication/walreceiver.h:110:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conninfo[MAXCONNINFO]; data/postgresql-13-13.1/src/include/replication/walreceiver.h:116:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sender_host[NI_MAXHOST]; data/postgresql-13-13.1/src/include/replication/walreceiver.h:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char slotname[NAMEDATALEN]; data/postgresql-13-13.1/src/include/storage/buf_internals.h:216:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[BUFFERDESC_PAD_TO_SIZE]; data/postgresql-13-13.1/src/include/storage/checksum_impl.h:157:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sums, checksumBaseOffsets, sizeof(checksumBaseOffsets)); data/postgresql-13-13.1/src/include/storage/lwlock.h:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[LWLOCK_PADDED_SIZE]; data/postgresql-13-13.1/src/include/storage/lwlock.h:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[LWLOCK_MINIMAL_SIZE]; data/postgresql-13-13.1/src/include/storage/shmem.h:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[SHMEM_INDEX_KEYSIZE]; /* string name */ data/postgresql-13-13.1/src/include/tsearch/dicts/regis.h:24:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/include/tsearch/dicts/spell.h:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char word[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/include/tsearch/ts_locale.h:45:23: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define COPYCHAR(d,s) memcpy(d, s, pg_mblen(s)) data/postgresql-13-13.1/src/include/tsearch/ts_type.h:209:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FLEXIBLE_ARRAY_MEMBER]; /* data starts here */ data/postgresql-13-13.1/src/include/utils/datetime.h:210:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token[TOKMAXLEN + 1]; /* always NUL-terminated */ data/postgresql-13-13.1/src/include/utils/datetime.h:228:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zone[FLEXIBLE_ARRAY_MEMBER]; /* NUL-terminated zone name */ data/postgresql-13-13.1/src/include/utils/expandeddatum.h:110:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eoh_rw_ptr[EXPANDED_POINTER_SIZE]; data/postgresql-13-13.1/src/include/utils/expandeddatum.h:113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eoh_ro_ptr[EXPANDED_POINTER_SIZE]; data/postgresql-13-13.1/src/include/utils/inet.h:27:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ipaddr[16]; /* up to 128 bits of address */ data/postgresql-13-13.1/src/include/utils/inet.h:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vl_len_[4]; /* Do not touch this field directly! */ data/postgresql-13-13.1/src/include/utils/jsonpath.h:25:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/include/utils/relmapper.h:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/include/utils/uuid.h:22:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[UUID_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:175:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target, src, sizeof(decimal)); data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:657:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, tmp, strlen(tmp)); data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:758:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2] = " "; data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:1013:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) sqlca, (char *) &sqlca_init, sizeof(struct sqlca_t)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/data.c:334:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(var + offset * act_tuple, pval, size); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/data.c:337:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(var + offset * act_tuple, pval, varcharsize * offset); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/data.c:594:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, pval, size); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/descriptor.c:216:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(variable->arr, value, strlen(value)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/descriptor.c:287:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_str[20]; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/descriptor.c:712:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_str[20]; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/ecpglib_extern.h:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arr[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/ecpglib_extern.h:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arr[FLEXIBLE_ARRAY_MEMBER]; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:273:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(array_query, "select typlen from pg_type where oid=%d and typelem<>0", type); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:284:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). isarray = (atol((char *) PQgetvalue(query, 0, 0)) == -1) ? ECPG_ARRAY_ARRAY : ECPG_ARRAY_VECTOR; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:501:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(to_data, "'\\x"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:578:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval + strlen(mallocedval), "%hd,", ((short *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:583:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval, "%hd", *((short *) var->value)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:597:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval + strlen(mallocedval), "%d,", ((int *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:602:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval, "%d", *((int *) var->value)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:616:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval + strlen(mallocedval), "%hu,", ((unsigned short *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:621:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval, "%hu", *((unsigned short *) var->value)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:635:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval + strlen(mallocedval), "%u,", ((unsigned int *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:640:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval, "%u", *((unsigned int *) var->value)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:654:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval + strlen(mallocedval), "%ld,", ((long *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:659:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval, "%ld", *((long *) var->value)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:673:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval + strlen(mallocedval), "%lu,", ((unsigned long *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:678:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval, "%lu", *((unsigned long *) var->value)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:692:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval + strlen(mallocedval), "%lld,", ((long long int *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:697:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval, "%lld", *((long long int *) var->value)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:711:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval + strlen(mallocedval), "%llu,", ((unsigned long long int *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:716:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval, "%llu", *((unsigned long long int *) var->value)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:768:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval + strlen(mallocedval), "%c,", (((bool *) var->value)[element]) ? 't' : 'f'); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:775:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval, "%c", (*((char *) var->value)) ? 't' : 'f'); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:777:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mallocedval, "%c", (*((int *) var->value)) ? 't' : 'f'); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:831:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mallocedval, variable->arr, variable->len); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:909:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mallocedval + strlen(mallocedval), str, slen + 1); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:956:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mallocedval + strlen(mallocedval), str, slen + 1); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1003:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mallocedval + strlen(mallocedval), str, slen + 1); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1050:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mallocedval + strlen(mallocedval), str, slen + 1); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1176:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*tobeinserted, desc_item->data, desc_item->data_len); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1873:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sqlca->sqlerrd[2] = atol(PQcmdTuples(stmt->results)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/misc.c:100:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) sqlca, (char *) &sqlca_init, sizeof(struct sqlca_t)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/prepare.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stmtID[STMTID_SIZE]; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/prepare.c:141:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newcopy, *text, ptr); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/prepare.c:581:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stmtID[STMTID_SIZE]; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/prepare.c:586:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(stmtID, "ecpg%d", nextStmtID++); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/sqlda.c:348:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sqlda->sqlvar[i].sqldata, num, sizeof(numeric)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/sqlda.c:353:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) sqlda + offset, num->buf, num->digits - num->buf + num->ndigits); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/sqlda.c:425:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sqlda->sqldaid, "SQLDA "); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/sqlda.c:537:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sqlda->sqlvar[i].sqldata, num, sizeof(numeric)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/sqlda.c:542:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) sqlda + offset, num->buf, num->digits - num->buf + num->ndigits); data/postgresql-13-13.1/src/interfaces/ecpg/include/sqlca.h:21:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlcaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/include/sqlca.h:27:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrmc[SQLERRMC_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/include/sqlca.h:29:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrp[8]; data/postgresql-13-13.1/src/interfaces/ecpg/include/sqlca.h:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlwarn[8]; data/postgresql-13-13.1/src/interfaces/ecpg/include/sqlca.h:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[5]; data/postgresql-13-13.1/src/interfaces/ecpg/include/sqlda-compat.h:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc_name[19]; /* descriptor name */ data/postgresql-13-13.1/src/interfaces/ecpg/include/sqlda-native.h:21:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[NAMEDATALEN]; data/postgresql-13-13.1/src/interfaces/ecpg/include/sqlda-native.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqldaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/common.c:47:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*output, replace_val.str_val, i + 1); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXDATEFIELDS]; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lowstr[MAXDATELEN + MAXDATEFIELDS]; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:260:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(start_pattern, replace_val.str_val, data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:273:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(start_pattern, t, strlen(t)); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:285:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(start_pattern, t, strlen(t)); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:297:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(start_pattern, t, strlen(t)); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt.h:205:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char token[TOKMAXLEN + 1]; /* always NUL-terminated */ data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:678:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%04d-%02d-%02d", data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:688:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%02d/%02d", tm->tm_mday, tm->tm_mon); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:690:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%02d/%02d", tm->tm_mon, tm->tm_mday); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:692:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + 5, "/%04d", tm->tm_year); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:699:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%02d.%02d", tm->tm_mday, tm->tm_mon); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:701:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + 5, ".%04d", tm->tm_year); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:710:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%02d-%02d", tm->tm_mday, tm->tm_mon); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:712:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%02d-%02d", tm->tm_mon, tm->tm_mday); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:714:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + 5, "-%04d", tm->tm_year); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:770:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%04d-%02d-%02d %02d:%02d", data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:780:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:784:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), ":%02d", tm->tm_sec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:787:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), " BC"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:794:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), "%+03d:%02d", hour, min); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:796:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), "%+03d", hour); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:804:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%02d/%02d", tm->tm_mday, tm->tm_mon); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:806:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%02d/%02d", tm->tm_mon, tm->tm_mday); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:808:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + 5, "/%04d %02d:%02d", data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:818:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:822:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), ":%02d", tm->tm_sec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:825:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), " BC"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:836:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), " %.*s", MAXTZLEN, tzn); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:842:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), "%+03d:%02d", hour, min); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:844:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), "%+03d", hour); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:852:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%02d.%02d", tm->tm_mday, tm->tm_mon); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:854:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + 5, ".%04d %02d:%02d", data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:864:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:868:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), ":%02d", tm->tm_sec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:871:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), " BC"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:876:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), " %.*s", MAXTZLEN, tzn); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:882:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), "%+03d:%02d", hour, min); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:884:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), "%+03d", hour); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:896:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, days[tm->tm_wday], 3); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:904:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + 10, " %02d:%02d", tm->tm_hour, tm->tm_min); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:912:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:916:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), ":%02d", tm->tm_sec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:918:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), " %04d", data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:921:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), " BC"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:926:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), " %.*s", MAXTZLEN, tzn); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:938:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), " %+03d:%02d", hour, min); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:940:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), " %+03d", hour); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1097:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fstr[7]; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1125:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_mday = atoi(str + 6); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1127:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_mon = atoi(str + 4); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1129:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_year = atoi(str + 0); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1137:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_mday = atoi(str + 4); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1139:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_mon = atoi(str + 2); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1141:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_year = atoi(str + 0); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1150:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_mday = atoi(str + 2); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1153:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_year = atoi(str + 0); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1167:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_sec = atoi(str + 4); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1169:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_min = atoi(str + 2); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1171:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_hour = atoi(str + 0); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1180:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_min = atoi(str + 2); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1182:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tm->tm_hour = atoi(str + 0); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1317:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXDATEFIELDS]; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1460:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fstr[7]; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2662:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmp, "%m/%d/%y"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2787:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmp, "%I:%M:%S %p"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2795:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmp, "%H:%M"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2840:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmp, "%H:%M:%S"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:731:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "%d%c", value, units); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:742:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "%02d", abs(sec)); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:744:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "%d", abs(sec)); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:749:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "%02d.%0*d", abs(sec), precision, (int) Abs(fsec)); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:751:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "%d.%0*d", abs(sec), precision, (int) Abs(fsec)); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:831:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "%c%d-%d %c%d %c%d:%02d:", data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:840:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "%d-%d", year, mon); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:844:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "%d %d:%02d:", mday, hour, min); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:850:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "%d:%02d:", hour, min); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:863:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cp, "PT0S"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:933:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(cp, " 0"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:935:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(cp, " ago"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:1015:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXDATEFIELDS]; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:1017:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lowstr[MAXDATELEN + MAXDATEFIELDS]; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:1071:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/numeric.c:242:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "NaN"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/numeric.c:1130:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(divisor[1].digits[1]), var2->digits, ndigits_tmp - 1); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/numeric.c:1143:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dividend.digits, var1->digits, var1->ndigits); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/numeric.c:1191:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&divisor[guess], &divisor[1], sizeof(numeric)); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/numeric.c:1419:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[DBL_DIG + 100]; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/numeric.c:1423:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (sprintf(buffer, "%.*g", DBL_DIG, d) <= 0) data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/timestamp.c:215:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *field[MAXDATEFIELDS]; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/timestamp.c:217:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lowstr[MAXDATELEN + MAXDATEFIELDS]; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/timestamp.c:276:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXDATELEN + 1]; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/timestamp.c:393:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4] = "%Ex"; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/descriptor.c:328:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char descriptor_names[2][MAX_DESCRIPTOR_NAMELEN]; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char my_exec_path[MAXPGPATH]; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:132:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char include_path[MAXPGPATH]; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:171:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). base_yyout = fopen(output_filename, PG_BINARY_W); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:204:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pkginclude_path[MAXPGPATH]; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:205:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char informix_path[MAXPGPATH]; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:287:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(input_filename, "stdin"); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:312:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). base_yyin = fopen(input_filename, PG_BINARY_R); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:329:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). base_yyout = fopen(output_filename, PG_BINARY_W); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/output.c:108:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(line, "\n#line %d \"", base_yylineno); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/output.c:118:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(dest, "\"\n"); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:2792:25: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). base_yylval.ival = atol(yytext+1); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4788:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(literalbuf+literallen, ytext, yleng); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4836:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inc_file[MAXPGPATH]; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4873:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). yyin = fopen(inc_file, "r"); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4878:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(inc_file, ".h"); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4879:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). yyin = fopen(inc_file, "r"); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4900:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). yyin = fopen(inc_file, "r"); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4905:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(inc_file, ".h"); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4906:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). yyin = fopen( inc_file, "r" ); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:120:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pacounter_buffer[sizeof(int) * CHAR_BIT * 10 / 3]; /* a rough guess at the size we need */ data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:122:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *actual_startline[STRUCT_DEPTH]; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:305:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pacounter_buffer, "$%d", pacounter++); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:343:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char var_text[20]; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:350:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(var_text, "%d))", ecpg_internal_var); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:369:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). && atoi(ptr->variable->type->size) > 1) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:386:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). && atoi(ptr->variable->type->size) > 1) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:476:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(var_text, "%d))", ecpg_internal_var); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:523:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if (atoi(ptr->indicator->type->size) > 1) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:648:4: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(this->type->type_index) >= 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:34158:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:34364:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:35158:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(length, "%zu", strlen(str)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:35261:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(length, "%zu", strlen(str)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:56911:8: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atol(p->type->size) == 1) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57903:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(dimension) < 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57923:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(dimension) < 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57928:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (strcmp(dimension, "0") == 0 || abs(atoi(dimension)) == 1) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57933:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(length) < 0 || strcmp(length, "0") == 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57938:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(vcn, "%d", *varlen_type_counter); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57949:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(dimension) == -1) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57953:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(length) == -1 && i > 0) /* char <var>[] = "string" */ data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57969:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(dimension) < 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58186:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(length, "%zu", strlen((yyvsp[0].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58377:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(length, "%zu", strlen((yyvsp[0].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58429:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(length, "%zu", strlen((yyvsp[0].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58450:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(length, "%zu", strlen(var)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58463:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(length, "%zu", strlen(var)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58477:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(length, "%zu", strlen(var)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58681:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(dimension) < 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58689:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(dimension) == -1) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58698:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(dimension) == -1) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58705:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(length) >= 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58708:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(dimension) < 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:445:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (((atoi(arrsize) > 0) || data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:446:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(arrsize) == 0 && strcmp(arrsize, "0") != 0)) && data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:477:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ((atoi(varcharsize) > 1 || data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:478:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(arrsize) > 0) || data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:479:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(varcharsize) == 0 && strcmp(varcharsize, "0") != 0) || data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:480:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(arrsize) == 0 && strcmp(arrsize, "0") != 0)) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:506:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(offset, "sizeof(numeric)"); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:514:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(offset, "sizeof(interval)"); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:522:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(offset, "sizeof(date)"); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:530:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(offset, "sizeof(timestamp)"); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:546:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (((atoi(arrsize) > 0) || data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:547:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (atoi(arrsize) == 0 && strcmp(arrsize, "0") != 0)) && data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:561:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(arrsize) < 0 && !size) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:592:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(arrsize) == 1) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:603:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(arrsize) == 1) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:514:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(type_index) >= 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:516:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(*length) >= 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:522:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(type_dimension) >= 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:524:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(*dimension) >= 0 && atoi(*length) >= 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:524:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(*dimension) >= 0 && atoi(*length) >= 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:527:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(*dimension) >= 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:541:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pointer_len > 1 && (atoi(*length) >= 0 || atoi(*dimension) >= 0)) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:541:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pointer_len > 1 && (atoi(*length) >= 0 || atoi(*dimension) >= 0)) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:544:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(*length) >= 0 && atoi(*dimension) >= 0 && pointer_len) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:544:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(*length) >= 0 && atoi(*dimension) >= 0 && pointer_len) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:558:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(*length) >= 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:569:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(*length) < 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:591:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(*length) < 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:597:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(*dimension) < 0 && !type_definition) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/variable.c:620:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(*length) >= 0) data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/charfuncs.pgc:9:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/dec_test.pgc:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/dec_test.pgc:125:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. rsetnull(CDECIMALTYPE, (char *) decarr[count-1]); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/dec_test.pgc:127:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. risnull(CDECIMALTYPE, (char *) decarr[count-1]) ? "" : "NOT "); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/dec_test.pgc:129:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. risnull(CDECIMALTYPE, (char *) decarr[0]) ? "" : "NOT "); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:18:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name1[30] = "not set"; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:19:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name2[30] = "not set"; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:22:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:26:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:29:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:32:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:35:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:41:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:50:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "allocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:54:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:59:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "describe"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:85:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "get descriptor"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:125:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:136:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "allocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:140:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:145:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "describe"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:156:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "get descriptor"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:178:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:189:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:192:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/describe.pgc:195:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/rfmtdate.pgc:21:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[11]; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/rfmtdate.pgc:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[11]; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/rfmtdate.pgc:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/rfmtdate.pgc:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[11]; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/rfmtlong.pgc:20:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[30]; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[64]; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:63:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:67:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:70:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:73:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:81:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:87:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:94:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:97:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:100:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:101:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open mycur1; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:108:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:117:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:120:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:131:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:134:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:137:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:138:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open mycur2; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:145:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:154:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:157:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:180:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:183:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "execute"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:188:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:217:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:220:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "execute"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:225:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:228:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:235:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:240:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:243:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/sqlda.pgc:246:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/test_informix.pgc:94:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). $open c; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/test_informix2.pgc:12:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errorstring[255]; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/test_informix2.pgc:31:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errorstring, "Rollback successful.\n"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/test_informix2.pgc:33:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errorstring, "Rollback failed with code %ld.\n", SQLCODE); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/test_informix2.pgc:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbname[30]; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/test_informix2.pgc:60:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(dbname, "ecpg1_regression"); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_oracle/char_array.pgc:24:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortstr[5]; data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_oracle/char_array.pgc:25:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bigstr[11]; data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test1.pgc:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char db[200]; data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test1.pgc:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pw[200]; data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test1.pgc:41:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pw, "connectpw"); data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test1.pgc:42:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(db, "tcp:postgresql://localhost/ecpg2_regression"); data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test2.pgc:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[200]; data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test2.pgc:18:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res[200]; data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test2.pgc:23:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(id, "first"); data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test3.pgc:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[200]; data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test3.pgc:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res[200]; data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test3.pgc:22:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(id, "first"); data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test5.pgc:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char db[200]; data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test5.pgc:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[200]; data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test5.pgc:29:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(db, "ecpg2_regression"); data/postgresql-13-13.1/src/interfaces/ecpg/test/connect/test5.pgc:30:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(id, "main"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-charfuncs.c:20:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:44:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(convert, "%g", x); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:178:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. rsetnull(CDECIMALTYPE, (char *) decarr[count-1]); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:180:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. risnull(CDECIMALTYPE, (char *) decarr[count-1]) ? "" : "NOT "); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:182:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. risnull(CDECIMALTYPE, (char *) decarr[0]) ? "" : "NOT "); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name1 [ 30 ] = "not set" ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name2 [ 30 ] = "not set" ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:87:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:95:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:103:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:111:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:137:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:151:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "allocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:165:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:175:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "describe"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:221:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "get descriptor"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:287:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:313:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "allocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:327:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:337:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "describe"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:368:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "get descriptor"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:416:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:442:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:450:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-describe.c:458:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-rfmtdate.c:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[11]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-rfmtdate.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[11]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-rfmtdate.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-rfmtdate.c:96:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[11]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-rfmtlong.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[30]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:149:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[64]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:182:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:186:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:194:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:202:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:210:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:218:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:230:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:238:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:243:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:260:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:281:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:289:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:305:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:313:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:318:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:335:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:356:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:364:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:392:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:400:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "execute"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:414:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:453:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:461:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "execute"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:475:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:483:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:495:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:505:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:513:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-sqlda.c:521:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-test_informix.c:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c [ 10 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlcaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:44:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrmc[SQLERRMC_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrp[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlwarn[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[5]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:102:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errorstring[255]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:123:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errorstring, "Rollback successful.\n"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:125:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errorstring, "Rollback failed with code %ld.\n", SQLCODE); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbname [ 30 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-test_informix2.c:171:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(dbname, "ecpg1_regression"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_oracle-char_array.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortstr [ 5 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_oracle-char_array.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bigstr [ 11 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test1.c:29:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char db [ 200 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test1.c:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pw [ 200 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test1.c:80:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pw, "connectpw"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test1.c:81:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(db, "tcp:postgresql://localhost/ecpg2_regression"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test2.c:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id [ 200 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test2.c:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res [ 200 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test2.c:49:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(id, "first"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test3.c:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id [ 200 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test3.c:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char res [ 200 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test3.c:48:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(id, "first"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test5.c:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char db [ 200 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test5.c:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id [ 200 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test5.c:59:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(db, "ecpg2_regression"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/connect-test5.c:60:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(id, "main"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-nan_test.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val [ 16 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-num_test.c:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-num_test.c:40:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(convert, "%g", x); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-num_test2.c:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-num_test2.c:41:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(convert, "%g", x); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-array_of_struct.c:35:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct varchar_1 { int len; char arr[ 50 ]; } name ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-array_of_struct.c:64:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct varchar_2 { int len; char arr[ 50 ]; } name ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-array_of_struct.c:98:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct varchar_3 { int len; char arr[ 50 ]; } name ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-array_of_struct.c:107:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct varchar_4 { int len; char arr[ 50 ]; } name ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-array_of_struct.c:117:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct varchar_5 { int len; char arr[ 50 ]; } onlyname [ 2 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-autoprep.c:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstr [ 64 ] = "SELECT item2 FROM T ORDER BY item2 NULLS LAST" ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:78:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct varchar_1 { int len; char arr[ 50 ]; } curname4 ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t [ 64 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:95:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:99:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:113:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:121:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:135:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:167:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:183:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:194:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:204:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:219:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:234:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1 from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:249:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:267:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "move in"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:277:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:292:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:310:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:322:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:335:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:349:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:364:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:379:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1 from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:394:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:412:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "move"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:426:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:441:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:459:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:471:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:485:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:505:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:527:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:542:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:557:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1 from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:572:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:590:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "move"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:600:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:615:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:633:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:651:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:671:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:679:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:690:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:702:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:717:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:732:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1 from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:747:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:765:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "move"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:775:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:790:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:808:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:818:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:828:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:842:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:850:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-define.c:44:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char string [ 8 ]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-define.c:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name [ 6 ] [ 8 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-define.c:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char letter [ 6 ] [ 1 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name1 [ 30 ] = "not set" ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name2 [ 30 ] = "not set" ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name3 [ 30 ] = "not set" ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name4 [ 30 ] = "not set" ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:68:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:76:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:84:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:92:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:118:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:131:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "allocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:157:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:165:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "describe"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:187:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "get descriptor"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:258:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:293:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "allocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:319:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:327:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "describe"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:349:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "get descriptor"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:420:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:456:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:464:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-describe.c:472:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-init.c:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlcaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-init.c:38:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrmc[SQLERRMC_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-init.c:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrp[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-init.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlwarn[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-init.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[5]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-outofscope.c:137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t [ 64 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-outofscope.c:146:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c [ 30 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-outofscope.c:267:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-outofscope.c:271:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-outofscope.c:279:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-outofscope.c:287:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-outofscope.c:295:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-outofscope.c:315:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-outofscope.c:347:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-outofscope.c:355:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-outofscope.c:363:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-pointer_to_struct.c:36:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct varchar_1 { int len; char arr[ 50 ]; } name ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-pointer_to_struct.c:65:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct varchar_2 { int len; char arr[ 50 ]; } name ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-pointer_to_struct.c:102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name [ 50 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-pointer_to_struct.c:111:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct varchar_3 { int len; char arr[ 50 ]; } name ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-pointer_to_struct.c:121:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct varchar_4 { int len; char arr[ 50 ]; } onlyname [ 2 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-type.c:46:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char string[11]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-type.c:101:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text [ 10 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:78:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct varchar_1 { int len; char arr[ BUFFERSIZ ]; } name ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:97:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct varchar_2 { int len; char arr[ BUFFERSIZ ]; } name ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:100:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct varchar_3 { int len; char arr[ BUFFERSIZ ]; } name ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:128:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:136:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:144:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:152:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:184:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:192:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:208:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:243:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:251:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:259:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-variable.c:267:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-whenever.c:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c [ 6 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-whenever_do_continue.c:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ename [ 12 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-whenever_do_continue.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg [ 128 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-whenever_do_continue.c:62:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-whenever_do_continue.c:70:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-whenever_do_continue.c:78:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-whenever_do_continue.c:158:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-array.c:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlcaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-array.c:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrmc[SQLERRMC_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-array.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrp[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-array.c:63:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlwarn[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-array.c:77:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[5]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-array.c:142:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text [ 25 ] = "klmnopqrst" ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-array.c:153:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(t, "0123456789"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-array.c:159:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[28]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-array.c:163:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "2000-1-1 0%d:00:00", j); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-array.c:165:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "2000-1-1%d\n", j); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-array.c:167:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%d hours", j+10); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-binary.c:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name [ 21 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-binary.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char byte [ 20 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-bytea.c:54:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct bytea_1 { int len; char arr[ 512 ]; } send_buf [ 2 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-bytea.c:57:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct bytea_2 { int len; char arr[ DATA_SIZE ]; } recv_buf [ 2 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-bytea.c:60:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct bytea_3 { int len; char arr[ DATA_SIZE ]; } * recv_vlen_buf ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-bytea.c:63:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. struct bytea_4 { int len; char arr[ DATA_SIZE - LACK_SIZE ]; } recv_short_buf ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-code100.c:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlcaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-code100.c:38:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrmc[SQLERRMC_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-code100.c:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrp[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-code100.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlwarn[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-code100.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[5]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-copystdout.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlcaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-copystdout.c:40:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrmc[SQLERRMC_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-copystdout.c:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrp[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-copystdout.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlwarn[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-copystdout.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[5]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-define.c:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlcaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-define.c:38:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrmc[SQLERRMC_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-define.c:40:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrp[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-define.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlwarn[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-define.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[5]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-define.c:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s [ 200 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-desc.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val2 [ 4 ] = "one" , val2output [] = "AAA" ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-desc.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc1 [ 8 ] = "outdesc" ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name1 [ 30 ] = "not set" ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name2 [ 30 ] = "not set" ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:85:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:93:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:101:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:109:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:135:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:149:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "allocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:163:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:173:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "describe"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:219:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "get descriptor"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:285:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:311:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "allocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:325:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:335:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "describe"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:366:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "get descriptor"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:414:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:440:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:448:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-describe.c:456:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dynalloc.c:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlcaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dynalloc.c:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrmc[SQLERRMC_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dynalloc.c:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrp[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dynalloc.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlwarn[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dynalloc.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[5]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dynalloc2.c:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlcaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dynalloc2.c:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrmc[SQLERRMC_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dynalloc2.c:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrp[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dynalloc2.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlwarn[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dynalloc2.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[5]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dyntest.c:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlcaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dyntest.c:92:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrmc[SQLERRMC_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dyntest.c:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrp[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dyntest.c:104:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlwarn[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dyntest.c:118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[5]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dyntest.c:187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char NAME [ 120 ] , BOOLVAR ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-dyntest.c:190:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char STRINGVAR [ 1024 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name [ 8 ] [ 8 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char letter [ 8 ] [ 1 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command [ 128 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:80:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 1, 'f')"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:88:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 2, 't')"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:96:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) select name, amount+10, letter from test"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:106:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) select name, amount+$1, letter from test"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:131:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (command, "select * from test"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:171:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n [ 8 ] , l = letter [ i ] [ 0 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:196:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (command, "select * from test where amount = $1"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:238:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n [ 8 ] , l = letter [ i ] [ 0 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:263:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (command, "select * from test where amount = $1"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:293:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n [ 8 ] , l = letter [ i ] [ 0 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-fetch.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str [ 25 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-func.c:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text [ 25 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-indicators.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlcaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-indicators.c:40:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrmc[SQLERRMC_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-indicators.c:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrp[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-indicators.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlwarn[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-indicators.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[5]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name [ 8 ] [ 8 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char letter [ 8 ] [ 1 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command [ 128 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c:81:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 1, 'f')"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c:89:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 2, 't')"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c:97:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) select name, amount+10, letter from test"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c:107:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) select name, amount+$1, letter from test"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c:132:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (command, "select * from test"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c:167:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n[8], l = letter[i][0]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c:181:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (command, "select * from test where ? = amount"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c:218:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n[8], l = letter[i][0]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-prepareas.c:63:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v_include_dq_name [ 16 ] , v_include_ws_name [ 16 ] , v_normal_name [ 16 ] , v_query [ 64 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-prepareas.c:68:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(v_normal_name, "normal_name"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-prepareas.c:69:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(v_include_dq_name, "include_\"_name"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-prepareas.c:70:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(v_include_ws_name, "include_ _name"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-prepareas.c:71:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(v_query, "insert into test values(?,?)"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-quote.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char var [ 25 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-show.c:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char var [ 25 ] = "public" ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:206:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:210:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:218:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:226:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:234:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:242:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:254:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:262:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:267:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:284:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:305:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:313:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:327:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:335:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:340:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:350:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:373:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:381:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:408:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:416:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "execute"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:430:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:469:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:477:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "execute"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:491:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:499:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:510:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:520:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:528:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-sqlda.c:536:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-twophase.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-twophase.c:35:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-twophase.c:49:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-twophase.c:57:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-twophase.c:65:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "begin"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-twophase.c:73:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-twophase.c:81:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare transaction"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-twophase.c:89:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit prepared"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-twophase.c:97:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-twophase.c:105:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-alloc.c:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlcaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-alloc.c:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrmc[SQLERRMC_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-alloc.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrp[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-alloc.c:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlwarn[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-alloc.c:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[5]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-alloc.c:141:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name [ 100 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-alloc.c:150:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "Connection: %d", value); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-descriptor.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlcaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-descriptor.c:53:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrmc[SQLERRMC_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-descriptor.c:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrp[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-descriptor.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlwarn[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-descriptor.c:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[5]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-prep.c:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlcaid[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-prep.c:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrmc[SQLERRMC_LEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-prep.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlerrp[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-prep.c:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlwarn[8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-prep.c:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstate[5]; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-prep.c:141:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name [ 100 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-prep.c:144:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query [ 256 ] = "INSERT INTO T VALUES ( ? )" ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-prep.c:150:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "Connection: %d", value); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-thread.c:152:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char l_connection [ 128 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/thread-thread_implicit.c:152:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char l_connection [ 128 ] ; data/postgresql-13-13.1/src/interfaces/ecpg/test/performance/perftest.pgc:53:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[16]; data/postgresql-13-13.1/src/interfaces/ecpg/test/performance/perftest.pgc:56:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text, "%ld", i); data/postgresql-13-13.1/src/interfaces/ecpg/test/performance/perftest.pgc:74:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[16]; data/postgresql-13-13.1/src/interfaces/ecpg/test/performance/perftest.pgc:93:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[16]; data/postgresql-13-13.1/src/interfaces/ecpg/test/pg_regress_ecpg.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuf[LINEBUFSIZE]; data/postgresql-13-13.1/src/interfaces/ecpg/test/pg_regress_ecpg.c:36:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). s = fopen(sourcefile, "r"); data/postgresql-13-13.1/src/interfaces/ecpg/test/pg_regress_ecpg.c:42:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). t = fopen(outfile, "w"); data/postgresql-13-13.1/src/interfaces/ecpg/test/pg_regress_ecpg.c:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inprg[MAXPGPATH]; data/postgresql-13-13.1/src/interfaces/ecpg/test/pg_regress_ecpg.c:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char insource[MAXPGPATH]; data/postgresql-13-13.1/src/interfaces/ecpg/test/pg_regress_ecpg.c:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *outfile_stdout, data/postgresql-13-13.1/src/interfaces/ecpg/test/pg_regress_ecpg.c:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *outfile_stderr, data/postgresql-13-13.1/src/interfaces/ecpg/test/pg_regress_ecpg.c:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *outfile_source, data/postgresql-13-13.1/src/interfaces/ecpg/test/pg_regress_ecpg.c:96:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXPGPATH * 3]; data/postgresql-13-13.1/src/interfaces/ecpg/test/pgtypeslib/nan_test.pgc:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[16]; data/postgresql-13-13.1/src/interfaces/ecpg/test/pgtypeslib/nan_test.pgc:29:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open cur; data/postgresql-13-13.1/src/interfaces/ecpg/test/pgtypeslib/nan_test.pgc:45:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open cur; data/postgresql-13-13.1/src/interfaces/ecpg/test/pgtypeslib/nan_test.pgc:71:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open cur1; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/autoprep.pgc:12:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sqlstr[64] = "SELECT item2 FROM T ORDER BY item2 NULLS LAST"; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[64]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:38:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:42:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:45:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:49:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:56:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:62:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:66:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:67:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql at test1 open :curname1; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:69:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:73:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:77:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1 from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:81:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:86:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "move in"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:89:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:93:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:98:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:103:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:107:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:108:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql at test1 open :curname2; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:110:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:114:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:118:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1 from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:122:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:127:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "move"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:130:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:134:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:139:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:144:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:148:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:152:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:153:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql at test1 open :curname3; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:154:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql at test2 open :curname5; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:156:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:160:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:164:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1 from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:168:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:173:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "move"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:176:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:180:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:185:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:189:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:199:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:202:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:205:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:206:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql at test1 open :curname4; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:208:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:212:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:216:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1 from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:220:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count from"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:225:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "move"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:228:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch 1"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:232:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch :count"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:237:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:240:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:245:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:249:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:252:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/define.pgc:22:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char string[NAMELEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/define.pgc:24:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[AMOUNT][NAMELEN]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/define.pgc:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char letter[AMOUNT][1]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/outofscope.pgc:40:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open mycur; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/outofscope.pgc:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/outofscope.pgc:65:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/outofscope.pgc:68:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/outofscope.pgc:71:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/outofscope.pgc:74:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/outofscope.pgc:79:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/outofscope.pgc:106:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/outofscope.pgc:109:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/outofscope.pgc:112:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/pointer_to_struct.pgc:38:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[50]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/struct.h:4:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char t[64]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/struct.h:7:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[30]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/type.pgc:11:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char string[11]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/type.pgc:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[10]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/variable.pgc:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/variable.pgc:43:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/variable.pgc:46:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/variable.pgc:49:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/variable.pgc:52:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/variable.pgc:59:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/variable.pgc:62:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/variable.pgc:63:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open cur; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/variable.pgc:71:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/variable.pgc:88:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/variable.pgc:91:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/variable.pgc:94:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/variable.pgc:97:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/whenever.pgc:27:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. exec sql char c[6]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc:12:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ename[12]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc:22:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc:25:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc:28:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc:36:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open c; data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/whenever_do_continue.pgc:59:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/printf_hack.h:10:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/printf_hack.h:13:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(convert, "%g", x); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/array.pgc:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[25] = "klmnopqrst"; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/array.pgc:31:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(t, "0123456789"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/array.pgc:37:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[28]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/array.pgc:41:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "2000-1-1 0%d:00:00", j); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/array.pgc:43:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "2000-1-1%d\n", j); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/array.pgc:45:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%d hours", j+10); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/binary.pgc:10:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[21]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/binary.pgc:12:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char byte[20]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/bytea.pgc:79:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open cursor1; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/define.pgc:11:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[200]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/desc.pgc:13:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val2[4] = "one", val2output[] = "AAA"; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/desc.pgc:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc1[8] = "outdesc"; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:18:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name1[30] = "not set"; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:19:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field_name2[30] = "not set"; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:22:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:26:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:29:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:32:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:35:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:41:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:50:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "allocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:54:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:59:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "describe"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:85:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "get descriptor"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:125:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:136:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "allocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:140:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:145:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "describe"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:156:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "get descriptor"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:178:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:189:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:192:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/describe.pgc:195:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/dyntest.pgc:28:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char NAME[120], BOOLVAR; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/dyntest.pgc:29:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char STRINGVAR[1024]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/dyntest.pgc:60:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open MYCURS; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8][8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char letter[8][1]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:18:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:28:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 1, 'f')"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:31:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 2, 't')"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:34:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) select name, amount+10, letter from test"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:39:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) select name, amount+$1, letter from test"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:47:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (command, "select * from test"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:52:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open CUR; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n[8], l = letter[i][0]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:69:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (command, "select * from test where amount = $1"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:74:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open CUR2 using 1; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:80:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n[8], l = letter[i][0]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:91:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (command, "select * from test where amount = $1"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:99:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n[8], l = letter[i][0]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/fetch.pgc:9:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[25]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/func.pgc:8:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EXEC SQL char text[25]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8][8]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char letter[8][1]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:18:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:29:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 1, 'f')"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:32:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) values ('db: ''r1''', 2, 't')"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:35:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) select name, amount+10, letter from test"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:40:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "insert into test (name, amount, letter) select name, amount+$1, letter from test"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:48:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (command, "select * from test"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:53:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open CUR; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n[8], l = letter[i][0]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:67:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (command, "select * from test where ? = amount"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:72:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open CUR3 using 1; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n[8], l = letter[i][0]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/prepareas.pgc:23:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v_include_dq_name[16], v_include_ws_name[16], v_normal_name[16], v_query[64]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/prepareas.pgc:26:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(v_normal_name, "normal_name"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/prepareas.pgc:27:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(v_include_dq_name, "include_\"_name"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/prepareas.pgc:28:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(v_include_ws_name, "include_ _name"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/prepareas.pgc:29:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(v_query, "insert into test values(?,?)"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/quote.pgc:9:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char var[25]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/show.pgc:9:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char var[25] = "public"; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:77:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:81:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:84:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "set"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:87:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:97:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:105:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:112:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:115:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:118:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:119:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open mycur1; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:126:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:135:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:138:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:147:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:150:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "declare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:153:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "open"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:154:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). exec sql open mycur2; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:156:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "fetch"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:172:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "close"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:175:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:197:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:200:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "execute"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:205:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:234:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:237:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "execute"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:242:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:245:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "deallocate"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:251:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:256:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:259:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/sqlda.pgc:262:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/twophase.pgc:11:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/twophase.pgc:15:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "connect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/twophase.pgc:19:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "create"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/twophase.pgc:22:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/twophase.pgc:25:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "begin"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/twophase.pgc:28:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "insert"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/twophase.pgc:31:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "prepare transaction"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/twophase.pgc:34:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "commit prepared"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/twophase.pgc:37:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "drop"); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/twophase.pgc:40:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "disconnect"); data/postgresql-13-13.1/src/interfaces/ecpg/test/thread/alloc.pgc:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/postgresql-13-13.1/src/interfaces/ecpg/test/thread/alloc.pgc:47:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "Connection: %d", value); data/postgresql-13-13.1/src/interfaces/ecpg/test/thread/prep.pgc:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/postgresql-13-13.1/src/interfaces/ecpg/test/thread/prep.pgc:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query[256] = "INSERT INTO T VALUES ( ? )"; data/postgresql-13-13.1/src/interfaces/ecpg/test/thread/prep.pgc:47:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "Connection: %d", value); data/postgresql-13-13.1/src/interfaces/ecpg/test/thread/thread.pgc:105:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char l_connection[128]; data/postgresql-13-13.1/src/interfaces/ecpg/test/thread/thread_implicit.pgc:105:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char l_connection[128]; data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ServerSignature[SCRAM_KEY_LEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:333:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char raw_nonce[SCRAM_RAW_NONCE_LEN + 1]; data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:489:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cbind_input, "p=tls-server-end-point,,", cbind_header_len); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:490:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cbind_input + cbind_header_len, cbind_data, cbind_data_len); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:740:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->ServerSignature, decoded_server_signature, SCRAM_KEY_LEN); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:831:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char saltbuf[SCRAM_DEFAULT_SALT_LEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:192:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sysmsg[256]; data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:292:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(conn->sspictx, &newContext, sizeof(CtxtHandle)); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:701:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[CMSG_SPACE(sizeof(struct cmsgcred))]; data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:727:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:748:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5Salt[4]; data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:1080:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char username[256 + 1]; data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:1084:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pwdbuf[BUFSIZ]; data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:1193:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char algobuf[MAX_ALGORITHM_NAME_LEN + 1]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:995:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, s, len); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:1200:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char homedir[MAXPGPATH]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:1616:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:1668:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:1673:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char service[NI_MAXHOST]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:1689:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_addr[NI_MAXHOST]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:1822:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:1856:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:1891:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:1978:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[256]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:2260:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:2341:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portstr[MAXPGPATH]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:2511:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_addr[NI_MAXHOST]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:2524:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&conn->raddr.addr, addr_cur->ai_addr, data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:2803:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pwdbuf[BUFSIZ]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4304:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cancel->raddr, &conn->raddr, sizeof(SockAddr)); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4346:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4592:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *attrs[2] = {NULL, NULL}; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4865:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, values[i]->bv_val, values[i]->bv_len); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5029:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serviceFile[MAXPGPATH]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5055:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char homedir[MAXPGPATH]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5104:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXBUFSIZE], data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5107:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(serviceFile, "r"); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5317:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opt_dest, cur_opt, sizeof(PQconninfoOption)); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:6741:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qbuf[128]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:6991:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(pgpassfile, "r"); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:7180:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pwdbuf[BUFSIZ]; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:7190:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmppath[MAX_PATH]; data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:248:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res->attDescs, attDescs, numAttributes * sizeof(PGresAttDesc)); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:493:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attval->value, value, len); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:873:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgBuf[1024]; data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:1189:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(val, columns[i].value, clen); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:3059:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[24]; data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:3069:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, res->cmdStatus + 7, len); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:3527:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rp, str, input_len); data/postgresql-13-13.1/src/interfaces/libpq/fe-lobj.c:694:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LO_BUFSIZE]; data/postgresql-13-13.1/src/interfaces/libpq/fe-lobj.c:697:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-lobj.c:702:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY | PG_BINARY, 0666); data/postgresql-13-13.1/src/interfaces/libpq/fe-lobj.c:790:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LO_BUFSIZE]; data/postgresql-13-13.1/src/interfaces/libpq/fe-lobj.c:792:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-lobj.c:807:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC | PG_BINARY, 0666); data/postgresql-13-13.1/src/interfaces/libpq/fe-lobj.c:956:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). foid = (Oid) atoi(PQgetvalue(res, n, 1)); data/postgresql-13-13.1/src/interfaces/libpq/fe-misc.c:199:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, conn->inBuffer + conn->inCursor, len); data/postgresql-13-13.1/src/interfaces/libpq/fe-misc.c:276:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp2, conn->inBuffer + conn->inCursor, 2); data/postgresql-13-13.1/src/interfaces/libpq/fe-misc.c:283:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp4, conn->inBuffer + conn->inCursor, 4); data/postgresql-13-13.1/src/interfaces/libpq/fe-misc.c:569:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(conn->outBuffer + conn->outMsgEnd, buf, len); data/postgresql-13-13.1/src/interfaces/libpq/fe-misc.c:598:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(conn->outBuffer + conn->outMsgStart, &msgLen, 4); data/postgresql-13-13.1/src/interfaces/libpq/fe-misc.c:1128:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:687:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char formatString[80]; data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:104:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char setQuery[100]; /* note length limit in data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:111:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(setQuery, "SET client_encoding = DEFAULT"); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:113:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(setQuery, "SET client_encoding = '%.60s'", data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:138:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char setQuery[100]; /* note length limit in data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:791:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char std_bitmap[64]; /* used unless it doesn't fit */ data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:1210:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*buffer, &conn->inBuffer[conn->inStart], msgLength); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:1463:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (pqPutnchar((char *) args[i].u.ptr, args[i].len, conn)) data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:1050:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). querypos = atoi(val); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:1069:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). querypos = atoi(val); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:1702:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*buffer, &conn->inBuffer[conn->inCursor], msgLength); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:1751:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, "\\."); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:1806:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, &conn->inBuffer[conn->inCursor], avail); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:1816:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, &conn->inBuffer[conn->inCursor], bufsize); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:1961:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (pqPutnchar((char *) args[i].u.ptr, args[i].len, conn)) data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:2159:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(packet + packet_len, &pv, sizeof(ProtocolVersion)); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-common.c:113:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, namedata, namelen); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-gssapi.c:230:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PqGSSSendBuffer + PqGSSSendLength, &netlen, sizeof(uint32)); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-gssapi.c:233:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-gssapi.c:295:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) ptr + bytes_returned, PqGSSResultBuffer + PqGSSResultNext, bytes_to_copy); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-gssapi.c:409:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PqGSSResultBuffer, output.value, output.length); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-gssapi.c:693:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PqGSSSendBuffer, (char *) &netlen, sizeof(uint32)); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-gssapi.c:696:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PqGSSSendBuffer + PqGSSSendLength, output.value, output.length); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:149:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:278:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:380:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[EVP_MAX_MD_SIZE]; /* size for SHA-512 */ data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:443:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cert_hash, hash, hash_size); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:781:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char homedir[MAXPGPATH]; data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:782:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnbuf[MAXPGPATH]; data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:783:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:1287:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:1535:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sslbits_str[12]; data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:1670:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(my_bio_methods, biom, sizeof(BIO_METHOD)); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure.c:243:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/fe-secure.c:327:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sebuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/interfaces/libpq/libpq-int.h:106:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char space[1]; /* dummy for accessing block as bytes */ data/postgresql-13-13.1/src/interfaces/libpq/libpq-int.h:146:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char contents[FLEXIBLE_ARRAY_MEMBER]; /* value, nul-terminated */ data/postgresql-13-13.1/src/interfaces/libpq/libpq-int.h:178:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdStatus[CMDSTATUS_LEN]; /* cmd status from the query */ data/postgresql-13-13.1/src/interfaces/libpq/libpq-int.h:201:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char null_field[1]; data/postgresql-13-13.1/src/interfaces/libpq/libpq-int.h:393:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char last_sqlstate[6]; /* last reported SQLSTATE */ data/postgresql-13-13.1/src/interfaces/libpq/pqexpbuffer.c:38:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char oom_buffer[1] = ""; data/postgresql-13-13.1/src/interfaces/libpq/pqexpbuffer.c:406:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str->data + str->len, data, datalen); data/postgresql-13-13.1/src/interfaces/libpq/win32.c:321:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(strerrbuf + offs, " (0x%08X/%d)", err, err); data/postgresql-13-13.1/src/pl/plperl/plperl.c:190:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qname[24]; data/postgresql-13-13.1/src/pl/plperl/plperl.c:203:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query_name[NAMEDATALEN]; data/postgresql-13-13.1/src/pl/plperl/plperl.c:240:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char plperl_opmask[MAXO]; data/postgresql-13-13.1/src/pl/plperl/plperl.c:712:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *embedding[3 + 2] = { data/postgresql-13-13.1/src/pl/plperl/plperl.c:785:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *dummy_env[1] = {NULL}; data/postgresql-13-13.1/src/pl/plperl/plperl.c:2084:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char subname[NAMEDATALEN + 40]; data/postgresql-13-13.1/src/pl/plperl/plperl.h:94:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #undef fopen data/postgresql-13-13.1/src/pl/plperl/plperl.h:99:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #undef open data/postgresql-13-13.1/src/pl/plperl/ppport.h:3667:42: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define CopyD(s,d,n,t) memcpy((char*)(d),(char*)(s), (n) * sizeof(t)) data/postgresql-13-13.1/src/pl/plperl/ppport.h:6550:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. && (xdigit = strchr((char *) PL_hexdigit, s[1]))) data/postgresql-13-13.1/src/pl/plperl/ppport.h:6772:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst + used, src, copy); data/postgresql-13-13.1/src/pl/plperl/ppport.h:6801:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, copy); data/postgresql-13-13.1/src/pl/plperl/ppport.h:6893:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char octbuf[32] = "%123456789ABCDF"; data/postgresql-13-13.1/src/pl/plperl/ppport.h:6963:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2]; data/postgresql-13-13.1/src/pl/plpgsql/src/pl_comp.c:414:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/postgresql-13-13.1/src/pl/plpgsql/src/pl_comp.c:1148:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pname[32]; data/postgresql-13-13.1/src/pl/plpgsql/src/pl_comp.c:2450:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hashkey->argtypes, procStruct->proargtypes.values, data/postgresql-13-13.1/src/pl/plpgsql/src/pl_exec.c:1314:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outdatum, indatum, sizeof(PLpgSQL_var)); data/postgresql-13-13.1/src/pl/plpgsql/src/pl_exec.c:1320:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outdatum, indatum, sizeof(PLpgSQL_rec)); data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c:1743:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c:1949:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c:2387:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c:2404:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "SELECT "); data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c:2420:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(cp2, "'::pg_catalog.refcursor"); data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c:5904:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fieldnames[1024]; data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c:6453:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char varname[32]; data/postgresql-13-13.1/src/pl/plpgsql/src/plpgsql.h:461:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FLEXIBLE_ARRAY_MEMBER]; /* nul-terminated string */ data/postgresql-13-13.1/src/pl/plpython/plpy_elog.c:481:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postgresql-13-13.1/src/pl/plpython/plpy_elog.c:497:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/postgresql-13-13.1/src/pl/plpython/plpy_procedure.c:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char procName[NAMEDATALEN + 256]; data/postgresql-13-13.1/src/pl/plpython/plpy_procedure.c:382:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char call[NAMEDATALEN + 256]; data/postgresql-13-13.1/src/pl/plpython/plpy_typeio.c:921:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(result), plrv_sc, len); data/postgresql-13-13.1/src/pl/tcl/pltcl.c:166:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qname[20]; data/postgresql-13-13.1/src/pl/tcl/pltcl.c:489:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char interpname[32]; data/postgresql-13-13.1/src/pl/tcl/pltcl.c:1449:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char internal_proname[128]; data/postgresql-13-13.1/src/pl/tcl/pltcl.c:1452:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proc_internal_args[33 * FUNC_MAX_ARGS]; data/postgresql-13-13.1/src/pl/tcl/pltcl.c:1456:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[48]; data/postgresql-13-13.1/src/pl/tcl/pltcl.c:1608:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(proc_internal_args, data/postgresql-13-13.1/src/pl/tcl/pltcl.c:1614:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(proc_internal_args, "TG_event TG_tag"); data/postgresql-13-13.1/src/pl/tcl/pltcl.c:2222:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. utf_u2e((char *) Tcl_GetString(objv[1])), data/postgresql-13-13.1/src/port/chklocale.c:223:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(r, "CP%u", loct->locinfo->lc_codepage); data/postgresql-13-13.1/src/port/chklocale.c:234:2: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_ACP, 0, ctype, -1, wctype, LOCALE_NAME_MAX_LENGTH); data/postgresql-13-13.1/src/port/chklocale.c:248:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(r, "utf8"); data/postgresql-13-13.1/src/port/chklocale.c:250:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(r, "CP%u", cp); data/postgresql-13-13.1/src/port/chklocale.c:296:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sys[16]; data/postgresql-13-13.1/src/port/chklocale.c:299:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sys, "CP%u", cp); data/postgresql-13-13.1/src/port/dirmod.c:163:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_PATH * sizeof(WCHAR) + offsetof(REPARSE_JUNCTION_DATA_BUFFER, PathBuffer)]; data/postgresql-13-13.1/src/port/dirmod.c:164:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nativeTarget[MAX_PATH]; data/postgresql-13-13.1/src/port/dirmod.c:193:2: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_ACP, 0, nativeTarget, -1, data/postgresql-13-13.1/src/port/dirmod.c:244:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MAX_PATH * sizeof(WCHAR) + offsetof(REPARSE_JUNCTION_DATA_BUFFER, PathBuffer)]; data/postgresql-13-13.1/src/port/dlopen.c:68:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char last_dyn_error[512]; data/postgresql-13-13.1/src/port/getaddrinfo.c:176:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/postgresql-13-13.1/src/port/getaddrinfo.c:201:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(sin.sin_addr), hp->h_addr, hp->h_length); data/postgresql-13-13.1/src/port/getaddrinfo.c:213:45: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sin.sin_port = pg_hton16((unsigned short) atoi(service)); data/postgresql-13-13.1/src/port/getaddrinfo.c:230:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(psin, &sin, sizeof(*psin)); data/postgresql-13-13.1/src/port/getrusage.c:61:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&li, &kerneltime, sizeof(FILETIME)); data/postgresql-13-13.1/src/port/getrusage.c:66:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&li, &usertime, sizeof(FILETIME)); data/postgresql-13-13.1/src/port/inet_net_ntop.c:188:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255/128"]; data/postgresql-13-13.1/src/port/kill.c:24:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pipename[128]; data/postgresql-13-13.1/src/port/mkdtemp.c:106:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char xtra[2] = "aa"; data/postgresql-13-13.1/src/port/mkdtemp.c:183:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(path, O_CREAT | O_EXCL | O_RDWR, 0600)) >= 0) data/postgresql-13-13.1/src/port/path.c:362:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(path, "../"); data/postgresql-13-13.1/src/port/path.c:363:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(path, ".."); data/postgresql-13-13.1/src/port/path.c:810:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pwdbuf[BUFSIZ]; data/postgresql-13-13.1/src/port/pg_strong_random.c:53:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open(filename, O_RDONLY, 0); data/postgresql-13-13.1/src/port/snprintf.c:177:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char onebyte[1]; data/postgresql-13-13.1/src/port/snprintf.c:245:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; /* size is arbitrary */ data/postgresql-13-13.1/src/port/snprintf.c:709:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/port/snprintf.c:1001:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[64]; data/postgresql-13-13.1/src/port/snprintf.c:1004:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. vallen = sprintf(convert, "%p", value); data/postgresql-13-13.1/src/port/snprintf.c:1021:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[64]; data/postgresql-13-13.1/src/port/snprintf.c:1124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[8]; data/postgresql-13-13.1/src/port/snprintf.c:1125:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[1024]; data/postgresql-13-13.1/src/port/snprintf.c:1152:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(convert, "NaN"); data/postgresql-13-13.1/src/port/snprintf.c:1174:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(convert, "Infinity"); data/postgresql-13-13.1/src/port/snprintf.c:1268:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[8]; data/postgresql-13-13.1/src/port/snprintf.c:1269:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convert[64]; data/postgresql-13-13.1/src/port/snprintf.c:1295:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(convert, "NaN"); data/postgresql-13-13.1/src/port/snprintf.c:1312:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(convert, "Infinity"); data/postgresql-13-13.1/src/port/sprompt.c:71:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). termin = fopen("CONIN$", "w+"); data/postgresql-13-13.1/src/port/sprompt.c:72:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). termout = fopen("CONOUT$", "w+"); data/postgresql-13-13.1/src/port/sprompt.c:79:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). termin = fopen("/dev/tty", "r"); data/postgresql-13-13.1/src/port/sprompt.c:80:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). termout = fopen("/dev/tty", "w"); data/postgresql-13-13.1/src/port/sprompt.c:136:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/postgresql-13-13.1/src/port/strerror.c:37:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errorstr_buf[PG_STRERROR_R_BUFLEN]; data/postgresql-13-13.1/src/port/system.c:71:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[1], command, cmdlen); data/postgresql-13-13.1/src/port/system.c:104:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[1], command, cmdlen); data/postgresql-13-13.1/src/port/tar.c:181:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(&h[257], "ustar"); data/postgresql-13-13.1/src/port/tar.c:184:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&h[263], "00", 2); data/postgresql-13-13.1/src/port/win32setlocale.c:113:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char aliasbuf[MAX_LOCALE_NAME_LEN]; data/postgresql-13-13.1/src/port/win32setlocale.c:158:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&aliasbuf[0], &locale[0], matchpos); data/postgresql-13-13.1/src/port/win32setlocale.c:159:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&aliasbuf[matchpos], replacement, replacementlen); data/postgresql-13-13.1/src/port/win32setlocale.c:161:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&aliasbuf[matchpos + replacementlen], rest, restlen + 1); data/postgresql-13-13.1/src/test/examples/testlibpq3.c:120:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *paramValues[1]; data/postgresql-13-13.1/src/test/examples/testlo.c:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/postgresql-13-13.1/src/test/examples/testlo.c:46:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY, 0666); data/postgresql-13-13.1/src/test/examples/testlo.c:153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/postgresql-13-13.1/src/test/examples/testlo.c:168:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC, 0666); data/postgresql-13-13.1/src/test/examples/testlo64.c:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/postgresql-13-13.1/src/test/examples/testlo64.c:46:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY, 0666); data/postgresql-13-13.1/src/test/examples/testlo64.c:175:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/postgresql-13-13.1/src/test/examples/testlo64.c:190:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_CREAT | O_WRONLY | O_TRUNC, 0666); data/postgresql-13-13.1/src/test/isolation/isolation_main.c:17:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char saved_argv0[MAXPGPATH]; data/postgresql-13-13.1/src/test/isolation/isolation_main.c:18:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char isolation_exec[MAXPGPATH]; data/postgresql-13-13.1/src/test/isolation/isolation_main.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char infile[MAXPGPATH]; data/postgresql-13-13.1/src/test/isolation/isolation_main.c:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfile[MAXPGPATH]; data/postgresql-13-13.1/src/test/isolation/isolation_main.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expectfile[MAXPGPATH]; data/postgresql-13-13.1/src/test/isolation/isolation_main.c:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char psql_cmd[MAXPGPATH * 3]; data/postgresql-13-13.1/src/test/isolation/isolationtester.c:117:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_step_wait = ((int64) atoi(env_wait)) * USECS_PER_SEC; data/postgresql-13-13.1/src/test/isolation/isolationtester.c:796:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/postgresql-13-13.1/src/test/isolation/isolationtester.c:887:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidstring[32]; data/postgresql-13-13.1/src/test/isolation/specparse.c:874:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM]; data/postgresql-13-13.1/src/test/isolation/specparse.c:1063:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char yymsgbuf[128]; data/postgresql-13-13.1/src/test/isolation/specparse.c:1269:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. parseresult.setupsqls = (char **) (yyvsp[-3].ptr_list).elements; data/postgresql-13-13.1/src/test/isolation/specparse.c:1439:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (yyval.permutation)->stepnames = (char **) (yyvsp[0].ptr_list).elements; data/postgresql-13-13.1/src/test/modules/test_bloomfilter/test_bloomfilter.c:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char element[MAX_ELEMENT_BYTES]; data/postgresql-13-13.1/src/test/modules/test_bloomfilter/test_bloomfilter.c:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char element[MAX_ELEMENT_BYTES]; data/postgresql-13-13.1/src/test/modules/test_shm_mq/setup.c:219:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(worker.bgw_library_name, "test_shm_mq"); data/postgresql-13-13.1/src/test/modules/test_shm_mq/setup.c:220:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(worker.bgw_function_name, "test_shm_mq_main"); data/postgresql-13-13.1/src/test/modules/worker_spi/worker_spi.c:168:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20]; data/postgresql-13-13.1/src/test/modules/worker_spi/worker_spi.c:171:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "schema%d", index); data/postgresql-13-13.1/src/test/modules/worker_spi/worker_spi.c:358:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(worker.bgw_library_name, "worker_spi"); data/postgresql-13-13.1/src/test/modules/worker_spi/worker_spi.c:359:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(worker.bgw_function_name, "worker_spi_main"); data/postgresql-13-13.1/src/test/modules/worker_spi/worker_spi.c:392:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(worker.bgw_library_name, "worker_spi"); data/postgresql-13-13.1/src/test/modules/worker_spi/worker_spi.c:393:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(worker.bgw_function_name, "worker_spi_main"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:105:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sockself[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:106:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char socklock[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:210:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[64]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:263:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPGPATH * 2]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:466:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char testtablespace[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:467:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indir[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:519:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char srcfile[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:520:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char destfile[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:521:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:524:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:540:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). infile = fopen(srcfile, "r"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:547:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile = fopen(destfile, "w"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:605:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:610:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(buf, "r"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:833:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[16]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:835:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d", port); data/postgresql-13-13.1/src/test/regress/pg_regress.c:855:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[16]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:857:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d", port); data/postgresql-13-13.1/src/test/regress/pg_regress.c:927:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char accountname[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:928:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char domainname[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:990:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:1060:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). hba = fopen(fname, "w"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1076:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ident = fopen(fname, "w"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1108:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query_formatted[1024]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:1109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char query_escaped[2048]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:1110:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char psql_cmd[MAXPGPATH + 2048]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:1222:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(file, "r"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1244:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(file, "r"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1264:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(file, "r"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1369:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expectfile[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:1370:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char diff[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:1371:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[MAXPGPATH * 3]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:1372:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char best_expect_file[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:1489:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). difffile = fopen(difffilename, "a"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1526:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(active_pids, pids, num_tests * sizeof(PID_TYPE)); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1616:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tests[MAX_PARALLEL_TESTS]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:1625:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scbuf[1024]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:1634:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). scf = fopen(schedule, "r"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1931:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:1941:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). logfile = fopen(logfilename, "w"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1952:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). difffile = fopen(difffilename, "w"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:2114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPGPATH * 4]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:2115:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[MAXPGPATH * 4]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:2177:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_connections = atoi(optarg); data/postgresql-13-13.1/src/test/regress/pg_regress.c:2198:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(optarg); data/postgresql-13-13.1/src/test/regress/pg_regress.c:2233:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_concurrent_tests = atoi(optarg); data/postgresql-13-13.1/src/test/regress/pg_regress.c:2343:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pg_conf = fopen(buf, "a"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:2361:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line_buf[1024]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:2363:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). extra_conf = fopen(temp_config, "r"); data/postgresql-13-13.1/src/test/regress/pg_regress.c:2403:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[16]; data/postgresql-13-13.1/src/test/regress/pg_regress.c:2416:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d", port); data/postgresql-13-13.1/src/test/regress/pg_regress.c:2454:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wait_seconds = atoi(env_wait); data/postgresql-13-13.1/src/test/regress/pg_regress_main.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char infile[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress_main.c:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfile[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress_main.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expectfile[MAXPGPATH]; data/postgresql-13-13.1/src/test/regress/pg_regress_main.c:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char psql_cmd[MAXPGPATH * 3]; data/postgresql-13-13.1/src/test/regress/regress.c:169:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, data/postgresql-13-13.1/src/test/regress/regress.c:595:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(attr, oldattr, VARSIZE_ANY(oldattr)); data/postgresql-13-13.1/src/test/regress/regress.c:602:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA_EXTERNAL(new_attr), &redirect_pointer, data/postgresql-13-13.1/src/test/regress/regress.c:824:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_before[4]; data/postgresql-13-13.1/src/test/regress/regress.c:826:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data_after[4]; data/postgresql-13-13.1/src/test/regress/regress.c:829:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(struct_w_lock.data_before, "abcd", 4); data/postgresql-13-13.1/src/test/regress/regress.c:830:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(struct_w_lock.data_after, "ef12", 4); data/postgresql-13-13.1/src/test/thread/thread_test.c:98:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char myhostname[MAXHOSTNAMELEN]; data/postgresql-13-13.1/src/test/thread/thread_test.c:290:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(TEMP_FILENAME_1, O_RDWR | O_CREAT, 0600)) < 0) data/postgresql-13-13.1/src/test/thread/thread_test.c:302:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (open(TEMP_FILENAME_1, O_RDWR | O_CREAT | O_EXCL, 0600) >= 0) data/postgresql-13-13.1/src/timezone/localtime.c:182:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2 * sizeof(struct tzhead) + 2 * sizeof(struct state) data/postgresql-13-13.1/src/timezone/localtime.c:1231:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, stdname, stdlen); data/postgresql-13-13.1/src/timezone/localtime.c:1236:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, dstname, dstlen); data/postgresql-13-13.1/src/timezone/pgtz.c:48:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tzdir[MAXPGPATH]; data/postgresql-13-13.1/src/timezone/pgtz.c:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[MAXPGPATH]; data/postgresql-13-13.1/src/timezone/pgtz.c:104:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). result = open(fullname, O_RDONLY | PG_BINARY, 0); data/postgresql-13-13.1/src/timezone/pgtz.c:141:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(fullname, O_RDONLY | PG_BINARY, 0); data/postgresql-13-13.1/src/timezone/pgtz.c:194:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tznameupper[TZ_STRLEN_MAX + 1]; data/postgresql-13-13.1/src/timezone/pgtz.c:240:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uppername[TZ_STRLEN_MAX + 1]; data/postgresql-13-13.1/src/timezone/pgtz.c:241:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char canonname[TZ_STRLEN_MAX + 1]; data/postgresql-13-13.1/src/timezone/pgtz.c:304:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tzp->tz.state, &tzstate, sizeof(tzstate)); data/postgresql-13-13.1/src/timezone/pgtz.c:325:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char offsetstr[64]; data/postgresql-13-13.1/src/timezone/pgtz.c:326:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzname[128]; data/postgresql-13-13.1/src/timezone/pgtz.c:392:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *dirname[MAX_TZDIR_DEPTH]; data/postgresql-13-13.1/src/timezone/pgtz.c:433:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullname[MAXPGPATH * 2]; data/postgresql-13-13.1/src/timezone/pgtz.h:50:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char types[TZ_MAX_TIMES]; data/postgresql-13-13.1/src/timezone/pgtz.h:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chars[BIGGEST(BIGGEST(TZ_MAX_CHARS + 1, 4 /* sizeof gmt */ ), data/postgresql-13-13.1/src/timezone/pgtz.h:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char TZname[TZ_STRLEN_MAX + 1]; data/postgresql-13-13.1/src/timezone/strftime.c:50:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *mon[MONSPERYEAR]; data/postgresql-13-13.1/src/timezone/strftime.c:51:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *month[MONSPERYEAR]; data/postgresql-13-13.1/src/timezone/strftime.c:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *wday[DAYSPERWEEK]; data/postgresql-13-13.1/src/timezone/strftime.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *weekday[DAYSPERWEEK]; data/postgresql-13-13.1/src/timezone/strftime.c:518:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INT_STRLEN_MAXIMUM(int) + 1]; data/postgresql-13-13.1/src/timezone/tzfile.h:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzh_magic[4]; /* TZ_MAGIC */ data/postgresql-13-13.1/src/timezone/tzfile.h:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzh_version[1]; /* '\0' or '2' or '3' as of 2013 */ data/postgresql-13-13.1/src/timezone/tzfile.h:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzh_reserved[15]; /* reserved; must be zero */ data/postgresql-13-13.1/src/timezone/tzfile.h:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzh_ttisutcnt[4]; /* coded number of trans. time flags */ data/postgresql-13-13.1/src/timezone/tzfile.h:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzh_ttisstdcnt[4]; /* coded number of trans. time flags */ data/postgresql-13-13.1/src/timezone/tzfile.h:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzh_leapcnt[4]; /* coded number of leap seconds */ data/postgresql-13-13.1/src/timezone/tzfile.h:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzh_timecnt[4]; /* coded number of transition times */ data/postgresql-13-13.1/src/timezone/tzfile.h:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzh_typecnt[4]; /* coded number of local time types */ data/postgresql-13-13.1/src/timezone/tzfile.h:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzh_charcnt[4]; /* coded number of abbr. chars */ data/postgresql-13-13.1/src/timezone/zic.c:395:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char isdsts[TZ_MAX_TYPES]; data/postgresql-13-13.1/src/timezone/zic.c:396:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char desigidx[TZ_MAX_TYPES]; data/postgresql-13-13.1/src/timezone/zic.c:399:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char chars[TZ_MAX_CHARS]; data/postgresql-13-13.1/src/timezone/zic.c:402:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char roll[TZ_MAX_LEAPS]; data/postgresql-13-13.1/src/timezone/zic.c:984:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + 3 * i, "../", 3); data/postgresql-13-13.1/src/timezone/zic.c:1068:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(target, "rb"); data/postgresql-13-13.1/src/timezone/zic.c:1077:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tp = fopen(linkname, "wb"); data/postgresql-13-13.1/src/timezone/zic.c:1118:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nameslashdot, name, n); data/postgresql-13-13.1/src/timezone/zic.c:1250:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ]; data/postgresql-13-13.1/src/timezone/zic.c:1257:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fp = fopen(name, "r")) == NULL) data/postgresql-13-13.1/src/timezone/zic.c:2014:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4]; data/postgresql-13-13.1/src/timezone/zic.c:2027:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8]; data/postgresql-13-13.1/src/timezone/zic.c:2217:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(name, "wb"); data/postgresql-13-13.1/src/timezone/zic.c:2225:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(name, "wb"); data/postgresql-13-13.1/src/timezone/zic.c:2249:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char omittype[TZ_MAX_TYPES]; data/postgresql-13-13.1/src/timezone/zic.c:2254:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char thischars[TZ_MAX_CHARS]; data/postgresql-13-13.1/src/timezone/zic.c:2438:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic); data/postgresql-13-13.1/src/timezone/zic.c:2639:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char letterbuf[PERCENT_Z_LEN_BOUND + 1]; data/postgresql-13-13.1/src/timezone/zic.c:2653:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(abbr, format, slashp - format); data/postgresql-13-13.1/src/timezone/zic.c:2703:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. len += sprintf(result + len, "%d", hours); data/postgresql-13-13.1/src/timezone/zic.c:2706:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. len += sprintf(result + len, ":%02d", minutes); data/postgresql-13-13.1/src/timezone/zic.c:2708:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. len += sprintf(result + len, ":%02d", seconds); data/postgresql-13-13.1/src/timezone/zic.c:2731:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. result += sprintf(result, "%d", total + rp->r_dayofmonth - 1); data/postgresql-13-13.1/src/timezone/zic.c:2733:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. result += sprintf(result, "J%d", total + rp->r_dayofmonth); data/postgresql-13-13.1/src/timezone/zic.c:2768:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. result += sprintf(result, "M%d.%d.%d", data/postgresql-13-13.1/src/tools/ifaddrs/test_ifaddrs.c:20:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/postgresql-13-13.1/src/tutorial/funcs.c:81:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *) VARDATA(new_t), /* destination */ data/postgresql-13-13.1/src/tutorial/funcs.c:100:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(new_text), VARDATA_ANY(arg1), arg1_size); data/postgresql-13-13.1/src/tutorial/funcs.c:101:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(VARDATA(new_text) + arg1_size, VARDATA_ANY(arg2), arg2_size); data/postgresql-13-13.1/contrib/adminpack/adminpack.c:563:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(de->d_name) != 32 data/postgresql-13-13.1/contrib/citext/citext.c:52:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = varstr_cmp(lcstr, strlen(lcstr), data/postgresql-13-13.1/contrib/citext/citext.c:53:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rcstr, strlen(rcstr), data/postgresql-13-13.1/contrib/citext/citext.c:79:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen = strlen(lcstr); data/postgresql-13-13.1/contrib/citext/citext.c:80:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen = strlen(rcstr); data/postgresql-13-13.1/contrib/citext/citext.c:147:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = hash_any((unsigned char *) str, strlen(str)); data/postgresql-13-13.1/contrib/citext/citext.c:167:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = hash_any_extended((unsigned char *) str, strlen(str), seed); data/postgresql-13-13.1/contrib/cube/cubeparse.c:744:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/postgresql-13-13.1/contrib/cube/cubeparse.c:1372:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(yyval, ","); data/postgresql-13-13.1/contrib/cube/cubescan.c:863:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/postgresql-13-13.1/contrib/cube/cubescan.c:1804:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) ); data/postgresql-13-13.1/contrib/cube/cubescan.c:2085:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Size slen = strlen(str); data/postgresql-13-13.1/contrib/dblink/dblink.c:2593:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). truncate_identifier(key, strlen(key), false); data/postgresql-13-13.1/contrib/dblink/dblink.c:2625:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). truncate_identifier(key, strlen(key), true); data/postgresql-13-13.1/contrib/dblink/dblink.c:2655:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). truncate_identifier(key, strlen(key), false); data/postgresql-13-13.1/contrib/dblink/dblink.c:2851:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). truncate_identifier(srvname, strlen(srvname), false); data/postgresql-13-13.1/contrib/fuzzystrmatch/dmetaphone.c:245:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s->length = strlen(init_str); data/postgresql-13-13.1/contrib/fuzzystrmatch/dmetaphone.c:385:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). add_length = strlen(new_str); data/postgresql-13-13.1/contrib/fuzzystrmatch/dmetaphone.c:406:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(str); data/postgresql-13-13.1/contrib/fuzzystrmatch/fuzzystrmatch.c:260:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t str_i_len = strlen(str_i); data/postgresql-13-13.1/contrib/fuzzystrmatch/fuzzystrmatch.c:363:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((word == NULL) || !(strlen(word) > 0)) data/postgresql-13-13.1/contrib/fuzzystrmatch/fuzzystrmatch.c:370:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *phoned_word = palloc(sizeof(char) * strlen(word) + 1); data/postgresql-13-13.1/contrib/hstore/hstore_io.c:879:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pairs[j].keylen = hstoreCheckKeyLen(strlen(NameStr(att->attname))); data/postgresql-13-13.1/contrib/hstore/hstore_io.c:909:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pairs[j].vallen = hstoreCheckValLen(strlen(value)); data/postgresql-13-13.1/contrib/hstore/hstore_io.c:1073:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(NameStr(att->attname))); data/postgresql-13-13.1/contrib/hstore_plperl/hstore_plperl.c:89:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) hv_store(hv, key, strlen(key), value, 0); data/postgresql-13-13.1/contrib/hstore_plperl/hstore_plperl.c:133:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pairs[i].keylen = hstoreCheckKeyLen(strlen(pairs[i].key)); data/postgresql-13-13.1/contrib/hstore_plperl/hstore_plperl.c:145:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pairs[i].vallen = hstoreCheckValLen(strlen(pairs[i].val)); data/postgresql-13-13.1/contrib/hstore_plpython/hstore_plpython.c:163:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pairs[i].keylen = hstoreCheckKeyLen(strlen(pairs[i].key)); data/postgresql-13-13.1/contrib/hstore_plpython/hstore_plpython.c:175:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pairs[i].vallen = hstoreCheckValLen(strlen(pairs[i].val)); data/postgresql-13-13.1/contrib/jsonb_plperl/jsonb_plperl.c:253:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out.val.string.len = strlen(out.val.string.val); data/postgresql-13-13.1/contrib/jsonb_plpython/jsonb_plpython.c:90:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jbvElem->val.string.len = strlen(jbvElem->val.string.val); data/postgresql-13-13.1/contrib/ltree/crc32.h:10:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define crc32(buf) ltree_crc32_sz((buf),strlen(buf)) data/postgresql-13-13.1/contrib/ltree/ltree_io.c:207:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendtext(&buf, res, strlen(res)); data/postgresql-13-13.1/contrib/ltree/ltree_io.c:765:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendtext(&buf, res, strlen(res)); data/postgresql-13-13.1/contrib/ltree/ltxtquery_io.c:596:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendtext(&buf, nrm.buf, strlen(nrm.buf)); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:274:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length += strlen(eary->array[i]); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:282:4: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(ptr++, ","); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:283:3: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(ptr++, "'"); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:284:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += PQescapeString(ptr, eary->array[i], strlen(eary->array[i])); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:285:3: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(ptr++, "'"); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:409:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length[j] = strlen(PQfname(res, j)); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:415:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(PQgetvalue(res, i, j)); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:417:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length[j] = strlen(PQgetvalue(res, i, j)); data/postgresql-13-13.1/contrib/oid2name/oid2name.c:522:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). qualifiers = (char *) pg_malloc(strlen(comma_oids) + strlen(comma_tables) + data/postgresql-13-13.1/contrib/oid2name/oid2name.c:522:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). qualifiers = (char *) pg_malloc(strlen(comma_oids) + strlen(comma_tables) + data/postgresql-13-13.1/contrib/oid2name/oid2name.c:523:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(comma_filenodes) + 80); data/postgresql-13-13.1/contrib/pageinspect/heapfuncs.c:466:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bits_str_len = strlen(t_bits_str); data/postgresql-13-13.1/contrib/pageinspect/heapfuncs.c:482:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(t_bits_str)))); data/postgresql-13-13.1/contrib/passwordcheck/passwordcheck.c:90:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int pwdlen = strlen(password); data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:412:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, buf.data, XLOG_BLCKSZ) == XLOG_BLCKSZ) data/postgresql-13-13.1/contrib/pg_standby/pg_standby.c:501:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((len = read(fd, buf, sizeof(buf) - 1)) < 0) data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c:1261:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(query_location <= strlen(query)); data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c:1265:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). query_len = strlen(query); data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c:1267:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(query_len <= strlen(query)); data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c:1273:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). query_len = strlen(query); data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c:2164:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, buf, stat.st_size) != stat.st_size) data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c:2581:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). AppendJumble(jstate, (const unsigned char *) (str), strlen(str) + 1) data/postgresql-13-13.1/contrib/pg_stat_statements/pg_stat_statements.c:3417:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). locs[i].length = strlen(yyextra.scanbuf + loc); data/postgresql-13-13.1/contrib/pg_trgm/trgm_op.c:304:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytelen = strlen(bword); data/postgresql-13-13.1/contrib/pg_trgm/trgm_op.c:900:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytelen = strlen(buf2); data/postgresql-13-13.1/contrib/pg_trgm/trgm_op.c:968:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SET_VARSIZE(item, VARHDRSZ + strlen(VARDATA(item))); data/postgresql-13-13.1/contrib/pgcrypto/crypt-blowfish.c:614:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(setting) < 29) data/postgresql-13-13.1/contrib/pgcrypto/crypt-des.c:694:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(setting) < 9) data/postgresql-13-13.1/contrib/pgcrypto/crypt-des.c:731:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = output + strlen(output); data/postgresql-13-13.1/contrib/pgcrypto/crypt-des.c:742:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(setting) < 2) data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:58:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(sp, magic, strlen(magic)) == 0) data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:59:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sp += strlen(magic); data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:81:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). px_md_update(ctx, (const uint8 *) pw, strlen(pw)); data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:84:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). px_md_update(ctx, (uint8 *) magic, strlen(magic)); data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:90:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). px_md_update(ctx1, (const uint8 *) pw, strlen(pw)); data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:92:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). px_md_update(ctx1, (const uint8 *) pw, strlen(pw)); data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:94:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (pl = strlen(pw); pl > 0; pl -= MD5_SIZE) data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:101:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(pw); i; i >>= 1) data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:109:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(passwd, sp, sl); data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:110:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(passwd, "$"); data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:123:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). px_md_update(ctx1, (const uint8 *) pw, strlen(pw)); data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:131:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). px_md_update(ctx1, (const uint8 *) pw, strlen(pw)); data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:136:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). px_md_update(ctx1, (const uint8 *) pw, strlen(pw)); data/postgresql-13-13.1/contrib/pgcrypto/crypt-md5.c:140:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = passwd + strlen(passwd); data/postgresql-13-13.1/contrib/pgcrypto/imath.c:2001:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!s_pad(z, s_inlen(strlen(str), radix))) data/postgresql-13-13.1/contrib/pgcrypto/pgp-armor.c:243:73: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). find_str(const uint8 *data, const uint8 *data_end, const char *str, int strlen) data/postgresql-13-13.1/contrib/pgcrypto/pgp-armor.c:247:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strlen) data/postgresql-13-13.1/contrib/pgcrypto/pgp-armor.c:249:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (data_end - data < strlen) data/postgresql-13-13.1/contrib/pgcrypto/pgp-armor.c:256:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p + strlen > data_end) data/postgresql-13-13.1/contrib/pgcrypto/pgp-armor.c:258:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (memcmp(p, str, strlen) == 0) data/postgresql-13-13.1/contrib/pgcrypto/pgp-armor.c:277:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = find_str(p, datend, sep, strlen(sep)); data/postgresql-13-13.1/contrib/pgcrypto/pgp-armor.c:283:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(sep); data/postgresql-13-13.1/contrib/pgcrypto/pgp-armor.c:286:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(sep); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:983:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). values[0] = pg_any_to_server(utf8key, strlen(utf8key), PG_UTF8); data/postgresql-13-13.1/contrib/pgcrypto/pgp-pgsql.c:984:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). values[1] = pg_any_to_server(utf8val, strlen(utf8val), PG_UTF8); data/postgresql-13-13.1/contrib/pgcrypto/px-crypt.c:44:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (res == NULL || strlen(res) > len - 1) data/postgresql-13-13.1/contrib/pgcrypto/px-crypt.c:163:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(p); data/postgresql-13-13.1/contrib/pgcrypto/px.c:414:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf = px_alloc(strlen(name) + 1); data/postgresql-13-13.1/contrib/pgrowlocks/pgrowlocks.c:198:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(values[Atnum_xids], "{"); data/postgresql-13-13.1/contrib/pgrowlocks/pgrowlocks.c:199:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(values[Atnum_modes], "{"); data/postgresql-13-13.1/contrib/pgrowlocks/pgrowlocks.c:200:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(values[Atnum_pids], "{"); data/postgresql-13-13.1/contrib/pgrowlocks/pgrowlocks.c:208:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(values[Atnum_xids], ","); data/postgresql-13-13.1/contrib/pgrowlocks/pgrowlocks.c:209:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(values[Atnum_modes], ","); data/postgresql-13-13.1/contrib/pgrowlocks/pgrowlocks.c:210:8: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(values[Atnum_pids], ","); data/postgresql-13-13.1/contrib/pgrowlocks/pgrowlocks.c:243:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(values[Atnum_xids], "}"); data/postgresql-13-13.1/contrib/pgrowlocks/pgrowlocks.c:244:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(values[Atnum_modes], "}"); data/postgresql-13-13.1/contrib/pgrowlocks/pgrowlocks.c:245:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(values[Atnum_pids], "}"); data/postgresql-13-13.1/contrib/postgres_fdw/deparse.c:2427:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(node, (Node *) lfirst(lc))) data/postgresql-13-13.1/contrib/postgres_fdw/deparse.c:2492:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(extval, "0123456789+-eE.") == strlen(extval)) data/postgresql-13-13.1/contrib/postgres_fdw/deparse.c:2498:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcspn(extval, "eE.") != strlen(extval)) data/postgresql-13-13.1/contrib/postgres_fdw/deparse.c:2572:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(node, (Node *) lfirst(lc))) data/postgresql-13-13.1/contrib/postgres_fdw/deparse.c:3420:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(lfirst(lc), (Node *) node)) data/postgresql-13-13.1/contrib/postgres_fdw/postgres_fdw.c:3301:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return equal(expr, state->current); data/postgresql-13-13.1/contrib/postgres_fdw/postgres_fdw.c:6577:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(em_expr, expr)) data/postgresql-13-13.1/contrib/seg/seg.c:143:9: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. p += sprintf(p, " "); data/postgresql-13-13.1/contrib/seg/seg.c:149:9: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. p += sprintf(p, " "); data/postgresql-13-13.1/contrib/seg/seg.c:945:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(result); data/postgresql-13-13.1/contrib/seg/seg.c:1047:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(result); data/postgresql-13-13.1/contrib/seg/segparse.c:757:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/postgresql-13-13.1/contrib/seg/segscan.c:854:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/postgresql-13-13.1/contrib/seg/segscan.c:1785:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) ); data/postgresql-13-13.1/contrib/seg/segscan.c:2065:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Size slen = strlen(str); data/postgresql-13-13.1/contrib/sepgsql/uavc.c:69:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return hash_any((const unsigned char *) scontext, strlen(scontext)) data/postgresql-13-13.1/contrib/sepgsql/uavc.c:70:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ^ hash_any((const unsigned char *) tcontext, strlen(tcontext)) data/postgresql-13-13.1/contrib/spi/refint.c:178:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), "%s = $%d %s", data/postgresql-13-13.1/contrib/spi/refint.c:178:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), "%s = $%d %s", data/postgresql-13-13.1/contrib/spi/refint.c:494:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), data/postgresql-13-13.1/contrib/spi/refint.c:494:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), data/postgresql-13-13.1/contrib/spi/refint.c:519:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), data/postgresql-13-13.1/contrib/spi/refint.c:519:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), data/postgresql-13-13.1/contrib/spi/refint.c:529:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), "%s = $%d %s", data/postgresql-13-13.1/contrib/spi/refint.c:529:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), "%s = $%d %s", data/postgresql-13-13.1/contrib/uuid-ossp/uuid-ossp.c:54:20: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. #error UUID length mismatch data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:230:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). schema = PQescapeIdentifier(conn, schema, strlen(schema)); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:231:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). table = PQescapeIdentifier(conn, table, strlen(table)); data/postgresql-13-13.1/contrib/vacuumlo/vacuumlo.c:232:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). field = PQescapeIdentifier(conn, field, strlen(field)); data/postgresql-13-13.1/contrib/xml2/xpath.c:722:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). doctree = xmlParseMemory(xmldoc, strlen(xmldoc)); data/postgresql-13-13.1/src/backend/access/common/heaptuple.c:278:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data_length = strlen(DatumGetCString(datum)) + 1; data/postgresql-13-13.1/src/backend/access/common/printsimple.c:108:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendcountedtext(&buf, str, strlen(str), false); data/postgresql-13-13.1/src/backend/access/common/printsimple.c:118:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendcountedtext(&buf, str, strlen(str), false); data/postgresql-13-13.1/src/backend/access/common/printtup.c:435:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendcountedtext(buf, outputstr, strlen(outputstr), false); data/postgresql-13-13.1/src/backend/access/common/printtup.c:524:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendcountedtext(buf, outputstr, strlen(outputstr), true); data/postgresql-13-13.1/src/backend/access/common/reloptions.c:546:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((option).isset ? strlen((option).values.string_val) : \ data/postgresql-13-13.1/src/backend/access/common/reloptions.c:604:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). relOpts[j]->namelen = strlen(relOpts[j]->name); data/postgresql-13-13.1/src/backend/access/common/reloptions.c:612:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). relOpts[j]->namelen = strlen(relOpts[j]->name); data/postgresql-13-13.1/src/backend/access/common/reloptions.c:620:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). relOpts[j]->namelen = strlen(relOpts[j]->name); data/postgresql-13-13.1/src/backend/access/common/reloptions.c:628:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). relOpts[j]->namelen = strlen(relOpts[j]->name); data/postgresql-13-13.1/src/backend/access/common/reloptions.c:636:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). relOpts[j]->namelen = strlen(relOpts[j]->name); data/postgresql-13-13.1/src/backend/access/common/reloptions.c:793:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newoption->namelen = strlen(name); data/postgresql-13-13.1/src/backend/access/common/reloptions.c:1051:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newoption->default_len = strlen(default_val); data/postgresql-13-13.1/src/backend/access/common/reloptions.c:1179:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). kw_len = strlen(def->defname); data/postgresql-13-13.1/src/backend/access/common/reloptions.c:1282:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = VARHDRSZ + strlen(def->defname) + 1 + strlen(value); data/postgresql-13-13.1/src/backend/access/common/reloptions.c:1282:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = VARHDRSZ + strlen(def->defname) + 1 + strlen(value); data/postgresql-13-13.1/src/backend/access/common/reloptions.c:1793:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset += strlen(string_val) + 1; data/postgresql-13-13.1/src/backend/access/hash/hashfunc.c:232:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return hash_any((unsigned char *) key, strlen(key)); data/postgresql-13-13.1/src/backend/access/hash/hashfunc.c:240:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return hash_any_extended((unsigned char *) key, strlen(key), data/postgresql-13-13.1/src/backend/access/heap/vacuumlazy.c:3292:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). querylen = strlen(debug_query_string); data/postgresql-13-13.1/src/backend/access/nbtree/nbtsort.c:1536:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). querylen = strlen(debug_query_string); data/postgresql-13-13.1/src/backend/access/rmgrdesc/xactdesc.c:108:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data += strlen(data) + 1; data/postgresql-13-13.1/src/backend/access/rmgrdesc/xactdesc.c:192:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data += strlen(data) + 1; data/postgresql-13-13.1/src/backend/access/rmgrdesc/xactdesc.c:234:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(parsed->twophase_gid, bufptr, xlrec->gidlen); data/postgresql-13-13.1/src/backend/access/table/tableamapi.c:120:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(*newval) >= NAMEDATALEN) data/postgresql-13-13.1/src/backend/access/transam/parallel.c:285:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). shm_toc_estimate_chunk(&pcxt->estimator, strlen(pcxt->library_name) + data/postgresql-13-13.1/src/backend/access/transam/parallel.c:286:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(pcxt->function_name) + 2); data/postgresql-13-13.1/src/backend/access/transam/parallel.c:446:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lnamelen = strlen(pcxt->library_name); data/postgresql-13-13.1/src/backend/access/transam/parallel.c:448:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(pcxt->function_name) + 2); data/postgresql-13-13.1/src/backend/access/transam/parallel.c:1368:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). function_name = entrypointstate + strlen(library_name) + 1; data/postgresql-13-13.1/src/backend/access/transam/slru.c:712:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, shared->page_buffer[slotno], BLCKSZ) != BLCKSZ) data/postgresql-13-13.1/src/backend/access/transam/slru.c:1449:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(clde->d_name); data/postgresql-13-13.1/src/backend/access/transam/timeline.c:357:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nbytes = (int) read(srcfd, buffer, sizeof(buffer)); data/postgresql-13-13.1/src/backend/access/transam/timeline.c:408:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nbytes = strlen(buffer); data/postgresql-13-13.1/src/backend/access/transam/twophase.c:378:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(gid) >= GIDSIZE) data/postgresql-13-13.1/src/backend/access/transam/twophase.c:1023:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hdr.gidlen = strlen(gxact->gid) + 1; /* Include '\0' */ data/postgresql-13-13.1/src/backend/access/transam/twophase.c:1270:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd, buf, stat.st_size); data/postgresql-13-13.1/src/backend/access/transam/twophase.c:1790:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(clde->d_name) == 8 && data/postgresql-13-13.1/src/backend/access/transam/xact.c:5604:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XLogRegisterData(unconstify(char *, twophase_gid), strlen(twophase_gid) + 1); data/postgresql-13-13.1/src/backend/access/transam/xact.c:5732:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XLogRegisterData(unconstify(char *, twophase_gid), strlen(twophase_gid) + 1); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:3497:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(srcfd, buffer.data, nread); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:4722:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd, ControlFile, sizeof(ControlFileData)); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:10535:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(backupidstr) > MAXPGPATH) data/postgresql-13-13.1/src/backend/access/transam/xlog.c:10718:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). datadirpathlen = strlen(DataDir); data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11194:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(labelfile, "START WAL LOCATION: %X/%X (file %24s)%c", data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11209:14: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (!ptr || sscanf(ptr, "BACKUP FROM: %19s\n", backupfrom) != 1) data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11597:6: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (fscanf(lfp, "START WAL LOCATION: %X/%X (file %08X%16s)%c", data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11615:6: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (fscanf(lfp, "BACKUP METHOD: %19s\n", backuptype) == 1) data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11621:6: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (fscanf(lfp, "BACKUP FROM: %19s\n", backupfrom) == 1) data/postgresql-13-13.1/src/backend/access/transam/xlog.c:11720:15: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = fgetc(lfp)) != EOF) data/postgresql-13-13.1/src/backend/access/transam/xlogarchive.c:327:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dp += strlen(dp); data/postgresql-13-13.1/src/backend/access/transam/xlogfuncs.c:312:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(restore_name_str) >= MAXFNAMELEN) data/postgresql-13-13.1/src/backend/access/transam/xlogfuncs.c:689:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(backup_start_time) == 0) data/postgresql-13-13.1/src/backend/bootstrap/bootparse.c:934:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/postgresql-13-13.1/src/backend/bootstrap/bootscanner.c:964:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/postgresql-13-13.1/src/backend/bootstrap/bootscanner.c:1281:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). yytext[strlen(yytext) - 1] = '\0'; data/postgresql-13-13.1/src/backend/bootstrap/bootscanner.c:1283:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). yytext[strlen(yytext)] = '"'; /* restore yytext */ data/postgresql-13-13.1/src/backend/bootstrap/bootscanner.c:2024:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) ); data/postgresql-13-13.1/src/backend/bootstrap/bootstrap.c:597:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(relname) >= NAMEDATALEN) data/postgresql-13-13.1/src/backend/catalog/heap.c:2822:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(expr, stringToNode(TextDatumGetCString(val)))) data/postgresql-13-13.1/src/backend/catalog/index.c:2495:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(info1->ii_Expressions, mapped)) data/postgresql-13-13.1/src/backend/catalog/index.c:2518:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(info1->ii_Predicate, mapped)) data/postgresql-13-13.1/src/backend/catalog/namespace.c:3861:3: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(oidlist, baseSearchPath)) data/postgresql-13-13.1/src/backend/catalog/pg_enum.c:124:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(lab) > (NAMEDATALEN - 1)) data/postgresql-13-13.1/src/backend/catalog/pg_enum.c:227:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(newVal) > (NAMEDATALEN - 1)) data/postgresql-13-13.1/src/backend/catalog/pg_enum.c:522:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(newVal) > (NAMEDATALEN - 1)) data/postgresql-13-13.1/src/backend/catalog/pg_operator.c:76:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(name); data/postgresql-13-13.1/src/backend/catalog/pg_proc.c:1036:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int prosrclen = strlen(prosrc); data/postgresql-13-13.1/src/backend/catalog/pg_proc.c:1037:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int querylen = strlen(queryText); data/postgresql-13-13.1/src/backend/catalog/pg_type.c:813:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int namelen = strlen(typeName); data/postgresql-13-13.1/src/backend/commands/analyze.c:1815:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total_width += strlen(DatumGetCString(value)) + 1; data/postgresql-13-13.1/src/backend/commands/analyze.c:1945:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total_width += strlen(DatumGetCString(value)) + 1; data/postgresql-13-13.1/src/backend/commands/analyze.c:2292:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total_width += strlen(DatumGetCString(value)) + 1; data/postgresql-13-13.1/src/backend/commands/async.c:627:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). channel_len = channel ? strlen(channel) : 0; data/postgresql-13-13.1/src/backend/commands/async.c:628:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). payload_len = payload ? strlen(payload) : 0; data/postgresql-13-13.1/src/backend/commands/async.c:728:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(channel) + 1); data/postgresql-13-13.1/src/backend/commands/async.c:2148:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *payload = qe->data + strlen(channel) + 1; data/postgresql-13-13.1/src/backend/commands/collationcmds.c:563:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(localebuf); data/postgresql-13-13.1/src/backend/commands/comment.c:155:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (comment != NULL && strlen(comment) == 0) data/postgresql-13-13.1/src/backend/commands/comment.c:250:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (comment != NULL && strlen(comment) == 0) data/postgresql-13-13.1/src/backend/commands/copy.c:508:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). appendBinaryStringInfo(cstate->fe_msgbuf, str, strlen(str)); data/postgresql-13-13.1/src/backend/commands/copy.c:1317:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cstate->null_print_len = strlen(cstate->null_print); data/postgresql-13-13.1/src/backend/commands/copy.c:1328:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cstate->delim) != 1) data/postgresql-13-13.1/src/backend/commands/copy.c:1375:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (cstate->csv_mode && strlen(cstate->quote) != 1) data/postgresql-13-13.1/src/backend/commands/copy.c:1391:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (cstate->csv_mode && strlen(cstate->escape) != 1) data/postgresql-13-13.1/src/backend/commands/copy.c:1911:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). oumask = umask(S_IWGRP | S_IWOTH); data/postgresql-13-13.1/src/backend/commands/copy.c:1918:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(oumask); data/postgresql-13-13.1/src/backend/commands/copy.c:2318:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen(str); data/postgresql-13-13.1/src/backend/commands/copy.c:3913:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). appendBinaryStringInfo(&cstate->line_buf, cvt, strlen(cvt)); data/postgresql-13-13.1/src/backend/commands/copy.c:4784:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = pg_server_to_any(string, strlen(string), cstate->file_encoding); data/postgresql-13-13.1/src/backend/commands/copy.c:4944:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = pg_server_to_any(string, strlen(string), cstate->file_encoding); data/postgresql-13-13.1/src/backend/commands/extension.c:265:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int namelen = strlen(extensionname); data/postgresql-13-13.1/src/backend/commands/extension.c:312:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int namelen = strlen(versionname); data/postgresql-13-13.1/src/backend/commands/extension.c:1158:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int extnamelen = strlen(control->name); data/postgresql-13-13.1/src/backend/commands/foreigncmds.c:79:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = VARHDRSZ + strlen(def->defname) + 1 + strlen(value); data/postgresql-13-13.1/src/backend/commands/foreigncmds.c:79:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = VARHDRSZ + strlen(def->defname) + 1 + strlen(value); data/postgresql-13-13.1/src/backend/commands/functioncmds.c:910:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(*prosrc_str_p) == 0) data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2162:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name1chars = strlen(name1); data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2165:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name2chars = strlen(name2); data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2171:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). overhead += strlen(label) + 1; data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2349:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen += strlen(buf + buflen); data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2404:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = pg_mbcliplen(origname, strlen(origname), data/postgresql-13-13.1/src/backend/commands/indexcmds.c:2405:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). NAMEDATALEN - 1 - strlen(nbuf)); data/postgresql-13-13.1/src/backend/commands/statscmds.c:744:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen += strlen(buf + buflen); data/postgresql-13-13.1/src/backend/commands/tablecmds.c:2504:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. else if (!equal(def->cooked_default, this_default)) data/postgresql-13-13.1/src/backend/commands/tablecmds.c:2859:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(expr, ccon->expr)) data/postgresql-13-13.1/src/backend/commands/tablecmds.c:8193:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen += strlen(buf + buflen); data/postgresql-13-13.1/src/backend/commands/tablecmds.c:16869:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p) + 1; data/postgresql-13-13.1/src/backend/commands/tablespace.c:285:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(location) + 1 + strlen(TABLESPACE_VERSION_DIRECTORY) + 1 + data/postgresql-13-13.1/src/backend/commands/tablespace.c:285:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(location) + 1 + strlen(TABLESPACE_VERSION_DIRECTORY) + 1 + data/postgresql-13-13.1/src/backend/commands/tablespace.c:380:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XLogRegisterData((char *) location, strlen(location) + 1); data/postgresql-13-13.1/src/backend/commands/trigger.c:822:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(ar) + 4; data/postgresql-13-13.1/src/backend/commands/trigger.c:834:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *d = args + strlen(args); data/postgresql-13-13.1/src/backend/commands/trigger.c:1661:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p) + 1; data/postgresql-13-13.1/src/backend/executor/execMain.c:2278:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vallen = strlen(val); data/postgresql-13-13.1/src/backend/executor/execParallel.c:642:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). query_len = strlen(estate->es_sourceText); data/postgresql-13-13.1/src/backend/executor/execParallel.c:647:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pstmt_len = strlen(pstmt_data) + 1; data/postgresql-13-13.1/src/backend/executor/execPartition.c:1341:28: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. values[0], &equal); data/postgresql-13-13.1/src/backend/executor/execPartition.c:1342:30: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (bound_offset >= 0 && equal) data/postgresql-13-13.1/src/backend/executor/execPartition.c:1373:19: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. &equal); data/postgresql-13-13.1/src/backend/executor/execPartition.c:1473:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vallen = strlen(val); data/postgresql-13-13.1/src/backend/executor/execTuples.c:2302:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(txt); data/postgresql-13-13.1/src/backend/executor/nodeAgg.c:4469:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. !equal(newagg->args, existingRef->args) || data/postgresql-13-13.1/src/backend/executor/nodeAgg.c:4470:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. !equal(newagg->aggorder, existingRef->aggorder) || data/postgresql-13-13.1/src/backend/executor/nodeAgg.c:4471:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. !equal(newagg->aggdistinct, existingRef->aggdistinct) || data/postgresql-13-13.1/src/backend/executor/nodeAgg.c:4472:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. !equal(newagg->aggfilter, existingRef->aggfilter)) data/postgresql-13-13.1/src/backend/executor/nodeAgg.c:4479:4: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(newagg->aggdirectargs, existingRef->aggdirectargs)) data/postgresql-13-13.1/src/backend/executor/nodeWindowAgg.c:2420:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(wfunc, perfunc[i].wfunc) && data/postgresql-13-13.1/src/backend/jit/llvm/llvmjit.c:862:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(name, "pgextern.", strlen("pgextern.")) == 0) data/postgresql-13-13.1/src/backend/jit/llvm/llvmjit.c:871:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *modname = pnstrdup(name + strlen("pgextern."), data/postgresql-13-13.1/src/backend/jit/llvm/llvmjit.c:872:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *funcname - name - strlen("pgextern.") - 1); data/postgresql-13-13.1/src/backend/jit/llvm/llvmjit_inline.cpp:803:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = path.replace(0, strlen("$libdir"), std::string(pkglib_path) + "/bitcode"); data/postgresql-13-13.1/src/backend/jit/llvm/llvmjit_types.c:138:2: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen, data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:360:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (inputlen != strlen(input)) data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:440:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *outputlen = strlen(*output); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:513:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). saltlen = pg_b64_dec_len(strlen(encoded_salt)); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:515:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). saltlen = pg_b64_decode(encoded_salt, strlen(encoded_salt), salt, data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:601:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). decoded_len = pg_b64_dec_len(strlen(salt_str)); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:603:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). decoded_len = pg_b64_decode(salt_str, strlen(salt_str), data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:612:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). decoded_len = pg_b64_dec_len(strlen(storedkey_str)); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:614:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). decoded_len = pg_b64_decode(storedkey_str, strlen(storedkey_str), data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:620:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). decoded_len = pg_b64_dec_len(strlen(serverkey_str)); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:622:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). decoded_len = pg_b64_decode(serverkey_str, strlen(serverkey_str), data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1071:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int client_nonce_len = strlen(state->client_nonce); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1072:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int server_nonce_len = strlen(state->server_nonce); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1073:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int final_nonce_len = strlen(state->client_final_nonce); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1102:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->client_first_message_bare)); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1106:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->server_first_message)); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1110:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->client_final_message_without_proof)); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1263:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cbind_header_len = strlen("p=tls-server-end-point,,"); /* p=type,, */ data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1315:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). client_proof_len = pg_b64_dec_len(strlen(value)); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1317:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pg_b64_decode(value, strlen(value), client_proof, data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1352:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->client_first_message_bare)); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1356:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->server_first_message)); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1360:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->client_final_message_without_proof)); data/postgresql-13-13.1/src/backend/libpq/auth-scram.c:1410:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_sha256_update(&ctx, (uint8 *) username, strlen(username)); data/postgresql-13-13.1/src/backend/libpq/auth.c:713:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf.data) + 1 != buf.len) data/postgresql-13-13.1/src/backend/libpq/auth.c:1070:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pg_krb_server_keyfile && strlen(pg_krb_server_keyfile) > 0) data/postgresql-13-13.1/src/backend/libpq/auth.c:1080:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t kt_len = strlen(pg_krb_server_keyfile) + 14; data/postgresql-13-13.1/src/backend/libpq/auth.c:1253:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (port->hba->krb_realm != NULL && strlen(port->hba->krb_realm)) data/postgresql-13-13.1/src/backend/libpq/auth.c:1274:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (port->hba->krb_realm && strlen(port->hba->krb_realm)) data/postgresql-13-13.1/src/backend/libpq/auth.c:1591:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (port->hba->krb_realm && strlen(port->hba->krb_realm)) data/postgresql-13-13.1/src/backend/libpq/auth.c:1740:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ident_response) < 2) data/postgresql-13-13.1/src/backend/libpq/auth.c:1742:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (ident_response[strlen(ident_response) - 2] != '\r') data/postgresql-13-13.1/src/backend/libpq/auth.c:1928:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = send(sock_fd, ident_query, strlen(ident_query), 0); data/postgresql-13-13.1/src/backend/libpq/auth.c:2098:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(passwd) == 0) data/postgresql-13-13.1/src/backend/libpq/auth.c:2877:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(port->peer_cn) <= 0) data/postgresql-13-13.1/src/backend/libpq/auth.c:3016:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(passwd) > RADIUS_MAX_PASSWORD_LENGTH) data/postgresql-13-13.1/src/backend/libpq/auth.c:3144:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). radius_add_attribute(packet, RADIUS_USER_NAME, (const unsigned char *) user_name, strlen(user_name)); data/postgresql-13-13.1/src/backend/libpq/auth.c:3145:90: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). radius_add_attribute(packet, RADIUS_NAS_IDENTIFIER, (const unsigned char *) identifier, strlen(identifier)); data/postgresql-13-13.1/src/backend/libpq/auth.c:3153:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). encryptedpasswordlen = ((strlen(passwd) + RADIUS_VECTOR_LENGTH - 1) / RADIUS_VECTOR_LENGTH) * RADIUS_VECTOR_LENGTH; data/postgresql-13-13.1/src/backend/libpq/auth.c:3154:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cryptvector = palloc(strlen(secret) + RADIUS_VECTOR_LENGTH); data/postgresql-13-13.1/src/backend/libpq/auth.c:3155:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(cryptvector, secret, strlen(secret)); data/postgresql-13-13.1/src/backend/libpq/auth.c:3161:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(cryptvector + strlen(secret), md5trailer, RADIUS_VECTOR_LENGTH); data/postgresql-13-13.1/src/backend/libpq/auth.c:3169:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!pg_md5_binary(cryptvector, strlen(secret) + RADIUS_VECTOR_LENGTH, encryptedpassword + i)) data/postgresql-13-13.1/src/backend/libpq/auth.c:3180:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (j < strlen(passwd)) data/postgresql-13-13.1/src/backend/libpq/auth.c:3362:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cryptvector = palloc(packetlength + strlen(secret)); data/postgresql-13-13.1/src/backend/libpq/auth.c:3371:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(cryptvector + packetlength, secret, strlen(secret)); data/postgresql-13-13.1/src/backend/libpq/auth.c:3374:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). packetlength + strlen(secret), data/postgresql-13-13.1/src/backend/libpq/be-fsstubs.c:445:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((nbytes = read(fd, buf, BUFSIZE)) > 0) data/postgresql-13-13.1/src/backend/libpq/be-fsstubs.c:500:11: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). oumask = umask(S_IWGRP | S_IWOTH); data/postgresql-13-13.1/src/backend/libpq/be-fsstubs.c:508:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(oumask); data/postgresql-13-13.1/src/backend/libpq/be-secure-gssapi.c:492:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pg_krb_server_keyfile != NULL && strlen(pg_krb_server_keyfile) > 0) data/postgresql-13-13.1/src/backend/libpq/be-secure-openssl.c:551:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len != strlen(peer_cn)) data/postgresql-13-13.1/src/backend/libpq/crypt.c:97:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(shadow_pass) == MD5_PASSWD_LEN && data/postgresql-13-13.1/src/backend/libpq/crypt.c:134:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!pg_md5_encrypt(password, role, strlen(role), data/postgresql-13-13.1/src/backend/libpq/crypt.c:192:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!pg_md5_encrypt(shadow_pass + strlen("md5"), data/postgresql-13-13.1/src/backend/libpq/crypt.c:253:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(role), data/postgresql-13-13.1/src/backend/libpq/hba.c:293:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). toklen = strlen(token); data/postgresql-13-13.1/src/backend/libpq/hba.c:392:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inc_fullname = (char *) palloc(strlen(outer_filename) + 1 + data/postgresql-13-13.1/src/backend/libpq/hba.c:393:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(inc_filename) + 1); data/postgresql-13-13.1/src/backend/libpq/hba.c:504:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(rawline) == MAX_LINE - 1) data/postgresql-13-13.1/src/backend/libpq/hba.c:516:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lineptr = rawline + strlen(rawline) - 1; data/postgresql-13-13.1/src/backend/libpq/hba.c:677:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t plen = strlen(pattern); data/postgresql-13-13.1/src/backend/libpq/hba.c:678:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t hlen = strlen(actual_hostname); data/postgresql-13-13.1/src/backend/libpq/hba.c:2767:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wstr = palloc((strlen(parsedline->ident_user + 1) + 1) * sizeof(pg_wchar)); data/postgresql-13-13.1/src/backend/libpq/hba.c:2769:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wstr, strlen(parsedline->ident_user + 1)); data/postgresql-13-13.1/src/backend/libpq/hba.c:2825:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wstr = palloc((strlen(ident_user) + 1) * sizeof(pg_wchar)); data/postgresql-13-13.1/src/backend/libpq/hba.c:2826:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wlen = pg_mb2wchar_with_len(ident_user, wstr, strlen(ident_user)); data/postgresql-13-13.1/src/backend/libpq/hba.c:2868:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). regexp_pgrole = palloc0(strlen(identLine->pg_role) - 2 + (matches[1].rm_eo - matches[1].rm_so) + 1); data/postgresql-13-13.1/src/backend/libpq/pqcomm.c:369:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(unixSocketPath) >= UNIXSOCK_PATH_BUFLEN) data/postgresql-13-13.1/src/backend/libpq/pqformat.c:151:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(p); data/postgresql-13-13.1/src/backend/libpq/pqformat.c:181:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(p); data/postgresql-13-13.1/src/backend/libpq/pqformat.c:199:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen(str); data/postgresql-13-13.1/src/backend/libpq/pqformat.c:205:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(p); data/postgresql-13-13.1/src/backend/libpq/pqformat.c:371:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen(str); data/postgresql-13-13.1/src/backend/libpq/pqformat.c:377:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) pq_putmessage(msgtype, p, strlen(p) + 1); data/postgresql-13-13.1/src/backend/libpq/pqformat.c:562:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *nbytes = strlen(p); data/postgresql-13-13.1/src/backend/libpq/pqformat.c:593:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(str); data/postgresql-13-13.1/src/backend/libpq/pqformat.c:622:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(str); data/postgresql-13-13.1/src/backend/libpq/pqmq.c:274:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(value) != 5) data/postgresql-13-13.1/src/backend/nodes/equalfuncs.c:55:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(a->fldname, b->fldname)) \ data/postgresql-13-13.1/src/backend/nodes/equalfuncs.c:2367:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(&a->val, &b->val)) /* hack for in-line Value field */ data/postgresql-13-13.1/src/backend/nodes/equalfuncs.c:2965:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(lfirst(item_a), lfirst(item_b))) data/postgresql-13-13.1/src/backend/nodes/equalfuncs.c:3033:1: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(const void *a, const void *b) data/postgresql-13-13.1/src/backend/nodes/extensible.c:57:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(extnodename) >= EXTNODENAME_MAX_LEN) data/postgresql-13-13.1/src/backend/nodes/list.c:622:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(lfirst(cell), datum)) data/postgresql-13-13.1/src/backend/nodes/list.c:786:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(lfirst(cell), datum)) data/postgresql-13-13.1/src/backend/optimizer/path/clausesel.c:384:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(var, rqelem->var)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:175:6: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(item1, item2)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:282:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(opfamilies, cur_ec->ec_opfamilies)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:301:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(item1, cur_em->em_expr)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:311:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(item2, cur_em->em_expr)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:655:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(opfamilies, cur_ec->ec_opfamilies)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:678:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(expr, cur_em->em_expr)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:858:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(target_expr, em_expr)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:1929:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(rinfo->mergeopfamilies, cur_ec->ec_opfamilies)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:1938:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(outervar, cur_em->em_expr)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:2047:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(rinfo->mergeopfamilies, cur_ec->ec_opfamilies)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:2079:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(leftvar, cfirst) && equal(rightvar, csecond)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:2079:35: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(leftvar, cfirst) && equal(rightvar, csecond)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:2195:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(item1, em->em_expr)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:2197:13: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. else if (equal(item2, em->em_expr)) data/postgresql-13-13.1/src/backend/optimizer/path/equivclass.c:2288:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(opfamilies, ec->ec_opfamilies)) data/postgresql-13-13.1/src/backend/optimizer/path/indxpath.c:1785:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(node, oldnode)) data/postgresql-13-13.1/src/backend/optimizer/path/indxpath.c:3776:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(indexkey, operand)) data/postgresql-13-13.1/src/backend/optimizer/path/pathkeys.c:671:6: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(partexpr, clause)) data/postgresql-13-13.1/src/backend/optimizer/path/pathkeys.c:678:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(partexpr, arg)) data/postgresql-13-13.1/src/backend/optimizer/path/pathkeys.c:967:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(tle_expr, sub_expr)) data/postgresql-13-13.1/src/backend/optimizer/plan/createplan.c:4921:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(node, indexkey)) data/postgresql-13-13.1/src/backend/optimizer/plan/createplan.c:6112:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(emexpr, tlexpr)) data/postgresql-13-13.1/src/backend/optimizer/plan/planagg.c:307:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(mminfo->target, curTarget->expr)) data/postgresql-13-13.1/src/backend/optimizer/plan/planner.c:2175:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. && equal(scanjoin_target->exprs, current_rel->reltarget->exprs); data/postgresql-13-13.1/src/backend/optimizer/plan/planner.c:3272:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(gc, sc)) data/postgresql-13-13.1/src/backend/optimizer/plan/setrefs.c:1143:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(ptle->expr, ctle->expr)) data/postgresql-13-13.1/src/backend/optimizer/plan/setrefs.c:1590:23: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. Assert(!g->cols || equal(cols, g->cols)); data/postgresql-13-13.1/src/backend/optimizer/plan/setrefs.c:1709:6: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(mminfo->target, curTarget->expr)) data/postgresql-13-13.1/src/backend/optimizer/plan/setrefs.c:2346:4: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(node, tle->expr)) data/postgresql-13-13.1/src/backend/optimizer/plan/setrefs.c:2620:6: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(mminfo->target, curTarget->expr)) data/postgresql-13-13.1/src/backend/optimizer/plan/subselect.c:566:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *ptr = splan->plan_name + strlen(splan->plan_name); data/postgresql-13-13.1/src/backend/optimizer/prep/prepqual.c:590:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(refclause, clause)) data/postgresql-13-13.1/src/backend/optimizer/prep/prepunion.c:899:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(op->colTypes, top_union->colTypes)) data/postgresql-13-13.1/src/backend/optimizer/util/paramassign.c:325:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(var, nlp->paramval)) data/postgresql-13-13.1/src/backend/optimizer/util/paramassign.c:374:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(phv, nlp->paramval)) data/postgresql-13-13.1/src/backend/optimizer/util/paramassign.c:452:13: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. Assert(equal(var, nlp->paramval)); data/postgresql-13-13.1/src/backend/optimizer/util/paramassign.c:483:13: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. Assert(equal(phv, nlp->paramval)); data/postgresql-13-13.1/src/backend/optimizer/util/pathnode.c:2586:3: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(oldtarget->exprs, target->exprs)) data/postgresql-13-13.1/src/backend/optimizer/util/plancat.c:930:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(elem->expr, nattExpr)) data/postgresql-13-13.1/src/backend/optimizer/util/predtest.c:1124:6: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal((Node *) predicate, clause)) data/postgresql-13-13.1/src/backend/optimizer/util/predtest.c:1208:4: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(((NullTest *) clause)->arg, isnullarg)) data/postgresql-13-13.1/src/backend/optimizer/util/predtest.c:1228:4: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(((NullTest *) predicate)->arg, isnullarg)) data/postgresql-13-13.1/src/backend/optimizer/util/predtest.c:1343:6: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(clause, subexpr)) data/postgresql-13-13.1/src/backend/optimizer/util/predtest.c:1705:6: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(pred_leftop, clause_leftop)) data/postgresql-13-13.1/src/backend/optimizer/util/predtest.c:1707:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(pred_rightop, clause_rightop)) data/postgresql-13-13.1/src/backend/optimizer/util/predtest.c:1723:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. else if (equal(pred_rightop, clause_rightop)) data/postgresql-13-13.1/src/backend/optimizer/util/predtest.c:1740:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. else if (equal(pred_leftop, clause_rightop)) data/postgresql-13-13.1/src/backend/optimizer/util/predtest.c:1742:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(pred_rightop, clause_leftop)) data/postgresql-13-13.1/src/backend/optimizer/util/predtest.c:1766:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. else if (equal(pred_rightop, clause_leftop)) data/postgresql-13-13.1/src/backend/optimizer/util/relnode.c:1845:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(lfirst(lc), expr)) data/postgresql-13-13.1/src/backend/optimizer/util/relnode.c:1861:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(lfirst(lc), expr)) data/postgresql-13-13.1/src/backend/optimizer/util/tlist.c:81:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(node, tlentry->expr)) data/postgresql-13-13.1/src/backend/optimizer/util/tlist.c:109:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(node, tlexpr)) data/postgresql-13-13.1/src/backend/optimizer/util/tlist.c:253:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(tle1->expr, tle2->expr)) data/postgresql-13-13.1/src/backend/optimizer/util/tlist.c:1225:4: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(item->expr, node)) data/postgresql-13-13.1/src/backend/parser/gram.c:25345:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/postgresql-13-13.1/src/backend/parser/gram.c:46607:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. !equal(lastd->argType, firsto->argType)) data/postgresql-13-13.1/src/backend/parser/parse_agg.c:1008:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(refwin->partitionClause, windef->partitionClause) && data/postgresql-13-13.1/src/backend/parser/parse_agg.c:1009:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(refwin->orderClause, windef->orderClause) && data/postgresql-13-13.1/src/backend/parser/parse_agg.c:1011:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(refwin->startOffset, windef->startOffset) && data/postgresql-13-13.1/src/backend/parser/parse_agg.c:1012:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(refwin->endOffset, windef->endOffset)) data/postgresql-13-13.1/src/backend/parser/parse_agg.c:1327:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(node, tle->expr)) data/postgresql-13-13.1/src/backend/parser/parse_agg.c:1566:11: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(expr, tle->expr)) data/postgresql-13-13.1/src/backend/parser/parse_clause.c:1957:12: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(target_result->expr, tle->expr)) data/postgresql-13-13.1/src/backend/parser/parse_clause.c:2071:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(expr, texpr)) data/postgresql-13-13.1/src/backend/parser/parse_relation.c:585:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). matchlen = strlen(match); data/postgresql-13-13.1/src/backend/parser/parse_relation.c:587:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). varstr_levenshtein_less_equal(actual, strlen(actual), match, matchlen, data/postgresql-13-13.1/src/backend/parser/parse_relation.c:962:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). varstr_levenshtein_less_equal(alias, strlen(alias), data/postgresql-13-13.1/src/backend/parser/parse_relation.c:964:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(rte->eref->aliasname), data/postgresql-13-13.1/src/backend/parser/parse_type.c:749:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(str, " \t\n\r\f") == strlen(str)) data/postgresql-13-13.1/src/backend/parser/parse_utilcmd.c:2036:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(index->indexParams, priorindex->indexParams) && data/postgresql-13-13.1/src/backend/parser/parse_utilcmd.c:2037:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(index->indexIncludingParams, priorindex->indexIncludingParams) && data/postgresql-13-13.1/src/backend/parser/parse_utilcmd.c:2038:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(index->whereClause, priorindex->whereClause) && data/postgresql-13-13.1/src/backend/parser/parse_utilcmd.c:2039:5: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. equal(index->excludeOpNames, priorindex->excludeOpNames) && data/postgresql-13-13.1/src/backend/parser/parse_utilcmd.c:3962:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(value, value2)) data/postgresql-13-13.1/src/backend/parser/parser.c:132:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cur_token_length = strlen(yyextra->core_yy_extra.scanbuf + *llocp); data/postgresql-13-13.1/src/backend/parser/parser.c:232:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(escstr) != 1 || !check_uescapechar(escstr[0])) data/postgresql-13-13.1/src/backend/parser/parser.c:267:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(lvalp->core_yystype.str), data/postgresql-13-13.1/src/backend/parser/parser.c:341:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_len = strlen(str) + MAX_UNICODE_EQUIVALENT_STRING + 1; data/postgresql-13-13.1/src/backend/parser/parser.c:403:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out += strlen(out); data/postgresql-13-13.1/src/backend/parser/parser.c:442:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out += strlen(out); data/postgresql-13-13.1/src/backend/parser/scan.c:5546:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/postgresql-13-13.1/src/backend/parser/scan.c:7295:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner); data/postgresql-13-13.1/src/backend/parser/scan.c:7834:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Size slen = strlen(str); data/postgresql-13-13.1/src/backend/parser/scan.c:7978:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addlit(buf, strlen(buf), yyscanner); data/postgresql-13-13.1/src/backend/parser/scansup.c:45:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/postgresql-13-13.1/src/backend/partitioning/partbounds.c:2941:14: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal; data/postgresql-13-13.1/src/backend/partitioning/partbounds.c:2947:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. &equal); data/postgresql-13-13.1/src/backend/partitioning/partbounds.c:2948:27: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (offset >= 0 && equal) data/postgresql-13-13.1/src/backend/partitioning/partbounds.c:2997:12: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal; data/postgresql-13-13.1/src/backend/partitioning/partbounds.c:3023:16: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. &equal); data/postgresql-13-13.1/src/backend/partitioning/partprune.c:1751:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(leftop, partkey)) data/postgresql-13-13.1/src/backend/partitioning/partprune.c:1753:12: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. else if (equal(rightop, partkey)) data/postgresql-13-13.1/src/backend/partitioning/partprune.c:1995:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(leftop, partkey) || data/postgresql-13-13.1/src/backend/partitioning/partprune.c:2222:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(arg, partkey)) data/postgresql-13-13.1/src/backend/partitioning/partprune.c:3522:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(leftop, partkey)) data/postgresql-13-13.1/src/backend/partitioning/partprune.c:3541:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(leftop, partkey)) data/postgresql-13-13.1/src/backend/partitioning/partprune.c:3545:12: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. else if (equal(negate_clause((Node *) leftop), partkey)) data/postgresql-13-13.1/src/backend/postmaster/autovacuum.c:3170:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(activity); data/postgresql-13-13.1/src/backend/postmaster/autovacuum.c:3205:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(activity); data/postgresql-13-13.1/src/backend/postmaster/fork_process.c:105:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = write(fd, oomvalue, strlen(oomvalue)); data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:541:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dp += strlen(dp); data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:547:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dp += strlen(dp); data/postgresql-13-13.1/src/backend/postmaster/pgarch.c:680:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int basenamelen = (int) strlen(rlde->d_name) - 6; data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:3184:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = Min(strlen(cmd_str), pgstat_track_activity_query_size - 1); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:3318:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = pg_mbcliplen(appname, strlen(appname), NAMEDATALEN - 1); data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5270:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). switch (fgetc(fpin)) data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5444:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). switch (fgetc(fpin)) data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:5637:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). switch (fgetc(fpin)) data/postgresql-13-13.1/src/backend/postmaster/pgstat.c:6662:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rawlen = strlen(activity); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:602:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(PG_MODE_MASK_OWNER); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:774:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(ExtraOptions + strlen(ExtraOptions), data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:775:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(ExtraOptions) - strlen(ExtraOptions), data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:2140:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valoffset = offset + strlen(nameptr) + 1; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:2206:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset = valoffset + strlen(valptr) + 1; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:2239:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(port->database_name) > sizeof(packet->database)) data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:2242:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(port->user_name) > sizeof(packet->user)) data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:2245:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(port->cmdline_options) > sizeof(packet->options)) data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:2269:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). port->user_name + strlen(port->user_name) - 1) data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:2282:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(port->database_name) >= NAMEDATALEN) data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:2284:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(port->user_name) >= NAMEDATALEN) data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4286:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = send(port->sock, buffer, strlen(buffer) + 1, 0); data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4415:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(remote_host, "0123456789.") < strlen(remote_host) && data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4416:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(remote_host, "0123456789ABCDEFabcdef:") < strlen(remote_host)) data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4500:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxac += (strlen(ExtraOptions) + 1) / 2; data/postgresql-13-13.1/src/backend/postmaster/postmaster.c:4754:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(cmdLine); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:466:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytesRead = read(syslogPipe[0], data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:764:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(filenobuf, "0"); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:779:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(csvfilenobuf, "0"); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:1206:11: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). oumask = umask((mode_t) ((~(Log_file_mode | S_IWUSR)) & (S_IRWXU | S_IRWXG | S_IRWXO))); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:1208:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(oumask); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:1398:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(filename); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:1406:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(filename); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:1471:11: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). oumask = umask(pg_mode_mask); data/postgresql-13-13.1/src/backend/postmaster/syslogger.c:1473:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(oumask); data/postgresql-13-13.1/src/backend/regex/regc_locale.c:398:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cn->name) == len && data/postgresql-13-13.1/src/backend/regex/regc_locale.c:566:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(*namePtr) == len && data/postgresql-13-13.1/src/backend/regex/regerror.c:107:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(msg) + 1; /* space needed, including NUL */ data/postgresql-13-13.1/src/backend/replication/backup_manifest.c:126:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pathlen = strlen(pathname); data/postgresql-13-13.1/src/backend/replication/backup_manifest.c:367:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(s); data/postgresql-13-13.1/src/backend/replication/basebackup.c:295:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). datadirpathlen = strlen(DataDir); data/postgresql-13-13.1/src/backend/replication/basebackup.c:953:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendint32(buf, strlen(is)); data/postgresql-13-13.1/src/backend/replication/basebackup.c:954:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendbytes(buf, is, strlen(is)); data/postgresql-13-13.1/src/backend/replication/basebackup.c:1011:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(ti->oid); data/postgresql-13-13.1/src/backend/replication/basebackup.c:1015:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(ti->path); data/postgresql-13-13.1/src/backend/replication/basebackup.c:1101:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(content); data/postgresql-13-13.1/src/backend/replication/basebackup.c:1182:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += sendDir(pathbuf, strlen(path), sizeonly, NIL, true, manifest, data/postgresql-13-13.1/src/backend/replication/basebackup.c:1224:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(lastDir + 1, "0123456789") == strlen(lastDir + 1)) data/postgresql-13-13.1/src/backend/replication/basebackup.c:1256:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(PG_TEMP_FILE_PREFIX)) == 0) data/postgresql-13-13.1/src/backend/replication/basebackup.c:1280:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int cmplen = strlen(excludeFiles[excludeIdx].name); data/postgresql-13-13.1/src/backend/replication/basebackup.c:1529:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int cmplen = strlen(noChecksumFiles[excludeIdx].name); data/postgresql-13-13.1/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:320:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ret && strlen(ret) != 0) data/postgresql-13-13.1/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:324:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ret && strlen(ret) != 0) data/postgresql-13-13.1/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:435:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(pubnames_str)); data/postgresql-13-13.1/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c:1055:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). val_escaped = PQescapeIdentifier(conn, val, strlen(val)); data/postgresql-13-13.1/src/backend/replication/logical/message.c:62:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xlrec.prefix_size = strlen(prefix) + 1; data/postgresql-13-13.1/src/backend/replication/logical/origin.c:711:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBytes = read(fd, &magic, sizeof(magic)); data/postgresql-13-13.1/src/backend/replication/logical/origin.c:739:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBytes = read(fd, &disk_state, sizeof(disk_state)); data/postgresql-13-13.1/src/backend/replication/logical/proto.c:494:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendcountedtext(out, outputstr, strlen(outputstr), false); data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2559:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Size prefix_size = strlen(change->data.msg.prefix) + 1; data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:2724:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Size prefix_size = strlen(change->data.msg.prefix) + 1; data/postgresql-13-13.1/src/backend/replication/logical/reorderbuffer.c:3593:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBytes = read(fd, &map, sizeof(LogicalRewriteMappingData)); data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:1728:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBytes = read(fd, &ondisk, SnapBuildOnDiskConstantSize); data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:1770:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBytes = read(fd, &ondisk.builder, sizeof(SnapBuild)); data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:1798:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBytes = read(fd, ondisk.builder.was_running.was_xip, sz); data/postgresql-13-13.1/src/backend/replication/logical/snapbuild.c:1825:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBytes = read(fd, ondisk.builder.committed.xip, sz); data/postgresql-13-13.1/src/backend/replication/logical/worker.c:1906:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(newsub->publications, MySubscription->publications)) data/postgresql-13-13.1/src/backend/replication/repl_gram.c:858:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/postgresql-13-13.1/src/backend/replication/repl_scanner.c:1105:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/postgresql-13-13.1/src/backend/replication/repl_scanner.c:1508:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(yylval.str); data/postgresql-13-13.1/src/backend/replication/repl_scanner.c:1525:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(yytext); data/postgresql-13-13.1/src/backend/replication/repl_scanner.c:2274:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) ); data/postgresql-13-13.1/src/backend/replication/repl_scanner.c:2562:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Size slen = strlen(str); data/postgresql-13-13.1/src/backend/replication/slot.c:179:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) == 0) data/postgresql-13-13.1/src/backend/replication/slot.c:188:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) >= NAMEDATALEN) data/postgresql-13-13.1/src/backend/replication/slot.c:1615:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBytes = read(fd, &cp, ReplicationSlotOnDiskConstantSize); data/postgresql-13-13.1/src/backend/replication/slot.c:1654:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readBytes = read(fd, data/postgresql-13-13.1/src/backend/replication/syncrep.c:845:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). standby_name += strlen(standby_name) + 1; data/postgresql-13-13.1/src/backend/replication/syncrep_gram.c:767:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/postgresql-13-13.1/src/backend/replication/syncrep_gram.c:1565:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += strlen(standby_name) + 1; data/postgresql-13-13.1/src/backend/replication/syncrep_gram.c:1581:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen(standby_name) + 1; data/postgresql-13-13.1/src/backend/replication/syncrep_scanner.c:876:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/postgresql-13-13.1/src/backend/replication/syncrep_scanner.c:1866:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) ); data/postgresql-13-13.1/src/backend/replication/syncrep_scanner.c:2136:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Size slen = strlen(str); data/postgresql-13-13.1/src/backend/replication/walsender.c:508:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(histfname); data/postgresql-13-13.1/src/backend/replication/walsender.c:538:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nread = read(fd, rbuf.data, sizeof(rbuf)); data/postgresql-13-13.1/src/backend/rewrite/rewriteHandler.c:1030:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(priorbottom, src_input)) data/postgresql-13-13.1/src/backend/snowball/dict_snowball.c:277:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). recoded = pg_server_to_any(txt, strlen(txt), PG_UTF8); data/postgresql-13-13.1/src/backend/snowball/dict_snowball.c:287:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SN_set_current(d->z, strlen(txt), (symbol *) txt); data/postgresql-13-13.1/src/backend/snowball/dict_snowball.c:303:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). recoded = pg_any_to_server(txt, strlen(txt), PG_UTF8); data/postgresql-13-13.1/src/backend/statistics/mcv.c:794:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(DatumGetCString(values[dim][i])) + 1; data/postgresql-13-13.1/src/backend/statistics/mcv.c:907:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 len = (uint32) strlen(DatumGetCString(value)) + 1; data/postgresql-13-13.1/src/backend/storage/file/copydir.c:190:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nbytes = read(srcfd, buffer, COPY_BUF_SIZE); data/postgresql-13-13.1/src/backend/storage/file/fd.c:1121:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "%d ", mru); data/postgresql-13-13.1/src/backend/storage/file/fd.c:1121:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "%d ", mru); data/postgresql-13-13.1/src/backend/storage/file/fd.c:1123:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "LEAST"); data/postgresql-13-13.1/src/backend/storage/file/fd.c:1123:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf), "LEAST"); data/postgresql-13-13.1/src/backend/storage/file/fd.c:3088:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(PG_TEMP_FILE_PREFIX)) == 0) data/postgresql-13-13.1/src/backend/storage/file/fd.c:3146:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(de->d_name, "0123456789") != strlen(de->d_name)) data/postgresql-13-13.1/src/backend/storage/file/fd.c:3554:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(parentpath) == 0) data/postgresql-13-13.1/src/backend/storage/file/reinit.c:134:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(de->d_name, "0123456789") != strlen(de->d_name)) data/postgresql-13-13.1/src/backend/storage/file/reinit.c:304:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(forkNames[INIT_FORKNUM])); data/postgresql-13-13.1/src/backend/storage/file/reinit.c:342:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(forkNames[INIT_FORKNUM])); data/postgresql-13-13.1/src/backend/storage/file/sharedfileset.c:247:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32 hash = hash_any((const unsigned char *) name, strlen(name)); data/postgresql-13-13.1/src/backend/storage/ipc/dsm.c:290:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(PG_DYNSHMEM_MMAP_FILE_PREFIX)) == 0) data/postgresql-13-13.1/src/backend/storage/ipc/latch.c:1937:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(selfpipe_readfd, buf, sizeof(buf)); data/postgresql-13-13.1/src/backend/storage/ipc/pmsignal.c:325:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(postmaster_alive_fds[POSTMASTER_FD_WATCH], &c, 1); data/postgresql-13-13.1/src/backend/storage/ipc/shm_mq.c:1047:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint64 read; data/postgresql-13-13.1/src/backend/storage/ipc/shm_mq.c:1058:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). used = written - read; data/postgresql-13-13.1/src/backend/storage/ipc/shm_mq.c:1060:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). offset = read % (uint64) ringsize; data/postgresql-13-13.1/src/backend/storage/lmgr/lwlock.c:455:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = add_size(size, strlen(NamedLWLockTrancheRequestArray[i].tranche_name) + 1); data/postgresql-13-13.1/src/backend/storage/lmgr/lwlock.c:568:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). trancheNames += strlen(request->tranche_name) + 1; data/postgresql-13-13.1/src/backend/storage/lmgr/lwlock.c:735:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(tranche_name) + 1 <= NAMEDATALEN); data/postgresql-13-13.1/src/backend/storage/smgr/md.c:344:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *segpath = (char *) palloc(strlen(path) + 12); data/postgresql-13-13.1/src/backend/tcop/dest.c:199:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_putmessage('C', completionTag, strlen(completionTag) + 1); data/postgresql-13-13.1/src/backend/tcop/dest.c:223:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_putmessage('C', commandTag, strlen(commandTag) + 1); data/postgresql-13-13.1/src/backend/tcop/fastpath.c:161:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendcountedtext(&buf, outputstr, strlen(outputstr), false); data/postgresql-13-13.1/src/backend/tcop/postgres.c:312:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(stdin); data/postgresql-13-13.1/src/backend/tcop/postgres.c:648:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(new_list, raw_parsetree_list)) data/postgresql-13-13.1/src/backend/tcop/postgres.c:797:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(new_list, querytree_list)) data/postgresql-13-13.1/src/backend/tcop/postgres.c:837:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(new_list, querytree_list)) data/postgresql-13-13.1/src/backend/tcop/postgres.c:891:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(new_plan, plan)) data/postgresql-13-13.1/src/backend/tcop/postgres.c:915:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(new_plan, plan)) data/postgresql-13-13.1/src/backend/tsearch/dict_synonym.c:190:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d->syn[cur].outlen = strlen(starto); data/postgresql-13-13.1/src/backend/tsearch/dict_thesaurus.c:415:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Int32GetDatum(strlen(d->wrds[i].lexeme)), data/postgresql-13-13.1/src/backend/tsearch/dict_thesaurus.c:539:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Int32GetDatum(strlen(inptr->lexeme)), data/postgresql-13-13.1/src/backend/tsearch/regis.c:87:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str); data/postgresql-13-13.1/src/backend/tsearch/spell.c:163:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *res = cpalloc(strlen(str) + 1); data/postgresql-13-13.1/src/backend/tsearch/spell.c:189:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define STRNCMP(s,p) strncmp( (s), (p), strlen(p) ) data/postgresql-13-13.1/src/backend/tsearch/spell.c:258:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l1 = strlen((const char *) s1) - 1, data/postgresql-13-13.1/src/backend/tsearch/spell.c:259:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen((const char *) s2) - 1; data/postgresql-13-13.1/src/backend/tsearch/spell.c:281:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l1 = strlen((const char *) s1) - 1, data/postgresql-13-13.1/src/backend/tsearch/spell.c:282:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen((const char *) s2) - 1, data/postgresql-13-13.1/src/backend/tsearch/spell.c:500:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Conf->Spell[Conf->nspell] = (SPELL *) tmpalloc(SPELLHDRSZ + strlen(word) + 1); data/postgresql-13-13.1/src/backend/tsearch/spell.c:722:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmask = (char *) tmpalloc(strlen(mask) + 3); data/postgresql-13-13.1/src/backend/tsearch/spell.c:728:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). masklen = strlen(tmask); data/postgresql-13-13.1/src/backend/tsearch/spell.c:756:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((Affix->replen = strlen(repl)) > 0) data/postgresql-13-13.1/src/backend/tsearch/spell.c:1228:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addCompoundAffixFlagValue(Conf, recoded + strlen("COMPOUNDFLAG"), data/postgresql-13-13.1/src/backend/tsearch/spell.c:1231:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addCompoundAffixFlagValue(Conf, recoded + strlen("COMPOUNDBEGIN"), data/postgresql-13-13.1/src/backend/tsearch/spell.c:1234:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addCompoundAffixFlagValue(Conf, recoded + strlen("COMPOUNDLAST"), data/postgresql-13-13.1/src/backend/tsearch/spell.c:1238:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addCompoundAffixFlagValue(Conf, recoded + strlen("COMPOUNDEND"), data/postgresql-13-13.1/src/backend/tsearch/spell.c:1241:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addCompoundAffixFlagValue(Conf, recoded + strlen("COMPOUNDMIDDLE"), data/postgresql-13-13.1/src/backend/tsearch/spell.c:1244:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addCompoundAffixFlagValue(Conf, recoded + strlen("ONLYINCOMPOUND"), data/postgresql-13-13.1/src/backend/tsearch/spell.c:1248:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). recoded + strlen("COMPOUNDPERMITFLAG"), data/postgresql-13-13.1/src/backend/tsearch/spell.c:1252:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). recoded + strlen("COMPOUNDFORBIDFLAG"), data/postgresql-13-13.1/src/backend/tsearch/spell.c:1256:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *s = recoded + strlen("FLAG"); data/postgresql-13-13.1/src/backend/tsearch/spell.c:1347:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sflaglen = strlen(sflag); data/postgresql-13-13.1/src/backend/tsearch/spell.c:1587:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *ptr = cpalloc(strlen(Conf->AffixData[a1]) + data/postgresql-13-13.1/src/backend/tsearch/spell.c:1588:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Conf->AffixData[a2]) + data/postgresql-13-13.1/src/backend/tsearch/spell.c:1594:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *ptr = cpalloc(strlen(Conf->AffixData[a1]) + data/postgresql-13-13.1/src/backend/tsearch/spell.c:1595:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(Conf->AffixData[a2]) + data/postgresql-13-13.1/src/backend/tsearch/spell.c:1757:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Conf->Spell[i]->p.d.len = strlen(Conf->Spell[i]->word); data/postgresql-13-13.1/src/backend/tsearch/spell.c:1795:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Conf->Spell[i]->p.d.len = strlen(Conf->Spell[i]->word); data/postgresql-13-13.1/src/backend/tsearch/spell.c:2109:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (baselen && *baselen + strlen(Affix->find) <= Affix->replen) data/postgresql-13-13.1/src/backend/tsearch/spell.c:2133:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newword_len = strlen(newword); data/postgresql-13-13.1/src/backend/tsearch/spell.c:2170:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int wrdlen = strlen(word), data/postgresql-13-13.1/src/backend/tsearch/spell.c:2239:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). swrdlen = strlen(newword); data/postgresql-13-13.1/src/backend/tsearch/spell.c:2548:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int wordlen = strlen(word); data/postgresql-13-13.1/src/backend/tsearch/ts_locale.c:241:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/postgresql-13-13.1/src/backend/tsearch/ts_locale.c:268:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return lowerstr_with_len(str, strlen(str)); data/postgresql-13-13.1/src/backend/tsearch/ts_parse.c:234:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curValLenLemm = strlen(res->lexeme); data/postgresql-13-13.1/src/backend/tsearch/ts_parse.c:417:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prs->words[prs->curwords].len = strlen(ptr->lexeme); data/postgresql-13-13.1/src/backend/tsearch/ts_parse.c:505:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hlfinditem(prs, query, savedpos, ptr->lexeme, strlen(ptr->lexeme)); data/postgresql-13-13.1/src/backend/tsearch/ts_utils.c:48:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(basename, "abcdefghijklmnopqrstuvwxyz0123456789_") != strlen(basename)) data/postgresql-13-13.1/src/backend/tsearch/wparser_def.c:2636:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prs->startsellen = strlen(prs->startsel); data/postgresql-13-13.1/src/backend/tsearch/wparser_def.c:2637:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prs->stopsellen = strlen(prs->stopsel); data/postgresql-13-13.1/src/backend/tsearch/wparser_def.c:2638:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prs->fragdelimlen = strlen(prs->fragdelim); data/postgresql-13-13.1/src/backend/utils/adt/acl.c:243:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read; data/postgresql-13-13.1/src/backend/utils/adt/acl.c:278:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). goption |= read; data/postgresql-13-13.1/src/backend/utils/adt/acl.c:326:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). privs |= read; data/postgresql-13-13.1/src/backend/utils/adt/acl.c:592:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = palloc(strlen("=/") + data/postgresql-13-13.1/src/backend/utils/adt/acl.c:1654:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). chunk_len = strlen(chunk); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:329:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, ASSGN, strlen(ASSGN)) != 0) data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:335:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(ASSGN); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:1187:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen(ptr); data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:1198:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define APPENDSTR(str) (strcpy(p, (str)), p += strlen(p)) data/postgresql-13-13.1/src/backend/utils/adt/arrayfuncs.c:1694:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p); data/postgresql-13-13.1/src/backend/utils/adt/bool.c:32:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return parse_bool_with_len(value, strlen(value), result); data/postgresql-13-13.1/src/backend/utils/adt/bool.c:144:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:151:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(s, csymbol, strlen(csymbol)) == 0) data/postgresql-13-13.1/src/backend/utils/adt/cash.c:152:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(csymbol); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:163:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(s, nsymbol, strlen(nsymbol)) == 0) data/postgresql-13-13.1/src/backend/utils/adt/cash.c:166:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(nsymbol); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:173:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(s, psymbol, strlen(psymbol)) == 0) data/postgresql-13-13.1/src/backend/utils/adt/cash.c:174:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(psymbol); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:183:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(s, csymbol, strlen(csymbol)) == 0) data/postgresql-13-13.1/src/backend/utils/adt/cash.c:184:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(csymbol); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:227:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(s, ssymbol, strlen(ssymbol)) == 0) data/postgresql-13-13.1/src/backend/utils/adt/cash.c:228:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(ssymbol) - 1; data/postgresql-13-13.1/src/backend/utils/adt/cash.c:265:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(s, nsymbol, strlen(nsymbol)) == 0) data/postgresql-13-13.1/src/backend/utils/adt/cash.c:268:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(nsymbol); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:270:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(s, psymbol, strlen(psymbol)) == 0) data/postgresql-13-13.1/src/backend/utils/adt/cash.c:271:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(psymbol); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:272:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp(s, csymbol, strlen(csymbol)) == 0) data/postgresql-13-13.1/src/backend/utils/adt/cash.c:273:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(csymbol); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:392:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr -= strlen(ssymbol); data/postgresql-13-13.1/src/backend/utils/adt/cash.c:393:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(bufptr, ssymbol, strlen(ssymbol)); data/postgresql-13-13.1/src/backend/utils/adt/date.c:2818:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tzname), data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:881:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dterr = DecodeNumberField(strlen(field[i]), field[i], data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:1081:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dterr = DecodeNumberField(strlen(field[i]), field[i], data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:1104:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen(field[i]); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:1116:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (cp != NULL && flen - strlen(cp) > 2) data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:1791:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dterr = DecodeNumberField(strlen(field[i]), field[i], data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:1979:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dterr = DecodeNumberField(strlen(field[i]), field[i], data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:2004:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen(field[i]); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:2022:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (flen - strlen(cp) > 2) data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:2406:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((len = strlen(field[i])) <= 0) data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:2799:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:2895:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (*cp == '\0' && strlen(str) > 3) data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:3486:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) < 2 || str[0] != 'P') data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4024:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str += strlen(str); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4051:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str += strlen(str); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4095:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str += strlen(str); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4132:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return cp + strlen(cp); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4155:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return cp + strlen(cp); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4175:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return cp + strlen(cp); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4253:6: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(cp, "0"); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4271:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4282:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4289:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4342:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4351:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(cp, "@"); data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4398:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(base[i].token) > TOKMAXLEN) data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4504:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(abbr->zone) + 1; data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4543:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(abbr->zone) + 1; data/postgresql-13-13.1/src/backend/utils/adt/datetime.c:4809:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (tzn && strlen(tzn) > 31) data/postgresql-13-13.1/src/backend/utils/adt/datum.c:103:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = (Size) (strlen(s) + 1); data/postgresql-13-13.1/src/backend/utils/adt/datum.c:315:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen(s1) + 1; data/postgresql-13-13.1/src/backend/utils/adt/datum.c:316:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen(s2) + 1; data/postgresql-13-13.1/src/backend/utils/adt/enum.c:118:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) >= NAMEDATALEN) data/postgresql-13-13.1/src/backend/utils/adt/enum.c:186:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) >= NAMEDATALEN) data/postgresql-13-13.1/src/backend/utils/adt/enum.c:232:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendtext(&buf, NameStr(en->enumlabel), strlen(NameStr(en->enumlabel))); data/postgresql-13-13.1/src/backend/utils/adt/format_type.c:449:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t slen = strlen(typename); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:1514:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(num), data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2115:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return str_tolower(buff, strlen(buff), collid); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2121:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return str_toupper(buff, strlen(buff), collid); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2127:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return str_initcap(buff, strlen(buff), collid); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2133:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return asc_tolower(buff, strlen(buff)); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2139:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return asc_toupper(buff, strlen(buff)); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2540:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int element_len = strlen(*a); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2553:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). upper_name = str_toupper(unconstify(char *, name), strlen(name), collid); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2554:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lower_name = str_tolower(upper_name, strlen(upper_name), collid); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2564:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). upper_element = str_toupper(*a, strlen(*a), collid); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2565:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lower_element = str_tolower(upper_element, strlen(upper_element), data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2568:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). element_len = strlen(lower_element); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2671:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2681:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2687:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2693:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2699:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2713:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2720:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2727:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2734:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2741:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2770:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2781:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2789:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2797:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2803:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2811:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2816:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2823:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2829:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2835:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2841:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2851:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2861:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2871:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2881:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2891:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2901:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2911:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2920:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2930:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2939:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2949:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2958:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2965:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2973:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2983:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:2991:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3001:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3009:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3019:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3027:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3036:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3044:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3053:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3061:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) <= (n->key->len + TM_SUFFIX_LEN) * DCH_MAX_ITEM_SIZ) data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3070:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3080:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3086:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3093:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3100:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3107:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3114:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3122:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3142:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3150:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3165:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3180:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3195:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3208:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3215:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3222:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3228:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3234:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s += strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:3993:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fmt_len = strlen(fmt_str); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:4977:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(result, "M"); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5156:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((x = strlen(Np->L_negative_sign)) && data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5163:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((x = strlen(Np->L_positive_sign)) && data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5230:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int x = strlen(Np->decimal); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5275:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((x = strlen(Np->L_negative_sign)) && data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5282:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((x = strlen(Np->L_positive_sign)) && data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5372:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Np->inout_p += strlen(Np->inout_p); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5438:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Np->inout_p += strlen(Np->inout_p); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5448:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Np->inout_p += strlen(Np->inout_p); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5510:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Np->inout_p += strlen(Np->inout_p); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5780:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pattern_len = strlen(pattern); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5828:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Np->inout_p += strlen(pattern) - 1; data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5841:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Np->inout_p += strlen(Np->inout_p) - 1; data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5846:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Np->inout_p += strlen(Np->inout_p) - 1; data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5854:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Np->inout_p += strlen(Np->inout_p) - 1; data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5859:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Np->inout_p += strlen(Np->inout_p) - 1; data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:5976:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Np->inout_p += strlen(Np->inout_p); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:6043:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(VARDATA(result)); \ data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:6164:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numstr = (char *) palloc(strlen(orgnum) + 2); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:6214:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numstr_pre_len = strlen(numstr); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:6296:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numstr_pre_len = strlen(orgnum); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:6370:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numstr = (char *) palloc(strlen(orgnum) + 2); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:6405:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numstr_pre_len = strlen(orgnum); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:6498:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numstr_pre_len = strlen(orgnum); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:6521:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numstr_pre_len = strlen(numstr); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:6601:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numstr_pre_len = strlen(orgnum); data/postgresql-13-13.1/src/backend/utils/adt/formatting.c:6624:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numstr_pre_len = strlen(numstr); data/postgresql-13-13.1/src/backend/utils/adt/inet_cidr_ntop.c:35:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define SPRINTF(x) strlen(sprintf/**/x) data/postgresql-13-13.1/src/backend/utils/adt/inet_cidr_ntop.c:285:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(outbuf) + 1 > size) data/postgresql-13-13.1/src/backend/utils/adt/json.c:295:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!key_scalar && IsValidJsonNumber(outputstr, strlen(outputstr))) data/postgresql-13-13.1/src/backend/utils/adt/json.c:977:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int addlen = strlen(addon); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:101:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return jsonb_from_cstring(json, strlen(json)); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:334:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v.val.string.len = checkStringLen(strlen(fname)); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:383:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v.val.string.len = checkStringLen(strlen(token)); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:777:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jb.val.string.len = strlen(outputstr); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:792:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jb.val.string.len = strlen(outputstr); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:819:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jb.val.string.len = strlen(outputstr); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:828:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jb.val.string.len = strlen(jb.val.string.val); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:834:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jb.val.string.len = strlen(jb.val.string.val); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:840:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jb.val.string.len = strlen(jb.val.string.val); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:902:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jb.val.string.len = checkStringLen(strlen(outputstr)); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:1075:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v.val.string.len = strlen(attname); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:1337:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:1353:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:1432:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/postgresql-13-13.1/src/backend/utils/adt/jsonb.c:1448:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/postgresql-13-13.1/src/backend/utils/adt/jsonb_gin.c:1395:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). item = make_text_key(JGINFLAG_NUM, cstr, strlen(cstr)); data/postgresql-13-13.1/src/backend/utils/adt/jsonb_util.c:1798:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:2712:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : strlen(jsv->val.json.str)); data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:2748:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : strlen(jsv->val.json.str), data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:3143:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). getKeyJsonValueFromContainer(obj->val.jsonb_cont, field, strlen(field), data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:3512:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fname) >= NAMEDATALEN) data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:3939:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fname) >= NAMEDATALEN) data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:5191:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). action(state, val, strlen(val)); data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:5248:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _state->action(_state->action_state, token, strlen(token)); data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:5252:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _state->action(_state->action_state, token, strlen(token)); data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:5257:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _state->action(_state->action_state, token, strlen(token)); data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:5274:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _state->action(_state->action_state, val, strlen(val)); data/postgresql-13-13.1/src/backend/utils/adt/jsonfuncs.c:5426:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text *out = _state->action(_state->action_state, token, strlen(token)); data/postgresql-13-13.1/src/backend/utils/adt/jsonpath.c:96:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(in); data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_exec.c:986:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). jbv->val.string.len = strlen(jbv->val.string.val); data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_exec.c:2235:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8len1 = (mbstr1 == utf8str1) ? mblen1 : strlen(utf8str1); data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_exec.c:2236:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). utf8len2 = (mbstr2 == utf8str2) ? mblen2 : strlen(utf8str2); data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_gram.c:964:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_scan.c:2577:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_scan.c:3762:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) ); data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_scan.c:4098:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(str); data/postgresql-13-13.1/src/backend/utils/adt/jsonpath_scan.c:4219:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addstring(false, cbuf, strlen(cbuf)); data/postgresql-13-13.1/src/backend/utils/adt/like.c:253:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/like.c:274:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/like_support.c:1012:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pattlen = strlen(patt); data/postgresql-13-13.1/src/backend/utils/adt/like_support.c:1104:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *rest_selec = regex_selectivity(patt, strlen(patt), data/postgresql-13-13.1/src/backend/utils/adt/like_support.c:1126:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *rest_selec = regex_selectivity(patt, strlen(patt), data/postgresql-13-13.1/src/backend/utils/adt/like_support.c:1128:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(prefix)); data/postgresql-13-13.1/src/backend/utils/adt/like_support.c:1569:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(workstr); data/postgresql-13-13.1/src/backend/utils/adt/mac.c:71:10: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. count = sscanf(str, "%x:%x:%x:%x:%x:%x%1s", data/postgresql-13-13.1/src/backend/utils/adt/mac.c:74:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. count = sscanf(str, "%x-%x-%x-%x-%x-%x%1s", data/postgresql-13-13.1/src/backend/utils/adt/mac.c:77:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. count = sscanf(str, "%2x%2x%2x:%2x%2x%2x%1s", data/postgresql-13-13.1/src/backend/utils/adt/mac.c:80:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. count = sscanf(str, "%2x%2x%2x-%2x%2x%2x%1s", data/postgresql-13-13.1/src/backend/utils/adt/mac.c:83:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. count = sscanf(str, "%2x%2x.%2x%2x.%2x%2x%1s", data/postgresql-13-13.1/src/backend/utils/adt/mac.c:86:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. count = sscanf(str, "%2x%2x-%2x%2x-%2x%2x%1s", data/postgresql-13-13.1/src/backend/utils/adt/mac.c:89:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. count = sscanf(str, "%2x%2x%2x%2x%2x%2x%1s", data/postgresql-13-13.1/src/backend/utils/adt/misc.c:639:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(endp, endp + 1, strlen(endp)); data/postgresql-13-13.1/src/backend/utils/adt/name.c:54:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/postgresql-13-13.1/src/backend/utils/adt/name.c:112:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendtext(&buf, NameStr(*s), strlen(NameStr(*s))); data/postgresql-13-13.1/src/backend/utils/adt/name.c:142:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return varstr_cmp(NameStr(*arg1), strlen(NameStr(*arg1)), data/postgresql-13-13.1/src/backend/utils/adt/name.c:143:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). NameStr(*arg2), strlen(NameStr(*arg2)), data/postgresql-13-13.1/src/backend/utils/adt/name.c:387:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namlen = strlen(NameStr(*nam)); data/postgresql-13-13.1/src/backend/utils/adt/network.c:158:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tmp); data/postgresql-13-13.1/src/backend/utils/adt/network.c:1229:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tmp); data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:777:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). last = strlen(str) - 1; data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:6004:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). decdigits = (unsigned char *) palloc(strlen(cp) + DEC_DIGITS * 2); data/postgresql-13-13.1/src/backend/utils/adt/numeric.c:6419:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(sig_out) + 13; data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:475:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pstr = pg_any_to_server(*str, strlen(*str), encoding); data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:764:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = pg_any_to_server(src, strlen(src), encoding); data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1051:4: [1] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Risk is low because the source is a constant character. wcscat(test_locale, L"_"); data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1052:10: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = wcslen(test_locale); data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1158:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(iso_lc_messages, "C"); data/postgresql-13-13.1/src/backend/utils/adt/pg_locale.c:1889:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *str = asc_tolower(loc, strlen(loc)); data/postgresql-13-13.1/src/backend/utils/adt/pseudotypes.c:142:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendtext(&buf, str, strlen(str)); data/postgresql-13-13.1/src/backend/utils/adt/quote.c:108:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(rawstr); data/postgresql-13-13.1/src/backend/utils/adt/rangetypes.c:2060:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(RANGE_EMPTY_LITERAL)) == 0) data/postgresql-13-13.1/src/backend/utils/adt/rangetypes.c:2066:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen(RANGE_EMPTY_LITERAL); data/postgresql-13-13.1/src/backend/utils/adt/rangetypes.c:2477:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data_length = strlen(DatumGetCString(datum)) + 1; data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c:42:19: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal); data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c:44:56: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const RangeBound *hist, int hist_length, bool equal); data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c:51:53: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. int length_hist_nvalues, double value, bool equal); data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c:53:72: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. int length_hist_nvalues, double length1, double length2, bool equal); data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c:597:56: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. const RangeBound *hist, int hist_nvalues, bool equal) data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c:606:67: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. index = rbound_bsearch(typcache, constbound, hist, hist_nvalues, equal); data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c:629:29: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. int hist_length, bool equal) data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c:641:19: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (cmp < 0 || (equal && cmp == 0)) data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c:658:25: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. double value, bool equal) data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c:671:29: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (middleval < value || (equal && middleval <= value)) data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c:856:45: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. double length1, double length2, bool equal) data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c:873:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (isinf(length2) && equal) data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c:915:76: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. i = length_hist_bsearch(length_hist_values, length_hist_nvalues, length1, equal); data/postgresql-13-13.1/src/backend/utils/adt/rangetypes_selfuncs.c:953:33: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!(bin_upper < length2 || (equal && bin_upper <= length2))) data/postgresql-13-13.1/src/backend/utils/adt/regexp.c:447:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(NameStr(*n)), data/postgresql-13-13.1/src/backend/utils/adt/regexp.c:461:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(NameStr(*n)), data/postgresql-13-13.1/src/backend/utils/adt/regexp.c:510:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(NameStr(*n)), data/postgresql-13-13.1/src/backend/utils/adt/regexp.c:524:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(NameStr(*n)), data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:77:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(pro_name_or_oid, "0123456789") == strlen(pro_name_or_oid)) data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:248:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(pro_name_or_oid, "0123456789") == strlen(pro_name_or_oid)) data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:498:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(opr_name_or_oid, "0123456789") == strlen(opr_name_or_oid)) data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:607:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = (char *) palloc(strlen(nspname) + strlen(oprname) + 2); data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:607:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = (char *) palloc(strlen(nspname) + strlen(oprname) + 2); data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:671:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(opr_name_or_oid, "0123456789") == strlen(opr_name_or_oid)) data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:917:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(class_name_or_oid, "0123456789") == strlen(class_name_or_oid)) data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:1069:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(collation_name_or_oid, "0123456789") == strlen(collation_name_or_oid)) data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:1227:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(typ_name_or_oid, "0123456789") == strlen(typ_name_or_oid)) data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:1363:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(cfg_name_or_oid, "0123456789") == strlen(cfg_name_or_oid)) data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:1474:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(dict_name_or_oid, "0123456789") == strlen(dict_name_or_oid)) data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:1585:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(role_name_or_oid, "0123456789") == strlen(role_name_or_oid)) data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:1710:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(nsp_name_or_oid, "0123456789") == strlen(nsp_name_or_oid)) data/postgresql-13-13.1/src/backend/utils/adt/regproc.c:1923:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr2 = ptr + strlen(ptr); data/postgresql-13-13.1/src/backend/utils/adt/ri_triggers.c:1817:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer += strlen(buffer); data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:3548:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int refnamelen = strlen(refname); data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:3564:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(modname) < NAMEDATALEN) data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:4432:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int colnamelen = strlen(colname); data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:4448:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(modname) < NAMEDATALEN) data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:4835:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ev_qual) > 0 && strcmp(ev_qual, "<>") != 0) data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:5640:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((strlen(trailing_nl) + targetbuf.len > context->wrapColumn) || data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:7588:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(op) == 1) data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:9656:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcspn(extval, "eE.") != strlen(extval)) data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:10080:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(trailing_nl) + itembuf.len > context->wrapColumn) data/postgresql-13-13.1/src/backend/utils/adt/ruleutils.c:10794:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = (char *) palloc(strlen(ident) + nquotes + 2 + 1); data/postgresql-13-13.1/src/backend/utils/adt/selfuncs.c:3262:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(var, varinfo->var)) data/postgresql-13-13.1/src/backend/utils/adt/selfuncs.c:4322:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen(value); data/postgresql-13-13.1/src/backend/utils/adt/selfuncs.c:4853:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(node, indexkey)) data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:517:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tzname), data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:4108:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tzname), data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:5037:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tzname), data/postgresql-13-13.1/src/backend/utils/adt/timestamp.c:5289:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tzname), data/postgresql-13-13.1/src/backend/utils/adt/tsgistidx.c:109:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outbuf_maxlen = 2 * EXTRALEN + Max(strlen(SINGOUTSTR), strlen(ARROUTSTR)) + 1; data/postgresql-13-13.1/src/backend/utils/adt/tsgistidx.c:109:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). outbuf_maxlen = 2 * EXTRALEN + Max(strlen(SINGOUTSTR), strlen(ARROUTSTR)) + 1; data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:535:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *lenval = strlen(state->buf); data/postgresql-13-13.1/src/backend/utils/adt/tsquery.c:1255:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). val_len = strlen(val); data/postgresql-13-13.1/src/backend/utils/adt/tsvector.c:478:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lex_len = strlen(lexeme); data/postgresql-13-13.1/src/backend/utils/adt/varbit.c:189:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(sp); data/postgresql-13-13.1/src/backend/utils/adt/varbit.c:490:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(sp); data/postgresql-13-13.1/src/backend/utils/adt/varchar.c:204:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = bpchar_input(s, strlen(s), atttypmod); data/postgresql-13-13.1/src/backend/utils/adt/varchar.c:498:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = varchar_input(s, strlen(s), atttypmod); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:174:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return cstring_to_text_with_len(s, strlen(s)); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:289:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(inputText); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:643:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendtext(&buf, str, strlen(str)); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:2259:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return varstrfastcmp_locale(NameStr(*arg1), strlen(NameStr(*arg1)), data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:2260:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). NameStr(*arg2), strlen(NameStr(*arg2)), data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:2852:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = strlen(NameStr(*arg1)); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:2878:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = strlen(NameStr(*arg2)); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:2902:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len1 = strlen(NameStr(*arg1)); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:2928:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len2 = strlen(NameStr(*arg2)); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:2954:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = varstr_cmp(NameStr(*arg1), strlen(NameStr(*arg1)), data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:2971:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). NameStr(*arg2), strlen(NameStr(*arg2)), data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3718:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(endp, endp + 1, strlen(endp)); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3749:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(downname) <= len); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3750:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(curname, downname, len); /* strncpy is required here */ data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3773:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). truncate_identifier(curname, strlen(curname), false); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3845:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(endp, endp + 1, strlen(endp)); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3885:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(curname) >= MAXPGPATH) data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:3966:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(endp, endp + 1, strlen(endp)); data/postgresql-13-13.1/src/backend/utils/adt/varlena.c:5115:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = strlen(DatumGetCString(value)) + 1; data/postgresql-13-13.1/src/backend/utils/adt/xml.c:298:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(str); data/postgresql-13-13.1/src/backend/utils/adt/xml.c:431:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pq_sendtext(&buf, outval, strlen(outval)); data/postgresql-13-13.1/src/backend/utils/adt/xml.c:2387:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(s) + 1; data/postgresql-13-13.1/src/backend/utils/adt/xml.c:2634:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(targetns) > 0) data/postgresql-13-13.1/src/backend/utils/adt/xml.c:2640:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(targetns) > 0) data/postgresql-13-13.1/src/backend/utils/adt/xml.c:2903:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(targetns) > 0) data/postgresql-13-13.1/src/backend/utils/adt/xml.c:4405:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(str); data/postgresql-13-13.1/src/backend/utils/adt/xml.c:4455:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_xmlCharStrndup(name, strlen(name)), data/postgresql-13-13.1/src/backend/utils/adt/xml.c:4456:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_xmlCharStrndup(uri, strlen(uri)))) data/postgresql-13-13.1/src/backend/utils/adt/xml.c:4482:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xstr = pg_xmlCharStrndup(path, strlen(path)); data/postgresql-13-13.1/src/backend/utils/adt/xml.c:4513:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xstr = pg_xmlCharStrndup(path, strlen(path)); data/postgresql-13-13.1/src/backend/utils/cache/catcache.c:143:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return hash_any((unsigned char *) key, strlen(key)); data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:923:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(rule1->qual, rule2->qual)) data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:925:9: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(rule1->actions, rule2->actions)) data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:969:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(policy1->qual, policy2->qual)) data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:971:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(policy1->with_check_qual, policy2->with_check_qual)) data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:5109:6: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal(indexoidlist, newindexoidlist) && data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:6356:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(de->d_name, "0123456789") == strlen(de->d_name)) data/postgresql-13-13.1/src/backend/utils/cache/relcache.c:6381:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(de->d_name, "0123456789") == strlen(de->d_name)) data/postgresql-13-13.1/src/backend/utils/cache/relmapper.c:735:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd, map, sizeof(RelMapFile)); data/postgresql-13-13.1/src/backend/utils/error/elog.c:411:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p) + 1; data/postgresql-13-13.1/src/backend/utils/error/elog.c:1956:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/postgresql-13-13.1/src/backend/utils/error/elog.c:3447:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write_eventlog(ERROR, errbuf, strlen(errbuf)); data/postgresql-13-13.1/src/backend/utils/error/elog.c:3452:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write_console(errbuf, strlen(errbuf)); data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:226:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). malloc(offsetof(DynamicFileList, filename) + strlen(libname) + 1); data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:594:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sep_ptr = name + strlen(name); data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:596:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen("$libdir") != sep_ptr - name || data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:597:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncmp(name, "$libdir", strlen("$libdir")) != 0) data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:624:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p) == 0) data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:627:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). baselen = strlen(basename); data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:643:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p); data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:661:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). full = palloc(strlen(mangled) + 1 + baselen + 1); data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:745:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = add_size(size, strlen(file_scanner->filename) + 1); data/postgresql-13-13.1/src/backend/utils/fmgr/dfmgr.c:781:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start_address += strlen(start_address) + 1; data/postgresql-13-13.1/src/backend/utils/hash/dynahash.c:351:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hashp = (HTAB *) DynaHashAlloc(sizeof(HTAB) + strlen(tabname) + 1); data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:354:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(pg_mode_mask); data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1033:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((len = read(fd, buffer, sizeof(buffer) - 1)) < 0) data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1181:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, buffer, strlen(buffer)) != strlen(buffer)) data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1181:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, buffer, strlen(buffer)) != strlen(buffer)) data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1321:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, srcbuffer, sizeof(srcbuffer) - 1); data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1364:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). destptr += strlen(destptr); data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1380:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(destbuffer); data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1463:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, buffer, sizeof(buffer) - 1); data/postgresql-13-13.1/src/backend/utils/init/miscinit.c:1531:8: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. ret = fscanf(file, "%63s", file_version_string); data/postgresql-13-13.1/src/backend/utils/init/postinit.c:1111:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxac = 2 + (strlen(port->cmdline_options) + 1) / 2; data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/euc_tw_and_big5/euc_tw_and_big5.c:57:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mic2big5(buf, dest, strlen((char *) buf)); data/postgresql-13-13.1/src/backend/utils/mb/conversion_procs/euc_tw_and_big5/euc_tw_and_big5.c:75:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mic2euc_tw(buf, dest, strlen((char *) buf)); data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:423:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Size resultlen = strlen((char *) result); data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:532:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(dest_str); data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:778:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Size resultlen = strlen(result); data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:865:104: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return pg_wchar_table[DatabaseEncoding->encoding].mb2wchar_with_len((const unsigned char *) from, to, strlen(from)); data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:927:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(mbstr); data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:1590:9: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. p += sprintf(p, " "); data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:1623:9: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. p += sprintf(p, " "); data/postgresql-13-13.1/src/backend/utils/mb/mbutils.c:1682:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(utf8); data/postgresql-13-13.1/src/backend/utils/mb/stringinfo_mb.c:45:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(s); data/postgresql-13-13.1/src/backend/utils/misc/guc-file.c:919:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/postgresql-13-13.1/src/backend/utils/misc/guc-file.c:1865:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) ); data/postgresql-13-13.1/src/backend/utils/misc/guc-file.c:2577:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(config_file, " \t\r\n") == strlen(config_file)) data/postgresql-13-13.1/src/backend/utils/misc/guc-file.c:2980:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(includedir, " \t\r\n") == strlen(includedir)) data/postgresql-13-13.1/src/backend/utils/misc/guc-file.c:3031:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(de->d_name) < 6) data/postgresql-13-13.1/src/backend/utils/misc/guc-file.c:3035:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(de->d_name + strlen(de->d_name) - 5, ".conf") != 0) data/postgresql-13-13.1/src/backend/utils/misc/guc-file.c:3155:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5594:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(configdir) + strlen(CONFIG_FILENAME) + 2); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5594:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(configdir) + strlen(CONFIG_FILENAME) + 2); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5687:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(configdir) + strlen(HBA_FILENAME) + 2); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5687:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(configdir) + strlen(HBA_FILENAME) + 2); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5710:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(configdir) + strlen(IDENT_FILENAME) + 2); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:5710:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(configdir) + strlen(IDENT_FILENAME) + 2); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:6698:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). seplen = strlen(separator); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:6861:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(newval->stringval), data/postgresql-13-13.1/src/backend/utils/misc/guc.c:8963:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int classLen = strlen(className); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:10029:13: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((ch = fgetc(fp)) == EOF) data/postgresql-13-13.1/src/backend/utils/misc/guc.c:10166:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(gconf->name) + 1; data/postgresql-13-13.1/src/backend/utils/misc/guc.c:10216:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valsize = strlen(*conf->variable); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:10226:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). valsize = strlen(config_enum_lookup_by_value(conf, *conf->variable)); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:10235:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = add_size(size, strlen(gconf->sourcefile)); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:10697:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(current, newval, strlen(name) + 1) == 0) data/postgresql-13-13.1/src/backend/utils/misc/guc.c:10768:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(val, name, strlen(name)) == 0 data/postgresql-13-13.1/src/backend/utils/misc/guc.c:10769:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && val[strlen(name)] == '=') data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11628:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dname = guc_malloc(ERROR, strlen(newval) + 1); /* runtime dir */ data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11632:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tname = guc_malloc(ERROR, strlen(newval) + 12); /* /global.tmp */ data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11634:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fname = guc_malloc(ERROR, strlen(newval) + 13); /* /global.stat */ data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11711:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int newvallen = strlen(*newval); data/postgresql-13-13.1/src/backend/utils/misc/guc.c:11966:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(*newval) >= MAXFNAMELEN) data/postgresql-13-13.1/src/backend/utils/misc/ps_status.c:153:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end_of_area = argv[i] + strlen(argv[i]); data/postgresql-13-13.1/src/backend/utils/misc/ps_status.c:169:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end_of_area = environ[i] + strlen(environ[i]); data/postgresql-13-13.1/src/backend/utils/misc/ps_status.c:330:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ps_buffer_cur_len = ps_buffer_fixed_size = strlen(ps_buffer); data/postgresql-13-13.1/src/backend/utils/misc/ps_status.c:369:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ps_buffer_cur_len = strlen(ps_buffer); data/postgresql-13-13.1/src/backend/utils/misc/tzparser.c:58:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tzentry->abbrev) > TOKMAXLEN) data/postgresql-13-13.1/src/backend/utils/misc/tzparser.c:372:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tzbuf) == sizeof(tzbuf) - 1) data/postgresql-13-13.1/src/backend/utils/misc/tzparser.c:390:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pg_strncasecmp(line, "@INCLUDE", strlen("@INCLUDE")) == 0) data/postgresql-13-13.1/src/backend/utils/misc/tzparser.c:393:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *includeFile = pstrdup(line + strlen("@INCLUDE")); data/postgresql-13-13.1/src/backend/utils/misc/tzparser.c:409:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pg_strncasecmp(line, "@OVERRIDE", strlen("@OVERRIDE")) == 0) data/postgresql-13-13.1/src/backend/utils/mmgr/mcxt.c:636:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int idlen = strlen(ident); data/postgresql-13-13.1/src/backend/utils/mmgr/mcxt.c:1176:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Size len = strlen(string) + 1; data/postgresql-13-13.1/src/backend/utils/mmgr/mcxt.c:1218:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(in); data/postgresql-13-13.1/src/backend/utils/sort/sharedtuplestore.c:143:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > sizeof(sts->name) - 1) data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:1359:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return pstrdup(path + strlen(SNAPSHOT_EXPORT_DIR) + 1); data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:1385:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int prefixlen = strlen(prefix); data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:1410:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int prefixlen = strlen(prefix); data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:1436:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int prefixlen = strlen(prefix); data/postgresql-13-13.1/src/backend/utils/time/snapmgr.c:1503:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(idstr, "0123456789ABCDEF-") != strlen(idstr)) data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:73:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fullname) + 1 + strlen(name) >= MAXPGPATH) data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:73:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fullname) + 1 + strlen(name) >= MAXPGPATH) data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:75:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(fullname, "/"); data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:95:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > TZ_STRLEN_MAX) data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:412:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scan_available_timezones(tmptzdir, tmptzdir + strlen(tmptzdir) + 1, data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:591:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cur_name) <= TZ_STRLEN_MAX && data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:659:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int tzdir_orig_len = strlen(tzdir); data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:713:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(tzdirsub) < strlen(bestzonename) || data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:713:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(tzdirsub) < strlen(bestzonename) || data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:714:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(tzdirsub) == strlen(bestzonename) && data/postgresql-13-13.1/src/bin/initdb/findtimezone.c:714:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(tzdirsub) == strlen(bestzonename) && data/postgresql-13-13.1/src/bin/initdb/initdb.c:357:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = (char *) pg_malloc(strlen(data) + 3 + nquotes * 3); data/postgresql-13-13.1/src/bin/initdb/initdb.c:399:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). toklen = strlen(token); data/postgresql-13-13.1/src/bin/initdb/initdb.c:400:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). replen = strlen(replacement); data/postgresql-13-13.1/src/bin/initdb/initdb.c:418:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newline = (char *) pg_malloc(strlen(lines[i]) + diff + 1); data/postgresql-13-13.1/src/bin/initdb/initdb.c:487:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(infile)) != EOF) data/postgresql-13-13.1/src/bin/initdb/initdb.c:1521:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(pwd1); data/postgresql-13-13.1/src/bin/initdb/initdb.c:1886:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = vstr + (strlen(vstr) - 1); data/postgresql-13-13.1/src/bin/initdb/initdb.c:2390:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pgdata_get_env && strlen(pgdata_get_env)) data/postgresql-13-13.1/src/bin/initdb/initdb.c:2855:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(pg_mode_mask); data/postgresql-13-13.1/src/bin/pg_archivecleanup/pg_archivecleanup.c:81:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). elen = strlen(extension); data/postgresql-13-13.1/src/bin/pg_archivecleanup/pg_archivecleanup.c:82:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen(filename); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:468:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(bgpipe[0], xlogend, sizeof(xlogend) - 1); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:827:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) strlen(totalsize_str), data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:833:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bool truncate = (strlen(filename) > VERBOSE_FILENAME_LENGTH); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:839:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) strlen(totalsize_str), data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:847:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). truncate ? filename + strlen(filename) - VERBOSE_FILENAME_LENGTH + 3 : filename); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:855:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) strlen(totalsize_str), data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1093:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(state.filename, "-"); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1593:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (state->filename[strlen(state->filename) - 1] == '/') data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1603:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). state->filename[strlen(state->filename) - 1] = '\0'; data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:1645:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). state->filename[strlen(state->filename) - 1] = '\0'; /* Remove trailing slash */ data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:2100:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(bgpipe[1], xlogend, strlen(xlogend)) != strlen(xlogend)) data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:2100:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(bgpipe[1], xlogend, strlen(xlogend)) != strlen(xlogend)) data/postgresql-13-13.1/src/bin/pg_basebackup/pg_basebackup.c:2603:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(pg_mode_mask); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c:66:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(fname) == XLOG_FNAME_LEN + strlen(".gz") && \ data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c:66:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(fname) == XLOG_FNAME_LEN + strlen(".gz") && \ data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c:70:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(fname) == XLOG_FNAME_LEN + strlen(".gz.partial") && \ data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c:70:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(fname) == XLOG_FNAME_LEN + strlen(".gz.partial") && \ data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c:300:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd, (char *) buf, sizeof(buf)); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_receivewal.c:707:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(pg_mode_mask); data/postgresql-13-13.1/src/bin/pg_basebackup/pg_recvlogical.c:960:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(pg_mode_mask); data/postgresql-13-13.1/src/bin/pg_basebackup/receivelog.c:261:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int size = strlen(content); data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:999:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tar_data->tarfilename = pg_malloc0(strlen(tarbase) + strlen(suffix) + 1); data/postgresql-13-13.1/src/bin/pg_basebackup/walmethods.c:999:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tar_data->tarfilename = pg_malloc0(strlen(tarbase) + strlen(suffix) + 1); data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:162:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) strlen(current_size_str), current_size_str, total_size_str, data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:179:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int cmplen = strlen(skip[excludeIdx].name); data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:216:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int r = read(f, buf.data, BLCKSZ); data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:325:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(PG_TEMP_FILE_PREFIX)) == 0) data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:331:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(PG_TEMP_FILES_DIR)) == 0) data/postgresql-13-13.1/src/bin/pg_checksums/pg_checksums.c:399:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp("pg_tblspc", subdir, strlen("pg_tblspc")) == 0) data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:357:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, buffer, statbuf.st_size + 1); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:1456:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cmdPath) < 4 || data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:1457:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_strcasecmp(cmdPath + strlen(cmdPath) - 4, ".exe") != 0) data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:1458:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(cmdPath + strlen(cmdPath), sizeof(cmdPath) - strlen(cmdPath), data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:1458:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(cmdPath + strlen(cmdPath), sizeof(cmdPath) - strlen(cmdPath), data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:2293:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(PG_MODE_MASK_OWNER); data/postgresql-13-13.1/src/bin/pg_ctl/pg_ctl.c:2539:4: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(pg_mode_mask); data/postgresql-13-13.1/src/bin/pg_dump/compress_io.c:629:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = fgetc(fp->uncompressedfp); data/postgresql-13-13.1/src/bin/pg_dump/compress_io.c:706:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int filenamelen = strlen(filename); data/postgresql-13-13.1/src/bin/pg_dump/compress_io.c:707:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int suffixlen = strlen(suffix); data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:77:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(acls) == 0 && strlen(racls) == 0) data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:77:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(acls) == 0 && strlen(racls) == 0) data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:84:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(acls) != 0) data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:94:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(racls) != 0) data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:189:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("group ")) == 0) data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:191:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fmtId(grantee->data + strlen("group "))); data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:207:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("group ")) == 0) data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:209:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fmtId(grantee->data + strlen("group "))); data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:324:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("group ")) == 0) data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:326:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fmtId(grantee->data + strlen("group "))); data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:340:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("group ")) == 0) data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:342:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fmtId(grantee->data + strlen("group "))); data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:426:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(initacls) != 0 || strlen(initracls) != 0) data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:426:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(initacls) != 0 || strlen(initracls) != 0) data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:912:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_malloc((strlen(rawstring) / 2 + 2) * sizeof(char *)); data/postgresql-13-13.1/src/bin/pg_dump/dumputils.c:939:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(endp, endp + 1, strlen(endp)); data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:140:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define piperead(a,b,c) read(a,b,c) data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:190:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc_ = write(fileno(stderr), str_, strlen(str_)); \ data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:229:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strncmp(msg, prefix, strlen(prefix)) == 0) data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:1138:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(nBytes == strlen(msg)); data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:1146:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(nBytes == strlen(msg)); data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:1189:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(nBytes == strlen(msg)); data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:1534:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str) + 1; data/postgresql-13-13.1/src/bin/pg_dump/parallel.c:1651:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str) + 1; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:608:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mark + strlen(buffer)); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:768:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!ropt->dataOnly && te->defn != NULL && strlen(te->defn) != 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:770:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (te->copyStmt != NULL && strlen(te->copyStmt) != 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:919:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (te->copyStmt && strlen(te->copyStmt) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:1395:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(buf); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:1409:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(buf, " \t\r\n") == strlen(buf)) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:1457:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WriteData(AH, s, strlen(s)); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2038:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(c); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2164:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((byteread = fgetc(fh)) == EOF) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2169:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((byteread = fgetc(fh)) == EOF) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2181:20: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((byteread = fgetc(fh)) == EOF) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2192:22: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((AH->intSize = fgetc(fh)) == EOF) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2198:23: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((AH->offSize = fgetc(fh)) == EOF) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2205:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((byteread = fgetc(fh)) == EOF) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2221:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (AH->lookaheadLen >= strlen(TEXT_DUMPALL_HEADER) && data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2222:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strncmp(AH->lookahead, TEXT_DUMP_HEADER, strlen(TEXT_DUMP_HEADER)) == 0 || data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:2223:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncmp(AH->lookahead, TEXT_DUMPALL_HEADER, strlen(TEXT_DUMPALL_HEADER)) == 0)) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:3514:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). last = first + strlen(first) - 1; data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:3590:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (te->tablespace && strlen(te->tablespace) > 0 && !ropt->noTablespace) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:3618:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (te->defn && strlen(te->defn) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:3629:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). te->owner && strlen(te->owner) > 0 && data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_archiver.c:3630:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). te->dropStmt && strlen(te->dropStmt) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_custom.c:690:8: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). res = getc(AH->FH); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_custom.c:974:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). byt = getc(AH->FH); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:292:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tctx->filename) == 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:720:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dname) + 1 + strlen(relativeFilename) + 1 > MAXPGPATH) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:720:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dname) + 1 + strlen(relativeFilename) + 1 > MAXPGPATH) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_directory.c:724:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, "/"); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:298:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ctx->filename) == 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:376:15: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(S_IRWXG | S_IRWXO); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:412:3: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:498:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/postgresql-13-13.1/src/bin/pg_dump/pg_backup_tar.c:688:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos1 = (int) strlen(te->copyStmt) - 13; data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:1883:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(column_list) > 2) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:2149:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(s, "0123456789 +-eE.") == strlen(s)) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:2883:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(encoding) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:2888:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(collate) > 0 && strcmp(collate, ctype) == 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:2895:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(collate) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:2900:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ctype) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:2915:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tablespace) > 0 && strcmp(tablespace, "pg_default") != 0 && data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:3021:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(datconnlimit) > 0 && strcmp(datconnlimit, "-1") != 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:3947:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pubinfo[i].rolname) == 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:4289:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(subinfo[i].rolname) == 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:4787:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(nsinfo[i].rolname) == 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:5135:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tyinfo[i].rolname) == 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:5220:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(oprinfo[i].rolname) == 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:5522:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(opcinfo[i].rolname) == 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:5606:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(opfinfo[i].rolname) == 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:5775:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(agginfo[i].aggfn.rolname) == 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:6035:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(finfo[i].rolname) == 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:6863:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tblinfo[i].rolname) == 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:10334:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(extinfo->extconfig) > 2) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:10339:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(extinfo->extcondition) > 2) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:13163:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(opcfamilyname) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:13281:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sortfamily) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:13601:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sortfamily) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:14792:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(fdwinfo->fdwoptions) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:14868:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (srvinfo->srvtype && strlen(srvinfo->srvtype) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:14873:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (srvinfo->srvversion && strlen(srvinfo->srvversion) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:14882:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (srvinfo->srvoptions && strlen(srvinfo->srvoptions) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:14998:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (umoptions && strlen(umoptions) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:15163:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(initacls) != 0 || strlen(initracls) != 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:15163:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(initacls) != 0 || strlen(initracls) != 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:17618:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t tlen = strlen(p); data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:18148:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(extconditionarray[j]) > 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_dump.c:18693:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (reloptions != NULL && strlen(reloptions) > 2); data/postgresql-13-13.1/src/bin/pg_dump/pg_dumpall.c:1077:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(grolist) < 3) data/postgresql-13-13.1/src/bin/pg_dump/pg_dumpall.c:1082:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). grolist[strlen(grolist) - 1] = ')'; data/postgresql-13-13.1/src/bin/pg_dump/pg_restore.c:175:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) != 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_restore.c:179:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) != 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_restore.c:208:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) != 0) data/postgresql-13-13.1/src/bin/pg_dump/pg_restore.c:233:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) != 0) data/postgresql-13-13.1/src/bin/pg_resetwal/pg_resetwal.c:361:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(pg_mode_mask); data/postgresql-13-13.1/src/bin/pg_resetwal/pg_resetwal.c:608:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, buffer, PG_CONTROL_FILE_SIZE); data/postgresql-13-13.1/src/bin/pg_rewind/copy_fetch.c:184:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readlen = read(srcfd, buf.data, len); data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.c:50:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcmp(path, &dstpath[strlen(datadir_target) + 1]) == 0) data/postgresql-13-13.1/src/bin/pg_rewind/file_ops.c:307:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd, buffer, len); data/postgresql-13-13.1/src/bin/pg_rewind/filemap.c:511:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int cmplen = strlen(excludeFiles[excludeIdx].name); data/postgresql-13-13.1/src/bin/pg_rewind/libpq_fetch.c:428:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (PQputCopyData(conn, linebuf, strlen(linebuf)) != 1) data/postgresql-13-13.1/src/bin/pg_rewind/parsexlog.c:332:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(xlogreadfd, readBuf, XLOG_BLCKSZ); data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:267:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(pg_mode_mask); data/postgresql-13-13.1/src/bin/pg_rewind/pg_rewind.c:568:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int) strlen(fetch_size_str), fetch_done_str, fetch_size_str, data/postgresql-13-13.1/src/bin/pg_test_timing/pg_test_timing.c:178:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len1 = strlen(header1); data/postgresql-13-13.1/src/bin/pg_test_timing/pg_test_timing.c:179:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len2 = strlen(header2); data/postgresql-13-13.1/src/bin/pg_test_timing/pg_test_timing.c:180:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len3 = strlen(header3); data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:370:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lena = chara ? (chara - canona) : strlen(canona); data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:374:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenb = charb ? (charb - canonb) : strlen(canonb); data/postgresql-13-13.1/src/bin/pg_upgrade/check.c:645:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(old_cluster.tablespace_suffix) == 0) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:137:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:214:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:224:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:234:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:245:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:256:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:267:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:286:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:297:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:308:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:319:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:330:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:341:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:344:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:358:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:370:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:381:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:392:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:403:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:414:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:425:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:436:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:447:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:458:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:469:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/controldata.c:480:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (p == NULL || strlen(p) <= 1) data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:427:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) <= strlen(EXE_EXT) || data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:427:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) <= strlen(EXE_EXT) || data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:428:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_strcasecmp(path + strlen(path) - strlen(EXE_EXT), EXE_EXT) != 0) data/postgresql-13-13.1/src/bin/pg_upgrade/exec.c:428:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_strcasecmp(path + strlen(path) - strlen(EXE_EXT), EXE_EXT) != 0) data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:103:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t nbytes = read(src_fd, buffer, COPY_BUF_SIZE); data/postgresql-13-13.1/src/bin/pg_upgrade/file.c:220:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((bytesRead = read(src_fd, buffer.data, BLCKSZ)) != BLCKSZ) data/postgresql-13-13.1/src/bin/pg_upgrade/function.c:32:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen1 = strlen(str1); data/postgresql-13-13.1/src/bin/pg_upgrade/function.c:33:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen2 = strlen(str2); data/postgresql-13-13.1/src/bin/pg_upgrade/function.c:205:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int llen = strlen(lib); data/postgresql-13-13.1/src/bin/pg_upgrade/function.c:225:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). llen = strlen(lib); data/postgresql-13-13.1/src/bin/pg_upgrade/function.c:229:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PQescapeStringConn(conn, cmd + strlen(cmd), lib, llen, NULL); data/postgresql-13-13.1/src/bin/pg_upgrade/function.c:230:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(cmd, "'"); data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:171:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(old_rel->tablespace) == 0) data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:188:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(new_rel->tablespace) == 0) data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:238:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(reldesc + strlen(reldesc), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:239:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(reldesc) - strlen(reldesc), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:248:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(reldesc + strlen(reldesc), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:249:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(reldesc) - strlen(reldesc), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:260:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(reldesc + strlen(reldesc), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:261:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(reldesc) - strlen(reldesc), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:268:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(reldesc + strlen(reldesc), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:269:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(reldesc) - strlen(reldesc), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:444:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(query + strlen(query), sizeof(query) - strlen(query), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:444:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(query + strlen(query), sizeof(query) - strlen(query), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:466:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(query + strlen(query), sizeof(query) - strlen(query), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:466:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(query + strlen(query), sizeof(query) - strlen(query), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:479:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(query + strlen(query), sizeof(query) - strlen(query), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:479:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(query + strlen(query), sizeof(query) - strlen(query), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:493:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(query + strlen(query), sizeof(query) - strlen(query), data/postgresql-13-13.1/src/bin/pg_upgrade/info.c:493:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(query + strlen(query), sizeof(query) - strlen(query), data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:363:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*dirpath == NULL || strlen(*dirpath) == 0) data/postgresql-13-13.1/src/bin/pg_upgrade/option.c:367:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((envVar = getenv(envVarName)) && strlen(envVar)) data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:86:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(PG_MODE_MASK_OWNER); data/postgresql-13-13.1/src/bin/pg_upgrade/pg_upgrade.c:111:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(pg_mode_mask); data/postgresql-13-13.1/src/bin/pg_upgrade/server.c:169:6: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (fscanf(version_fd, "%63s", cluster->major_version_str) == 0 || data/postgresql-13-13.1/src/bin/pg_upgrade/server.c:220:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(socket_string + strlen(socket_string), data/postgresql-13-13.1/src/bin/pg_upgrade/server.c:221:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(socket_string) - strlen(socket_string), data/postgresql-13-13.1/src/bin/pg_upgrade/server.c:376:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (value && strlen(value) > 0 && data/postgresql-13-13.1/src/bin/pg_upgrade/util.c:78:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(message) > 0 && message[strlen(message) - 1] == '\n') data/postgresql-13-13.1/src/bin/pg_upgrade/util.c:78:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(message) > 0 && message[strlen(message) - 1] == '\n') data/postgresql-13-13.1/src/bin/pg_upgrade/util.c:119:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(message) <= MESSAGE_WIDTH - 2 ? "" : "...", data/postgresql-13-13.1/src/bin/pg_upgrade/util.c:122:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(message) <= MESSAGE_WIDTH - 2 ? message : data/postgresql-13-13.1/src/bin/pg_upgrade/util.c:123:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). message + strlen(message) - MESSAGE_WIDTH + 3 + 2); data/postgresql-13-13.1/src/bin/pg_upgrade/util.c:189:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *result = pg_malloc(strlen(s) * 2 + 3); data/postgresql-13-13.1/src/bin/pg_verifybackup/parse_manifest.c:485:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int encoded_length = strlen(parse->encoded_pathname); data/postgresql-13-13.1/src/bin/pg_verifybackup/parse_manifest.c:515:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : strlen(parse->checksum); data/postgresql-13-13.1/src/bin/pg_verifybackup/parse_manifest.c:662:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(parse->manifest_checksum) != PG_SHA256_DIGEST_LENGTH * 2 || data/postgresql-13-13.1/src/bin/pg_verifybackup/pg_verifybackup.c:407:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fd, buffer, statbuf.st_size); data/postgresql-13-13.1/src/bin/pg_verifybackup/pg_verifybackup.c:732:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((rc = read(fd, buffer, READ_CHUNK_SIZE)) > 0) data/postgresql-13-13.1/src/bin/pg_verifybackup/pg_verifybackup.c:881:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return hash_bytes(ss, strlen(s)); data/postgresql-13-13.1/src/bin/pg_waldump/pg_waldump.c:194:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd, buf.data, XLOG_BLCKSZ); data/postgresql-13-13.1/src/bin/pgbench/exprparse.c:885:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/postgresql-13-13.1/src/bin/pgbench/exprscan.c:959:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/postgresql-13-13.1/src/bin/pgbench/exprscan.c:2227:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner); data/postgresql-13-13.1/src/bin/pgbench/exprscan.c:2783:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(state->scanbuf); data/postgresql-13-13.1/src/bin/pgbench/exprscan.c:2801:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(end_offset <= strlen(state->scanbuf)); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:1316:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(var->svalue); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:1539:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int valueln = strlen(value); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:1545:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *sql = pg_realloc(*sql, strlen(*sql) - len + valueln + 1); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:1550:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(param + valueln, param + len, strlen(param + len) + 1); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:2544:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). arglen = strlen(arg); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3762:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(opts + strlen(opts), sizeof(opts) - strlen(opts), data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3762:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(opts + strlen(opts), sizeof(opts) - strlen(opts), data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3773:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(tablespace)); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3774:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(opts + strlen(opts), sizeof(opts) - strlen(opts), data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3774:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(opts + strlen(opts), sizeof(opts) - strlen(opts), data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3800:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(opts + strlen(opts), len - strlen(opts), data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:3800:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(opts + strlen(opts), len - strlen(opts), data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:4040:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(index_tablespace)); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:4041:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buffer + strlen(buffer), sizeof(buffer) - strlen(buffer), data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:4041:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buffer + strlen(buffer), sizeof(buffer) - strlen(buffer), data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:4797:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). psql_scan_setup(sstate, script, strlen(script), 0, true); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:4991:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5036:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*script, option, namelen); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5908:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(initialize_steps) + 2); data/postgresql-13-13.1/src/bin/pgbench/pgbench.c:5909:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(initialize_steps, "f"); data/postgresql-13-13.1/src/bin/pgevent/pgevent.c:98:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buffer) + 1)) data/postgresql-13-13.1/src/bin/psql/command.c:985:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(fname, "0123456789") == strlen(fname)) data/postgresql-13-13.1/src/bin/psql/command.c:1379:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). optlen = strlen(option); data/postgresql-13-13.1/src/bin/psql/command.c:1498:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(opt); data/postgresql-13-13.1/src/bin/psql/command.c:2245:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newval = pg_realloc(newval, strlen(newval) + strlen(opt) + 1); data/postgresql-13-13.1/src/bin/psql/command.c:2245:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newval = pg_realloc(newval, strlen(newval) + strlen(opt) + 1); data/postgresql-13-13.1/src/bin/psql/command.c:3992:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vallen = strlen(value); data/postgresql-13-13.1/src/bin/psql/command.c:4153:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(value) != 1) data/postgresql-13-13.1/src/bin/psql/command.c:4574:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *ret = pg_malloc(strlen(str) * 2 + 3); data/postgresql-13-13.1/src/bin/psql/command.c:4760:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). title_len = (user_title ? strlen(user_title) : 0) + 256; data/postgresql-13-13.1/src/bin/psql/command.c:5043:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (reloptions != NULL && strlen(reloptions) > 2) data/postgresql-13-13.1/src/bin/psql/command.c:5104:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c = obj + strlen(obj) - 1; data/postgresql-13-13.1/src/bin/psql/command.c:5185:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t header_sz = in_header ? strlen(header_keyword) : 0; data/postgresql-13-13.1/src/bin/psql/common.c:165:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PQescapeLiteral(pset.db, value, strlen(value)); data/postgresql-13-13.1/src/bin/psql/common.c:168:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). PQescapeIdentifier(pset.db, value, strlen(value)); data/postgresql-13-13.1/src/bin/psql/common.c:387:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(error)) data/postgresql-13-13.1/src/bin/psql/common.c:1521:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). escname = PQescapeLiteral(pset.db, name, strlen(name)); data/postgresql-13-13.1/src/bin/psql/common.c:2262:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(home) != 0) data/postgresql-13-13.1/src/bin/psql/copy.c:215:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). toklen = strlen(token); data/postgresql-13-13.1/src/bin/psql/copy.c:619:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). linelen = strlen(buf); data/postgresql-13-13.1/src/bin/psql/crosstabview.c:601:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(val + 1, "0123456789") == strlen(val + 1)) || data/postgresql-13-13.1/src/bin/psql/crosstabview.c:602:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(val, "0123456789") == strlen(val))) data/postgresql-13-13.1/src/bin/psql/crosstabview.c:639:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (arg[0] && strspn(arg, "0123456789") == strlen(arg)) data/postgresql-13-13.1/src/bin/psql/describe.c:331:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(functypes) != strspn(functypes, "anptwS+")) data/postgresql-13-13.1/src/bin/psql/describe.c:2277:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(indpred)) data/postgresql-13-13.1/src/bin/psql/describe.c:3170:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sw = pg_wcswidth(s, strlen(s), pset.encoding); data/postgresql-13-13.1/src/bin/psql/describe.c:3248:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ctw = pg_wcswidth(ct, strlen(ct), pset.encoding); data/postgresql-13-13.1/src/bin/psql/help.c:527:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!topic || strlen(topic) == 0) data/postgresql-13-13.1/src/bin/psql/help.c:586:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(topic); data/postgresql-13-13.1/src/bin/psql/input.c:120:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!s[0] || s[strlen(s) - 1] != '\n') data/postgresql-13-13.1/src/bin/psql/input.c:145:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(s) - 1; i >= 0 && s[i] == '\n'; i--) data/postgresql-13-13.1/src/bin/psql/input.c:371:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (envhist != NULL && strlen(envhist) > 0) data/postgresql-13-13.1/src/bin/psql/large_obj.c:201:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t slen = strlen(comment_arg); data/postgresql-13-13.1/src/bin/psql/large_obj.c:207:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr = cmdbuf + strlen(cmdbuf); data/postgresql-13-13.1/src/bin/psql/large_obj.c:209:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(bufptr, "'"); data/postgresql-13-13.1/src/bin/psql/mainloop.c:210:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(line, line + 3, strlen(line + 3) + 1); data/postgresql-13-13.1/src/bin/psql/mainloop.c:384:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). psql_scan_setup(scan_state, line, strlen(line), data/postgresql-13-13.1/src/bin/psql/mainloop.c:550:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). psql_scan_setup(scan_state, line, strlen(line), data/postgresql-13-13.1/src/bin/psql/prompt.c:98:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *p && strlen(destination) < sizeof(destination) - 1; data/postgresql-13-13.1/src/bin/psql/prompt.c:339:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *end = p + strlen(p); data/postgresql-13-13.1/src/bin/psql/psqlscanslash.c:1380:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/postgresql-13-13.1/src/bin/psql/psqlscanslash.c:2718:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner); data/postgresql-13-13.1/src/bin/psql/psqlscanslash.c:3285:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mybuf.len = strlen(mybuf.data); data/postgresql-13-13.1/src/bin/psql/psqlscanslash.c:3404:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(cp, cp + 1, strlen(cp)); data/postgresql-13-13.1/src/bin/psql/startup.c:385:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cell->val, strlen(cell->val), data/postgresql-13-13.1/src/bin/psql/startup.c:772:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (envrc != NULL && strlen(envrc) > 0) data/postgresql-13-13.1/src/bin/psql/stringutils.c:80:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). storage = pg_malloc(2 * strlen(s) + 1); data/postgresql-13-13.1/src/bin/psql/stringutils.c:116:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p + 1, p, strlen(p) + 1); data/postgresql-13-13.1/src/bin/psql/stringutils.c:166:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p + 1, p, strlen(p) + 1); data/postgresql-13-13.1/src/bin/psql/stringutils.c:215:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p + 1, p, strlen(p) + 1); data/postgresql-13-13.1/src/bin/psql/stringutils.c:305:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dst = ret = pg_malloc(2 * strlen(src) + 3); /* excess */ data/postgresql-13-13.1/src/bin/psql/tab-complete.c:1231:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wordlen = strlen(word); data/postgresql-13-13.1/src/bin/psql/tab-complete.c:1382:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t length = strlen(s); data/postgresql-13-13.1/src/bin/psql/tab-complete.c:3979:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_length = strlen(text); data/postgresql-13-13.1/src/bin/psql/tab-complete.c:4134:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). byte_length = strlen(text); data/postgresql-13-13.1/src/bin/psql/tab-complete.c:4317:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string_length = strlen(text); data/postgresql-13-13.1/src/bin/psql/tab-complete.c:4553:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *retend = ret + strlen(ret) - 1; data/postgresql-13-13.1/src/bin/psql/tab-complete.c:4614:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text_length = strlen(text); data/postgresql-13-13.1/src/bin/psql/tab-complete.c:4855:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *send = s + strlen(s) - 1; data/postgresql-13-13.1/src/bin/psql/tab-complete.c:4898:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *workspace = (char *) pg_malloc(strlen(fname) + 2); data/postgresql-13-13.1/src/bin/psql/variables.c:116:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(value); data/postgresql-13-13.1/src/common/controldata_utils.c:79:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd, ControlFile, sizeof(ControlFileData)); data/postgresql-13-13.1/src/common/encnames.c:563:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) >= NAMEDATALEN) data/postgresql-13-13.1/src/common/exec.c:77:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) >= strlen(".exe") && data/postgresql-13-13.1/src/common/exec.c:77:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) >= strlen(".exe") && data/postgresql-13-13.1/src/common/exec.c:78:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_strcasecmp(path + strlen(path) - strlen(".exe"), ".exe") != 0) data/postgresql-13-13.1/src/common/exec.c:78:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_strcasecmp(path + strlen(path) - strlen(".exe"), ".exe") != 0) data/postgresql-13-13.1/src/common/exec.c:185:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). endp = startp + strlen(startp); /* point to end */ data/postgresql-13-13.1/src/common/exec.c:337:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(retpath + strlen(retpath), MAXPGPATH - strlen(retpath), data/postgresql-13-13.1/src/common/exec.c:337:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(retpath + strlen(retpath), MAXPGPATH - strlen(retpath), data/postgresql-13-13.1/src/common/file_utils.c:323:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(parentpath) == 0) data/postgresql-13-13.1/src/common/hashfn.c:667:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Size s_len = strlen((const char *) key); data/postgresql-13-13.1/src/common/ip.c:176:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) >= sizeof(unp->sun_path)) data/postgresql-13-13.1/src/common/kwlookup.c:49:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/postgresql-13-13.1/src/common/logging.c:196:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(fmt[strlen(fmt) - 1] != '\n'); data/postgresql-13-13.1/src/common/md5.c:326:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t passwd_len = strlen(passwd); data/postgresql-13-13.1/src/common/protocol_openssl.c:37:24: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. #error OpenSSL version mismatch data/postgresql-13-13.1/src/common/relpath.c:87:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(forkNames[forkNum]); data/postgresql-13-13.1/src/common/saslprep.c:1082:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(input) > MAX_PASSWORD_LENGTH) data/postgresql-13-13.1/src/common/scram-common.c:108:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int password_len = strlen(password); data/postgresql-13-13.1/src/common/scram-common.c:165:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scram_HMAC_update(&ctx, "Client Key", strlen("Client Key")); data/postgresql-13-13.1/src/common/scram-common.c:178:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scram_HMAC_update(&ctx, "Server Key", strlen("Server Key")); data/postgresql-13-13.1/src/common/scram-common.c:226:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen = strlen("SCRAM-SHA-256") + 1 data/postgresql-13-13.1/src/common/string.c:33:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t slen = strlen(str); data/postgresql-13-13.1/src/common/string.c:34:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t elen = strlen(end); data/postgresql-13-13.1/src/common/string.c:107:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str); data/postgresql-13-13.1/src/common/stringinfo.c:178:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). appendBinaryStringInfo(str, s, strlen(s)); data/postgresql-13-13.1/src/fe_utils/cancel.c:35:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc_ = write(fileno(stderr), str_, strlen(str_)); \ data/postgresql-13-13.1/src/fe_utils/print.c:226:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += ((int_len - 1) / groupdigits) * strlen(thousands_sep); data/postgresql-13-13.1/src/fe_utils/print.c:230:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(decimal_point) - 1; data/postgresql-13-13.1/src/fe_utils/print.c:257:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(my_str, "0123456789+-.eE") != strlen(my_str)) data/postgresql-13-13.1/src/fe_utils/print.c:260:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_len = strlen(my_str) + additional_numeric_locale_len(my_str); data/postgresql-13-13.1/src/fe_utils/print.c:284:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_str_pos += strlen(thousands_sep); data/postgresql-13-13.1/src/fe_utils/print.c:294:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_str_pos += strlen(decimal_point); data/postgresql-13-13.1/src/fe_utils/print.c:302:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Assert(strlen(new_str) <= new_len); data/postgresql-13-13.1/src/fe_utils/print.c:661:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_wcssize((const unsigned char *) cont->headers[i], strlen(cont->headers[i]), data/postgresql-13-13.1/src/fe_utils/print.c:685:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_wcssize((const unsigned char *) *ptr, strlen(*ptr), encoding, data/postgresql-13-13.1/src/fe_utils/print.c:846:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_wcssize((const unsigned char *) *ptr, strlen(*ptr), encoding, data/postgresql-13-13.1/src/fe_utils/print.c:885:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_wcssize((const unsigned char *) cont->title, strlen(cont->title), data/postgresql-13-13.1/src/fe_utils/print.c:908:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cont->headers[i]), encoding, data/postgresql-13-13.1/src/fe_utils/print.c:978:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_wcsformat((const unsigned char *) ptr[j], strlen(ptr[j]), encoding, data/postgresql-13-13.1/src/fe_utils/print.c:1293:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_wcssize((const unsigned char *) cont->headers[i], strlen(cont->headers[i]), data/postgresql-13-13.1/src/fe_utils/print.c:1313:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_wcssize((const unsigned char *) *ptr, strlen(*ptr), encoding, data/postgresql-13-13.1/src/fe_utils/print.c:1528:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cont->headers[i % cont->ncolumns]), data/postgresql-13-13.1/src/fe_utils/print.c:1531:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_wcsformat((const unsigned char *) *ptr, strlen(*ptr), encoding, data/postgresql-13-13.1/src/fe_utils/print.c:1773:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcspn(str, "\r\n\"") != strlen(str) || data/postgresql-13-13.1/src/fe_utils/print.c:3021:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(pagerprog, " \t\r\n") == strlen(pagerprog)) data/postgresql-13-13.1/src/fe_utils/print.c:3633:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned char *end = str + strlen((char *) str); data/postgresql-13-13.1/src/fe_utils/psqlscan.c:2346:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/postgresql-13-13.1/src/fe_utils/psqlscan.c:4000:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) , yyscanner); data/postgresql-13-13.1/src/fe_utils/psqlscan.c:4747:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stackelem->buf = psqlscan_prepare_buffer(state, newstr, strlen(newstr), data/postgresql-13-13.1/src/fe_utils/simple_list.c:68:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_malloc(offsetof(SimpleStringListCell, val) + strlen(val) + 1); data/postgresql-13-13.1/src/fe_utils/string_utils.c:218:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t length = strlen(str); data/postgresql-13-13.1/src/fe_utils/string_utils.c:295:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t length = strlen(str); data/postgresql-13-13.1/src/fe_utils/string_utils.c:454:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(str, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_./:") == strlen(str)) data/postgresql-13-13.1/src/fe_utils/string_utils.c:676:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inputlen = strlen(atext); data/postgresql-13-13.1/src/include/access/tupmacs.h:189:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (cur_offset) + (strlen((char *) (attptr)) + 1) \ data/postgresql-13-13.1/src/include/access/xlog_internal.h:175:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(fname) == XLOG_FNAME_LEN && \ data/postgresql-13-13.1/src/include/access/xlog_internal.h:184:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(fname) == XLOG_FNAME_LEN + strlen(".partial") && \ data/postgresql-13-13.1/src/include/access/xlog_internal.h:184:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(fname) == XLOG_FNAME_LEN + strlen(".partial") && \ data/postgresql-13-13.1/src/include/access/xlog_internal.h:205:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(fname) == 8 + strlen(".history") && \ data/postgresql-13-13.1/src/include/access/xlog_internal.h:205:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(fname) == 8 + strlen(".history") && \ data/postgresql-13-13.1/src/include/access/xlog_internal.h:222:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(fname) > XLOG_FNAME_LEN && \ data/postgresql-13-13.1/src/include/access/xlog_internal.h:224:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcmp((fname) + strlen(fname) - strlen(".backup"), ".backup") == 0) data/postgresql-13-13.1/src/include/access/xlog_internal.h:224:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcmp((fname) + strlen(fname) - strlen(".backup"), ".backup") == 0) data/postgresql-13-13.1/src/include/c.h:952:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(_dst, (src), _len); \ data/postgresql-13-13.1/src/include/libpq/pqformat.h:111:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen(str); data/postgresql-13-13.1/src/include/libpq/pqformat.h:116:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(p); data/postgresql-13-13.1/src/include/nodes/nodes.h:651:13: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. extern bool equal(const void *a, const void *b); data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:394:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) (strlen(str) + 1) > len) data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:657:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(str, tmp, strlen(tmp)); data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:727:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(str); data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:745:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t fmt_len = strlen(fmt); data/postgresql-13-13.1/src/interfaces/ecpg/compatlib/informix.c:920:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_len = strlen(temp); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c:175:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (con->autocommit && strncmp(mode, "off", strlen("off")) == 0) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c:186:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!con->autocommit && strncmp(mode, "on", strlen("on")) == 0) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c:257:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sqlca->sqlstate, sqlstate, sizeof(sqlca->sqlstate)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c:262:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sqlca->sqlerrm.sqlerrmc, message, sizeof(sqlca->sqlerrm.sqlerrmc)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c:264:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlca->sqlerrm.sqlerrml = strlen(sqlca->sqlerrm.sqlerrmc); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c:358:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(dbname + offset, "postgresql://", strlen("postgresql://")) == 0) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c:367:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset += strlen("postgresql://"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c:475:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dbname) > 0) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c:515:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (user && strlen(user) > 0) ? "for user " : "", user ? user : ""); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c:523:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (user && strlen(user) > 0) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c:525:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (passwd && strlen(passwd) > 0) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c:570:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (user && strlen(user) > 0) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/connect.c:576:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (passwd && strlen(passwd) > 0) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/data.c:629:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, pval, size + 1); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/data.c:645:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, pval, varcharsize); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/data.c:692:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(variable->arr, pval, variable->len); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/data.c:695:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(variable->arr, pval, varcharsize); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/descriptor.c:208:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *) var, value, varcharsize); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/descriptor.c:216:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(variable->arr, value, strlen(value)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/descriptor.c:218:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(variable->arr, value, varcharsize); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/descriptor.c:220:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). variable->len = strlen(value); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/descriptor.c:814:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->name = ecpg_alloc(strlen(name) + 1, line); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:25:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sqlca->sqlstate, sqlstate, sizeof(sqlca->sqlstate)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:211:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlca->sqlerrm.sqlerrml = strlen(sqlca->sqlerrm.sqlerrmc); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:260:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlca->sqlerrm.sqlerrml = strlen(sqlca->sqlerrm.sqlerrmc); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/error.c:263:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sqlca->sqlstate, sqlstate, sizeof(sqlca->sqlstate)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:55:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(arg); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:269:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). array_query = (char *) ecpg_alloc(strlen("select typlen from pg_type where oid= and typelem<>0") + 11, stmt->lineno); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:363:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(PQgetvalue(results, act_tuple, act_field)) + 1; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:373:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(PQgetvalue(results, act_tuple, act_field)) + 1; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:428:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(PQgetvalue(results, act_tuple, act_field)) + 1; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:503:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(to_data + 3 + ecpg_hex_enc_len(from_len), "\'"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:575:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval, "{"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:578:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(mallocedval + strlen(mallocedval), "%hd,", ((short *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:580:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:580:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:594:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval, "{"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:597:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(mallocedval + strlen(mallocedval), "%d,", ((int *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:599:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:599:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:613:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval, "{"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:616:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(mallocedval + strlen(mallocedval), "%hu,", ((unsigned short *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:618:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:618:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:632:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval, "{"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:635:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(mallocedval + strlen(mallocedval), "%u,", ((unsigned int *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:637:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:637:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:651:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval, "{"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:654:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(mallocedval + strlen(mallocedval), "%ld,", ((long *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:656:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:656:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:670:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval, "{"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:673:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(mallocedval + strlen(mallocedval), "%lu,", ((unsigned long *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:675:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:675:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:689:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval, "{"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:692:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(mallocedval + strlen(mallocedval), "%lld,", ((long long int *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:694:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:694:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:708:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval, "{"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:711:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(mallocedval + strlen(mallocedval), "%llu,", ((unsigned long long int *) var->value)[element]); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:713:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:713:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:727:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval, "{"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:730:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf_float_value(mallocedval + strlen(mallocedval), ((float *) var->value)[element], ","); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:732:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:732:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:746:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval, "{"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:749:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf_double_value(mallocedval + strlen(mallocedval), ((double *) var->value)[element], ","); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:751:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:751:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:765:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval, "{"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:768:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(mallocedval + strlen(mallocedval), "%c,", (((bool *) var->value)[element]) ? 't' : 'f'); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:770:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:770:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:790:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = (var->varcharsize == 0) ? strlen((char *) var->value) : (unsigned int) var->varcharsize; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:795:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newcopy, (char *) var->value, slen); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:811:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen((char *) var->value); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:816:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mallocedval, (char *) var->value, slen); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:844:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newcopy, variable->arr, variable->len); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:897:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(str); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:900:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(newcopy = ecpg_realloc(mallocedval, strlen(mallocedval) + slen + 2, lineno))) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:909:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(mallocedval + strlen(mallocedval), str, slen + 1); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:911:8: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval), ","); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:911:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval), ","); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:917:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:917:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:945:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(str); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:947:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(newcopy = ecpg_realloc(mallocedval, strlen(mallocedval) + slen + 2, lineno))) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:956:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(mallocedval + strlen(mallocedval), str, slen + 1); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:958:8: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval), ","); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:958:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval), ","); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:964:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:964:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:992:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(str); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:994:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(newcopy = ecpg_realloc(mallocedval, strlen(mallocedval) + slen + 2, lineno))) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1003:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(mallocedval + strlen(mallocedval), str, slen + 1); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1005:8: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval), ","); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1005:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval), ","); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1011:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1011:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1039:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(str); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1041:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(newcopy = ecpg_realloc(mallocedval, strlen(mallocedval) + slen + 2, lineno))) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1050:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(mallocedval + strlen(mallocedval), str, slen + 1); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1052:8: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval), ","); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1052:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval), ","); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1058:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1058:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(mallocedval + strlen(mallocedval) - 1, "}"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1134:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(newcopy = (char *) ecpg_alloc(strlen(stmt->command) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1135:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(tobeinserted) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1181:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). var.varcharsize = strlen(desc_item->data); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1306:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). desc_inlist.varcharsize = strlen(sqlda->sqlvar[i].sqldata); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1361:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). desc_inlist.varcharsize = strlen(sqlda->sqlvar[i].sqldata); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1434:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ph_len = (stmt->command[position] == '?') ? strlen("?") : strlen("$1"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1434:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ph_len = (stmt->command[position] == '?') ? strlen("?") : strlen("$1"); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/execute.c:1455:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *str = ecpg_alloc(strlen(tobeinserted) + 2 + 1, data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/misc.c:284:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufsize = strlen(intl_format) + 100; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/misc.c:565:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(sqlca->sqlstate, "YE001", sizeof(sqlca->sqlstate)); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/misc.c:567:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlca->sqlerrm.sqlerrml = strlen(sqlca->sqlerrm.sqlerrmc); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/prepare.c:135:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(newcopy = (char *) ecpg_alloc(strlen(*text) - len + strlen(buffer) + 1, lineno))) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/prepare.c:135:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(newcopy = (char *) ecpg_alloc(strlen(*text) - len + strlen(buffer) + 1, lineno))) data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/prepare.c:273:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text = (char *) ecpg_alloc(strlen("deallocate \"\" ") + strlen(this->name), this->stmt->lineno); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/prepare.c:273:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text = (char *) ecpg_alloc(strlen("deallocate \"\" ") + strlen(this->name), this->stmt->lineno); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/prepare.c:388:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stmtLeng = strlen(ecpgQuery); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/sqlda.c:56:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset += strlen(PQfname(res, i)) + 1; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/sqlda.c:144:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long datalen = strlen(PQgetvalue(res, row, i)) + 1; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/sqlda.c:234:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fname += strlen(sqlda->sqlvar[i].sqlname) + 1; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/sqlda.c:382:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). datalen = strlen(PQgetvalue(res, row, i)) + 1; data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/sqlda.c:436:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlda->sqlvar[i].sqlname.length = strlen(fname); data/postgresql-13-13.1/src/interfaces/ecpg/ecpglib/sqlda.c:571:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). datalen = strlen(PQgetvalue(res, row, i)) + 1; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/common.c:43:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(replace_val.str_val); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/common.c:118:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(t); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:64:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) > MAXDATELEN) data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:261:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(replace_val.str_val)); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:273:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(start_pattern, t, strlen(t)); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:285:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(start_pattern, t, strlen(t)); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:297:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(start_pattern, t, strlen(t)); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:432:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(str); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:444:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str_copy = pgtypes_alloc(strlen(str) + 1 + 2); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:492:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str_copy + target_pos, str + start_pos, data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:517:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(str_copy); i++) data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/datetime.c:612:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). token[token_count][1] = offset + strlen(month_lower_tmp) - 1; data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:724:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:780:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:784:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), ":%02d", tm->tm_sec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:787:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), " BC"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:794:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), "%+03d:%02d", hour, min); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:796:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), "%+03d", hour); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:818:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:822:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), ":%02d", tm->tm_sec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:825:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), " BC"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:836:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), " %.*s", MAXTZLEN, tzn); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:842:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), "%+03d:%02d", hour, min); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:844:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), "%+03d", hour); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:864:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:868:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), ":%02d", tm->tm_sec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:871:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), " BC"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:876:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), " %.*s", MAXTZLEN, tzn); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:882:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), "%+03d:%02d", hour, min); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:884:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), "%+03d", hour); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:897:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(str + 3, " "); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:912:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), ":%02d.%06d", tm->tm_sec, fsec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:916:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), ":%02d", tm->tm_sec); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:918:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), " %04d", data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:921:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), " BC"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:926:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), " %.*s", MAXTZLEN, tzn); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:938:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), " %+03d:%02d", hour, min); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:940:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), " %+03d", hour); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1018:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tm->tm_zone) > MAXTZLEN) data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1036:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(TZNAME_GLOBAL[tm->tm_isdst]) > MAXTZLEN) data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1115:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1392:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((len = strlen(field[i])) <= 0) data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1514:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (*cp == '\0' && (len = strlen(str)) > 3) data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:1886:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((ftype[i] = DecodeNumberField(strlen(field[i]), field[i], fmask, data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2066:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((ftype[i] = DecodeNumberField(strlen(field[i]), field[i], (fmask | DTK_DATE_M), data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2087:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen(field[i]); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2097:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (cp != NULL && flen - strlen(cp) > 2) data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2432:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end_position = str + strlen(str); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2451:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end_position = str + strlen(str); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2575:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(pgtypes_date_weekdays_short[j])) == 0) data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2579:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pstr += strlen(pgtypes_date_weekdays_short[j]); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2592:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(days[j], pstr, strlen(days[j])) == 0) data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2596:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pstr += strlen(days[j]); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2609:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(months[j], pstr, strlen(months[j])) == 0) data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2613:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pstr += strlen(months[j]); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2627:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(pgtypes_date_months[j], pstr, strlen(pgtypes_date_months[j])) == 0) data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2631:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pstr += strlen(pgtypes_date_months[j]); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2661:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = pgtypes_alloc(strlen("%m/%d/%y") + strlen(pstr) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2661:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = pgtypes_alloc(strlen("%m/%d/%y") + strlen(pstr) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2786:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = pgtypes_alloc(strlen("%I:%M:%S %p") + strlen(pstr) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2786:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = pgtypes_alloc(strlen("%I:%M:%S %p") + strlen(pstr) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2794:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = pgtypes_alloc(strlen("%H:%M") + strlen(pstr) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2794:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = pgtypes_alloc(strlen("%H:%M") + strlen(pstr) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2839:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = pgtypes_alloc(strlen("%H:%M:%S") + strlen(pstr) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/dt_common.c:2839:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = pgtypes_alloc(strlen("%H:%M:%S") + strlen(pstr) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:121:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) < 2 || str[0] != 'P') data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:699:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return cp + strlen(cp); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:722:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return cp + strlen(cp); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:732:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return cp + strlen(cp); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:817:6: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(cp, "0"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:835:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:845:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:851:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:879:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:898:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:906:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(cp, "@"); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:926:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp); data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/interval.c:1029:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) > MAXDATELEN) data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/numeric.c:115:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (alloc_var(dest, strlen((*ptr))) < 0) data/postgresql-13-13.1/src/interfaces/ecpg/pgtypeslib/timestamp.c:221:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) > MAXDATELEN) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/c_keywords.c:46:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/descriptor.c:26:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->variable = mm_alloc(strlen(var) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/descriptor.c:86:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->name = mm_alloc(strlen(name) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/descriptor.c:90:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->connection = mm_alloc(strlen(connection) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:286:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). input_filename = mm_alloc(strlen("stdin") + 1); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:292:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). input_filename = mm_alloc(strlen(argv[fnr]) + 5); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:302:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr2ext = input_filename + strlen(input_filename); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/ecpg.c:321:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). output_filename = mm_alloc(strlen(input_filename) + 3); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/output.c:104:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *line = mm_alloc(strlen("\n#line %d \"%s\"\n") + sizeof(int) * CHAR_BIT * 10 / 3 + strlen(input_filename) * 2); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/output.c:104:94: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *line = mm_alloc(strlen("\n#line %d \"%s\"\n") + sizeof(int) * CHAR_BIT * 10 / 3 + strlen(input_filename) * 2); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/output.c:110:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dest = line + strlen(line); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/output.c:212:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/parser.c:175:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(escstr) != 3 || !check_uescapechar(escstr[1])) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:1909:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:3259:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(yytext)-2; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:3546:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(yytext)-2; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4495:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) ); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4852:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(yytext)-2; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4870:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(yytext, yytext+1, strlen(yytext)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4876:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(inc_file) <= 2 || strcmp(inc_file + strlen(inc_file) - 2, ".h") != 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4876:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(inc_file) <= 2 || strcmp(inc_file + strlen(inc_file) - 2, ".h") != 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4889:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(yytext, yytext+1, strlen(yytext)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4894:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ip->path) + strlen(yytext) + 4 > MAXPGPATH) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4894:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ip->path) + strlen(yytext) + 4 > MAXPGPATH) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/pgc.c:4903:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(inc_file + strlen(inc_file) - 2, ".h") != 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:213:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * res_str = (char *)mm_alloc(strlen(str1) + strlen(str2) + 2); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:213:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * res_str = (char *)mm_alloc(strlen(str1) + strlen(str2) + 2); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:216:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str1) != 0 && strlen(str2) != 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:216:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str1) != 0 && strlen(str2) != 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:217:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(res_str, " "); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:247:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * res_str = (char *)mm_alloc(strlen(str1) + strlen(str2) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:247:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * res_str = (char *)mm_alloc(strlen(str1) + strlen(str2) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:259:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * res_str = (char *)mm_alloc(strlen(str1) + strlen(str2) +strlen(str3) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:259:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * res_str = (char *)mm_alloc(strlen(str1) + strlen(str2) +strlen(str3) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:259:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * res_str = (char *)mm_alloc(strlen(str1) + strlen(str2) +strlen(str3) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:311:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result[strlen(result)-3] = '\0'; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:359:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (strncmp(ptr->variable->name, "ECPGprepared_statement", strlen("ECPGprepared_statement")) == 0)) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:34055:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:34797:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pg_strcasecmp((yyvsp[0].str)+strlen("close "), "database") == 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:35040:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { output_simple_statement((yyvsp[0].str), (strncmp((yyvsp[0].str), "ECPGset_var", strlen("ECPGset_var")) == 0) ? 4 : 0); } data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:35143:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((yyvsp[0].exec).type == NULL || strlen((yyvsp[0].exec).type) == 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:35157:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str[strlen(str) - 1] = '\0'; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:35158:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(length, "%zu", strlen(str)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:35244:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen((yyvsp[0].prep).type) == 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:35260:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str[strlen(str) - 1] = '\0'; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:35261:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(length, "%zu", strlen(str)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:35421:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). output_simple_statement((yyvsp[0].str), (strncmp((yyvsp[0].str), "ECPGset_var", strlen("ECPGset_var")) == 0) ? 4 : 0); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:47799:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *curname = mm_alloc(strlen((yyvsp[0].str)) + 2); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:56683:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen((yyvsp[-1].str)) > 0 && *((yyvsp[-1].str)) != '@') data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:56699:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp((yyvsp[-6].str), "unix:postgresql", strlen("unix:postgresql")) != 0 && strncmp((yyvsp[-6].str), "tcp:postgresql", strlen("tcp:postgresql")) != 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:56699:130: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp((yyvsp[-6].str), "unix:postgresql", strlen("unix:postgresql")) != 0 && strncmp((yyvsp[-6].str), "tcp:postgresql", strlen("tcp:postgresql")) != 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:56702:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp((yyvsp[-4].str), "//", strlen("//")) != 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:56705:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp((yyvsp[-6].str), "unix", strlen("unix")) == 0 && data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:56706:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncmp((yyvsp[-4].str) + strlen("//"), "localhost", strlen("localhost")) != 0 && data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:56706:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncmp((yyvsp[-4].str) + strlen("//"), "localhost", strlen("localhost")) != 0 && data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:56707:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncmp((yyvsp[-4].str) + strlen("//"), "127.0.0.1", strlen("127.0.0.1")) != 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:56707:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncmp((yyvsp[-4].str) + strlen("//"), "127.0.0.1", strlen("127.0.0.1")) != 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:56708:122: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mmerror(PARSE_ERROR, ET_ERROR, "Unix-domain sockets only work on \"localhost\" but not on \"%s\"", (yyvsp[-4].str) + strlen("//")); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:56730:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (yyvsp[0].str)[strlen((yyvsp[0].str))-1] = '\"'; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:56942:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen((yyvsp[-1].str)) == 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:56970:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen((yyvsp[-1].str)) == 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57008:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((yyvsp[0].str)[0] == '\"' && (yyvsp[0].str)[strlen((yyvsp[0].str))-1] == '\"') /* already quoted? */ data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57014:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i< strlen((yyvsp[0].str)); i++) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57065:89: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). thisquery->name = (char *) mm_alloc(sizeof("ECPGprepared_statement(, , __LINE__)") + strlen(con) + strlen((yyvsp[0].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57065:103: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). thisquery->name = (char *) mm_alloc(sizeof("ECPGprepared_statement(, , __LINE__)") + strlen(con) + strlen((yyvsp[0].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57449:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen((yyvsp[0].str)) != 0 && strcmp ((yyvsp[-1].str), "datetime") != 0 && strcmp ((yyvsp[-1].str), "interval") != 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57553:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (this->type->type_sizeof && strlen(this->type->type_sizeof) != 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57898:155: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). adjust_array(actual_type[struct_level].type_enum, &dimension, &length, actual_type[struct_level].type_dimension, actual_type[struct_level].type_index, strlen((yyvsp[-4].str)), false); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:57951:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i = strlen((yyvsp[0].str)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58186:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(length, "%zu", strlen((yyvsp[0].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58263:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (yyval.str) = (char *) mm_alloc(sizeof("1, , ") + strlen(con) + strlen((yyvsp[-1].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58263:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (yyval.str) = (char *) mm_alloc(sizeof("1, , ") + strlen(con) + strlen((yyvsp[-1].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58279:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (yyval.str) = (char *) mm_alloc(sizeof("0, , ") + strlen(con) + strlen((yyvsp[-1].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58279:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (yyval.str) = (char *) mm_alloc(sizeof("0, , ") + strlen(con) + strlen((yyvsp[-1].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58289:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (yyval.str) = (char *) mm_alloc(sizeof("0, , ") + strlen(con) + strlen((yyvsp[-1].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58289:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (yyval.str) = (char *) mm_alloc(sizeof("0, , ") + strlen(con) + strlen((yyvsp[-1].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58300:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (yyval.str) = (char *) mm_alloc(sizeof("1, , ") + strlen(con) + strlen((yyvsp[-1].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58300:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (yyval.str) = (char *) mm_alloc(sizeof("1, , ") + strlen(con) + strlen((yyvsp[-1].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58310:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (yyval.str) = (char *) mm_alloc(sizeof("0, , ") + strlen(con) + strlen((yyvsp[-1].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58310:67: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (yyval.str) = (char *) mm_alloc(sizeof("0, , ") + strlen(con) + strlen((yyvsp[-1].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58377:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(length, "%zu", strlen((yyvsp[0].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58429:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(length, "%zu", strlen((yyvsp[0].str))); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58450:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(length, "%zu", strlen(var)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58463:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(length, "%zu", strlen(var)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58476:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). var[strlen(var) - 1] = '\0'; data/postgresql-13-13.1/src/interfaces/ecpg/preproc/preproc.c:58477:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(length, "%zu", strlen(var)); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:427:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *variable = (char *) mm_alloc(strlen(name) + ((prefix == NULL) ? 0 : strlen(prefix)) + 4); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:427:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *variable = (char *) mm_alloc(strlen(name) + ((prefix == NULL) ? 0 : strlen(prefix)) + 4); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:428:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *offset = (char *) mm_alloc(strlen(name) + strlen("sizeof(struct varchar_)") + 1 + strlen(varcharsize) + sizeof(int) * CHAR_BIT * 10 / 3); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:428:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *offset = (char *) mm_alloc(strlen(name) + strlen("sizeof(struct varchar_)") + 1 + strlen(varcharsize) + sizeof(int) * CHAR_BIT * 10 / 3); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:428:94: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *offset = (char *) mm_alloc(strlen(name) + strlen("sizeof(struct varchar_)") + 1 + strlen(varcharsize) + sizeof(int) * CHAR_BIT * 10 / 3); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:562:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(arrsize, "1"); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:568:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (size == NULL || strlen(size) == 0) data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:589:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *pbuf = (char *) mm_alloc(strlen(name) + ((prefix == NULL) ? 0 : strlen(prefix)) + 3); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:589:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *pbuf = (char *) mm_alloc(strlen(name) + ((prefix == NULL) ? 0 : strlen(prefix)) + 3); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:590:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *ind_pbuf = (char *) mm_alloc(strlen(ind_name) + ((ind_prefix == NULL) ? 0 : strlen(ind_prefix)) + 3); data/postgresql-13-13.1/src/interfaces/ecpg/preproc/type.c:590:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *ind_pbuf = (char *) mm_alloc(strlen(ind_name) + ((ind_prefix == NULL) ? 0 : strlen(ind_prefix)) + 3); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_informix/dec_test.pgc:51:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = deccvasc(decs[i], strlen(decs[i]), dec); data/postgresql-13-13.1/src/interfaces/ecpg/test/compat_oracle/char_array.pgc:48:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(shortstr, ppppp, sizeof shortstr); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:45:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vallen = strlen(convert); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_informix-dec_test.c:104:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r = deccvasc(decs[i], strlen(decs[i]), dec); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/compat_oracle-char_array.c:160:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(shortstr, ppppp, sizeof shortstr); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test.c:142:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = (char*) malloc(strlen(fmt) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.c:140:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length = strlen(dates[i]) data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-dt_test2.c:142:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(times[j]) data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-num_test.c:41:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vallen = strlen(convert); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/pgtypeslib-num_test2.c:42:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vallen = strlen(convert); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-cursor.c:668:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curname4.len = strlen(CURNAME); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/preproc-define.c:161:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(n, name[i], 8); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-desc.c:150:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"2",(long)1,(long)1,strlen("2"), ECPGd_EODT); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-desc.c:177:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"3",(long)1,(long)1,strlen("3"), ECPGd_EODT); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-desc.c:185:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"this is a long test",(long)19,(long)1,strlen("this is a long test"), ECPGd_indicator, data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-desc.c:291:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"2",(long)1,(long)1,strlen("2"), ECPGd_EODT); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:179:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(n, name[i], 8); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:211:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"1",(long)1,(long)1,strlen("1"), data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:246:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(n, name[i], 8); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:272:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"2",(long)1,(long)1,strlen("2"), data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-execute.c:301:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(n, name[i], 8); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-fetch.c:180:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"1",(long)1,(long)1,strlen("1"), data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c:170:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(n, name[i], 8); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c:196:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"1",(long)1,(long)1,strlen("1"), data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-oldexec.c:221:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(n, name[i], 8); data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-prepareas.c:342:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"ident_name",(long)10,(long)1,strlen("ident_name"), data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-prepareas.c:351:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"ident_name",(long)10,(long)1,strlen("ident_name"), data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-prepareas.c:379:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"normal_name",(long)11,(long)1,strlen("normal_name"), data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-prepareas.c:388:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"normal_name",(long)11,(long)1,strlen("normal_name"), data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-prepareas.c:416:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"include_ _name",(long)14,(long)1,strlen("include_ _name"), data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-prepareas.c:425:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"include_ _name",(long)14,(long)1,strlen("include_ _name"), data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-prepareas.c:596:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"ident_name",(long)10,(long)1,strlen("ident_name"), data/postgresql-13-13.1/src/interfaces/ecpg/test/expected/sql-prepareas.c:631:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ECPGt_const,"include_ _name",(long)14,(long)1,strlen("include_ _name"), data/postgresql-13-13.1/src/interfaces/ecpg/test/pgtypeslib/dt_test.pgc:68:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = (char*) malloc(strlen(fmt) + 1); data/postgresql-13-13.1/src/interfaces/ecpg/test/pgtypeslib/dt_test2.pgc:105:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length = strlen(dates[i]) data/postgresql-13-13.1/src/interfaces/ecpg/test/pgtypeslib/dt_test2.pgc:107:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(times[j]) data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/cursor.pgc:196:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curname4.len = strlen(CURNAME); data/postgresql-13-13.1/src/interfaces/ecpg/test/preproc/define.pgc:70:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(n, name[i], NAMELEN); data/postgresql-13-13.1/src/interfaces/ecpg/test/printf_hack.h:14:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vallen = strlen(convert); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:62:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(n, name[i], 8); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:84:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(n, name[i], 8); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/execute.pgc:103:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(n, name[i], 8); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:61:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(n, name[i], 8); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/oldexec.pgc:80:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(n, name[i], 8); data/postgresql-13-13.1/src/interfaces/ecpg/test/sql/show.pgc:34:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). EXEC SQL SET TRANSACTION ISOLATION LEVEL read committed; data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:215:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (inputlen != strlen(input)) data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:231:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *outputlen = strlen(*output); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:245:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *outputlen = strlen(*output); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:481:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cbind_header_len = strlen("p=tls-server-end-point,,"); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:614:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(nonce) < strlen(state->client_nonce) || data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:614:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(nonce) < strlen(state->client_nonce) || data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:615:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcmp(nonce, state->client_nonce, strlen(state->client_nonce)) != 0) data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:636:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). decoded_salt_len = pg_b64_dec_len(strlen(encoded_salt)); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:645:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(encoded_salt), data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:720:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). server_signature_len = pg_b64_dec_len(strlen(encoded_server_signature)); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:730:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(encoded_server_signature), data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:774:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->client_first_message_bare)); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:778:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->server_first_message)); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:782:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(client_final_message_without_proof)); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:806:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->client_first_message_bare)); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:810:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->server_first_message)); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth-scram.c:814:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(state->client_final_message_without_proof)); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:391:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). conn->sspitarget = malloc(strlen(conn->krbsrvname) + strlen(host) + 2); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:391:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). conn->sspitarget = malloc(strlen(conn->krbsrvname) + strlen(host) + 2); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:776:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(conn->pguser), crypt_pwd2)) data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:781:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!pg_md5_encrypt(crypt_pwd2 + strlen("md5"), md5Salt, data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:799:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = pqPacketSend(conn, 'p', pwd_to_send, strlen(pwd_to_send) + 1); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:801:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = pqPacketSend(conn, 0, pwd_to_send, strlen(pwd_to_send) + 1); data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:1155:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd)) data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:1226:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(val) > MAX_ALGORITHM_NAME_LEN) data/postgresql-13-13.1/src/interfaces/libpq/fe-auth.c:1260:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd)) data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:1714:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(host_addr) > 0 && data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:2418:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(portstr) >= UNIXSOCK_PATH_BUFLEN) data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:2536:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(host_addr) > 0) data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:3442:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). conn->errorMessage.len = strlen(conn->errorMessage.data); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:3837:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(conn->last_sqlstate) != 5) data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:3985:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). explicit_bzero(conn->connhost[i].password, strlen(conn->connhost[i].password)); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4022:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). explicit_bzero(conn->pgpass, strlen(conn->pgpass)); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4045:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). explicit_bzero(conn->sslpassword, strlen(conn->sslpassword)); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4422:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen = errbufsize - strlen(errbuf) - 2; data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4425:3: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(errbuf, SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf)), data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4427:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(errbuf, "\n"); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4483:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). conn->errorMessage.len = strlen(conn->errorMessage.data); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4492:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). conn->errorMessage.len = strlen(conn->errorMessage.data); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4611:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pg_strncasecmp(url, LDAP_URL, strlen(LDAP_URL)) != 0) data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4620:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hostname = url + strlen(LDAP_URL); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4625:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = strchr(url + strlen(LDAP_URL), '/'); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:4930:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). optval = optname + strlen(optname); /* empty */ data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5121:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(line) >= sizeof(buf) - 1) data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5132:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5154:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(line + 1, service, strlen(service)) == 0 && data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:5155:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line[strlen(service) + 1] == ']') data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:6270:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf = malloc(strlen(str) + 1); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:6757:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sizeof(qbuf) < (sizeof(query) + strlen(encoding))) data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:7007:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf.len += strlen(buf.data + buf.len); data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:7104:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!version || strlen(version) == 0) data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:7130:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (min == NULL || max == NULL || strlen(min) == 0 || strlen(max) == 0) data/postgresql-13-13.1/src/interfaces/libpq/fe-connect.c:7130:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (min == NULL || max == NULL || strlen(min) == 0 || strlen(max) == 0) data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:415:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msize += strlen(events[i].name) + 1; data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:648:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *space = (char *) pqResultAlloc(res, strlen(str) + 1, false); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:904:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res->errMsg = (char *) pqResultAlloc(res, strlen(msgBuf) + 2, false); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:1000:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(value) + 1, data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:1045:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(name) + strlen(value) + 2); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:1045:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(name) + strlen(value) + 2); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:1053:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen(name) + 1; data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:1607:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nbytes = strlen(paramValues[i]); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:2587:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return PQputnbytes(conn, s, strlen(s)); data/postgresql-13-13.1/src/interfaces/libpq/fe-exec.c:3763:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strtextlen = strlen((const char *) strtext); data/postgresql-13-13.1/src/interfaces/libpq/fe-gssapi-common.c:106:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxlen = NI_MAXHOST + strlen(conn->krbsrvname) + 2; data/postgresql-13-13.1/src/interfaces/libpq/fe-gssapi-common.c:116:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_gbuf.length = strlen(temp_gbuf.value); data/postgresql-13-13.1/src/interfaces/libpq/fe-lobj.c:737:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((nbytes = read(fd, buf, LO_BUFSIZE)) > 0) data/postgresql-13-13.1/src/interfaces/libpq/fe-misc.c:180:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pqPutMsgBytes(s, strlen(s) + 1, conn)) data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:86:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int fs_len = strlen(po->fieldSep); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:137:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = s ? strlen(s) : 0; data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:145:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total_line_length += nFields * strlen(po->fieldSep) + 1; data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:178:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(pagerenv, " \t\r\n") != strlen(pagerenv) && data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:235:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(s) + fs_len; data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:510:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int n = strlen(s); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:617:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fLength[j] = strlen(PQfname(res, j)); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:635:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fill(strlen(PQfname(res, i)), fLength[i], ' ', fp); data/postgresql-13-13.1/src/interfaces/libpq/fe-print.c:657:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fill(strlen(PQgetvalue(res, i, j)), fLength[j], ' ', fp); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:1131:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nmlen = strlen(conn->workBuffer.data); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:1604:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(startpacket->user, conn->pguser, SM_USER); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:1605:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(startpacket->database, conn->dbName, SM_DATABASE); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:1606:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(startpacket->tty, conn->pgtty, SM_TTY); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol2.c:1609:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(startpacket->options, conn->pgoptions, SM_OPTIONS); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:1195:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(wquery) + 1; data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:1440:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nmlen = strlen(svname); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:1441:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extralen = strlen(conn->workBuffer.data); data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:2169:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). packet_len += strlen(optname) + 1; \ data/postgresql-13-13.1/src/interfaces/libpq/fe-protocol3.c:2172:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). packet_len += strlen(optval) + 1; \ data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-common.c:45:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lenpat = strlen(pattern); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-common.c:46:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int lenstr = strlen(string); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-common.c:120:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (namelen != strlen(name)) data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:794:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(conn->sslcert && strlen(conn->sslcert) > 0) || data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:795:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !(conn->sslkey && strlen(conn->sslkey) > 0) || data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:796:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !(conn->sslrootcert && strlen(conn->sslrootcert) > 0) || data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:797:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !(conn->sslcrl && strlen(conn->sslcrl) > 0)) data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:834:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || (conn->sslpassword && strlen(conn->sslpassword) > 0)) data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:845:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(conn->ssl_min_protocol_version) != 0) data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:874:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(conn->ssl_max_protocol_version) != 0) data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:913:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (conn->sslrootcert && strlen(conn->sslrootcert) > 0) data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:939:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (conn->sslcrl && strlen(conn->sslcrl) > 0) data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:987:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (conn->sslcert && strlen(conn->sslcert) > 0) data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:1075:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (have_cert && conn->sslkey && strlen(conn->sslkey) > 0) data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:1717:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(conn->sslpassword) + 1 > size) data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:1719:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, conn->sslpassword, size); data/postgresql-13-13.1/src/interfaces/libpq/fe-secure-openssl.c:1721:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(buf); data/postgresql-13-13.1/src/interfaces/libpq/pqexpbuffer.c:371:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). appendBinaryPQExpBuffer(str, data, strlen(data)); data/postgresql-13-13.1/src/interfaces/libpq/win32.c:318:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offs = strlen(strerrbuf); data/postgresql-13-13.1/src/interfaces/libpq/win32.h:13:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define read(a,b,c) _read(a,b,c) data/postgresql-13-13.1/src/pl/plperl/plperl.c:1067:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(res); data/postgresql-13-13.1/src/pl/plperl/plperl.c:3125:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_verifymbstr(query, strlen(query), false); data/postgresql-13-13.1/src/pl/plperl/plperl.c:3396:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_verifymbstr(query, strlen(query), false); data/postgresql-13-13.1/src/pl/plperl/plperl.c:3610:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_verifymbstr(query, strlen(query), false); data/postgresql-13-13.1/src/pl/plperl/plperl.c:4062:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hkey = pg_server_to_any(key, strlen(key), PG_UTF8); data/postgresql-13-13.1/src/pl/plperl/plperl.c:4068:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hlen = -(int) strlen(hkey); data/postgresql-13-13.1/src/pl/plperl/plperl.c:4089:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hkey = pg_server_to_any(key, strlen(key), PG_UTF8); data/postgresql-13-13.1/src/pl/plperl/plperl.c:4092:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hlen = -(int) strlen(hkey); data/postgresql-13-13.1/src/pl/plperl/plperl_helpers.h:38:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = pg_server_to_any(str, strlen(str), PG_UTF8); data/postgresql-13-13.1/src/pl/plperl/ppport.h:5160:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); data/postgresql-13-13.1/src/pl/plperl/ppport.h:5168:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define sv_vcatpvf(sv, pat, args) sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)) data/postgresql-13-13.1/src/pl/plperl/ppport.h:5172:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define sv_vsetpvf(sv, pat, args) sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)) data/postgresql-13-13.1/src/pl/plperl/ppport.h:5192:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/postgresql-13-13.1/src/pl/plperl/ppport.h:5220:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/postgresql-13-13.1/src/pl/plperl/ppport.h:5241:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \ data/postgresql-13-13.1/src/pl/plperl/ppport.h:5263:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/postgresql-13-13.1/src/pl/plperl/ppport.h:5291:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/postgresql-13-13.1/src/pl/plperl/ppport.h:5312:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \ data/postgresql-13-13.1/src/pl/plperl/ppport.h:5360:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define HvNAMELEN_get(hv) (HvNAME_get(hv) ? (I32)strlen(HvNAME_get(hv)) : 0) data/postgresql-13-13.1/src/pl/plperl/ppport.h:6144:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). STRLEN len = strlen(radix); data/postgresql-13-13.1/src/pl/plperl/ppport.h:6728:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(buffer); data/postgresql-13-13.1/src/pl/plperl/ppport.h:6768:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). used = strlen(dst); data/postgresql-13-13.1/src/pl/plperl/ppport.h:6769:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(src); data/postgresql-13-13.1/src/pl/plperl/ppport.h:6798:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(src); data/postgresql-13-13.1/src/pl/plpgsql/src/pl_comp.c:2193:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(condname) == 5 && data/postgresql-13-13.1/src/pl/plpgsql/src/pl_funcs.c:100:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nse = palloc(offsetof(PLpgSQL_nsitem, name) + strlen(name) + 1); data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c:1640:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c:2406:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp2 = buf + strlen(buf); data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c:4000:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sqlstatestr) != 5) data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c:4587:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sqlstatestr) != 5) data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c:5177:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). check_sql_expr(expr->query, startlocation, strlen(sqlstart)); data/postgresql-13-13.1/src/pl/plpgsql/src/pl_gram.c:6269:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). argv[argpos] = item->query + strlen(sqlstart); data/postgresql-13-13.1/src/pl/plpgsql/src/pl_scanner.c:327:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). auxdata->leng = strlen(yytext); data/postgresql-13-13.1/src/pl/plpython/plpy_cursorobject.c:108:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_verifymbstr(query, strlen(query), false); data/postgresql-13-13.1/src/pl/plpython/plpy_elog.c:369:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buffer) == 5 && data/postgresql-13-13.1/src/pl/plpython/plpy_plpymodule.c:506:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sqlstatestr) != 5) data/postgresql-13-13.1/src/pl/plpython/plpy_plpymodule.c:529:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_verifymbstr(message, strlen(message), false); data/postgresql-13-13.1/src/pl/plpython/plpy_plpymodule.c:531:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_verifymbstr(detail, strlen(detail), false); data/postgresql-13-13.1/src/pl/plpython/plpy_plpymodule.c:533:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_verifymbstr(hint, strlen(hint), false); data/postgresql-13-13.1/src/pl/plpython/plpy_plpymodule.c:535:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_verifymbstr(schema_name, strlen(schema_name), false); data/postgresql-13-13.1/src/pl/plpython/plpy_plpymodule.c:537:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_verifymbstr(table_name, strlen(table_name), false); data/postgresql-13-13.1/src/pl/plpython/plpy_plpymodule.c:539:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_verifymbstr(column_name, strlen(column_name), false); data/postgresql-13-13.1/src/pl/plpython/plpy_plpymodule.c:541:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_verifymbstr(datatype_name, strlen(datatype_name), false); data/postgresql-13-13.1/src/pl/plpython/plpy_plpymodule.c:543:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_verifymbstr(constraint_name, strlen(constraint_name), false); data/postgresql-13-13.1/src/pl/plpython/plpy_procedure.c:442:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mlen = (strlen(src) * 2) + strlen(name) + 16; data/postgresql-13-13.1/src/pl/plpython/plpy_procedure.c:442:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mlen = (strlen(src) * 2) + strlen(name) + 16; data/postgresql-13-13.1/src/pl/plpython/plpy_spi.c:126:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_verifymbstr(query, strlen(query), false); data/postgresql-13-13.1/src/pl/plpython/plpy_spi.c:324:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_verifymbstr(query, strlen(query), false); data/postgresql-13-13.1/src/pl/plpython/plpy_typeio.c:1060:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(plrv_sc); data/postgresql-13-13.1/src/pl/plpython/plpy_util.c:53:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(utf8string), data/postgresql-13-13.1/src/pl/plpython/plpy_util.c:67:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rv = PyBytes_FromStringAndSize(encoded, strlen(encoded)); data/postgresql-13-13.1/src/pl/plpython/plpy_util.c:127:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return PLyUnicode_FromStringAndSize(s, strlen(s)); data/postgresql-13-13.1/src/pl/tcl/pltcl.c:77:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return pg_any_to_server(src, strlen(src), PG_UTF8); data/postgresql-13-13.1/src/pl/tcl/pltcl.c:83:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return pg_server_to_any(src, strlen(src), PG_UTF8); data/postgresql-13-13.1/src/pl/tcl/pltcl.c:1599:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(proc_internal_args, " "); data/postgresql-13-13.1/src/pl/tcl/pltcl.c:2751:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(nulls) != qdesc->nargs) data/postgresql-13-13.1/src/port/chklocale.c:271:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ln = strlen(codepage); data/postgresql-13-13.1/src/port/chklocale.c:414:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sys) == 0) data/postgresql-13-13.1/src/port/dirent.c:57:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d->dirname = malloc(strlen(dirname) + 4); data/postgresql-13-13.1/src/port/dirent.c:65:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (d->dirname[strlen(d->dirname) - 1] != '/' && data/postgresql-13-13.1/src/port/dirent.c:66:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d->dirname[strlen(d->dirname) - 1] != '\\') data/postgresql-13-13.1/src/port/dirent.c:67:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(d->dirname, "\\"); /* Append backslash if not already there */ data/postgresql-13-13.1/src/port/dirent.c:68:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(d->dirname, "*"); /* Search for entries named anything */ data/postgresql-13-13.1/src/port/dirent.c:107:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d->ret.d_namlen = strlen(d->ret.d_name); data/postgresql-13-13.1/src/port/dirmod.c:185:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(nativeTarget) * sizeof(WCHAR); data/postgresql-13-13.1/src/port/dirmod.c:333:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(buf, buf + 4, strlen(buf + 4) + 1); data/postgresql-13-13.1/src/port/getopt_long.c:108:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(longopts[i].name) == namelen data/postgresql-13-13.1/src/port/inet_net_ntop.c:51:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define SPRINTF(x) strlen(sprintf/**/x) data/postgresql-13-13.1/src/port/inet_net_ntop.c:272:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp += strlen(tp); data/postgresql-13-13.1/src/port/path.c:236:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(ret_path + strlen(ret_path), MAXPGPATH - strlen(ret_path), data/postgresql-13-13.1/src/port/path.c:236:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(ret_path + strlen(ret_path), MAXPGPATH - strlen(ret_path), data/postgresql-13-13.1/src/port/path.c:324:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(spath); data/postgresql-13-13.1/src/port/path.c:348:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(spath, "."); data/postgresql-13-13.1/src/port/path.c:382:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path_len = strlen(path); data/postgresql-13-13.1/src/port/path.c:440:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int path1_len = strlen(path1); data/postgresql-13-13.1/src/port/path.c:477:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(progname) > sizeof(EXE) - 1 && data/postgresql-13-13.1/src/port/path.c:478:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pg_strcasecmp(progname + strlen(progname) - (sizeof(EXE) - 1), EXE) == 0) data/postgresql-13-13.1/src/port/path.c:479:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). progname[strlen(progname) - (sizeof(EXE) - 1)] = '\0'; data/postgresql-13-13.1/src/port/path.c:561:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tail_len = strlen(bin_path) - prefix_len; data/postgresql-13-13.1/src/port/path.c:574:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tail_start = (int) strlen(ret_path) - tail_len; data/postgresql-13-13.1/src/port/path.c:661:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new = malloc(strlen(buf) + strlen(path) + 2); data/postgresql-13-13.1/src/port/path.c:661:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new = malloc(strlen(buf) + strlen(path) + 2); data/postgresql-13-13.1/src/port/path.c:878:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p = path + strlen(path) - 1; IS_DIR_SEP(*p) && p > path; p--) data/postgresql-13-13.1/src/port/path.c:904:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = path + strlen(path); data/postgresql-13-13.1/src/port/pg_strong_random.c:59:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). res = read(f, p, len); data/postgresql-13-13.1/src/port/pgmkdirp.c:71:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p) >= 2) data/postgresql-13-13.1/src/port/pgmkdirp.c:103:11: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). oumask = umask(0); data/postgresql-13-13.1/src/port/pgmkdirp.c:105:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). (void) umask(numask); data/postgresql-13-13.1/src/port/pgmkdirp.c:120:11: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). (void) umask(oumask); data/postgresql-13-13.1/src/port/pgmkdirp.c:145:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). (void) umask(oumask); data/postgresql-13-13.1/src/port/pread.c:56:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(fd, buf, size); data/postgresql-13-13.1/src/port/quotes.c:35:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(src), data/postgresql-13-13.1/src/port/snprintf.c:443:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostr(strvalue, strlen(strvalue), target); data/postgresql-13-13.1/src/port/snprintf.c:713:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dostr(errm, strlen(errm), target); data/postgresql-13-13.1/src/port/snprintf.c:982:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vallen = strlen(value); data/postgresql-13-13.1/src/port/sprompt.c:132:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(destination); data/postgresql-13-13.1/src/port/sprompt.c:143:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(buf); data/postgresql-13-13.1/src/port/strlcat.c:47:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (dlen + strlen(s)); data/postgresql-13-13.1/src/port/system.c:55:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cmdlen = strlen(command); data/postgresql-13-13.1/src/port/system.c:88:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cmdlen = strlen(command); data/postgresql-13-13.1/src/port/tar.c:117:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(filename) > 99) data/postgresql-13-13.1/src/port/tar.c:120:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (linktarget && strlen(linktarget) > 99) data/postgresql-13-13.1/src/port/tar.c:134:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int flen = strlen(filename); data/postgresql-13-13.1/src/port/unsetenv.c:41:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). envstr = (char *) malloc(strlen(name) + 2); data/postgresql-13-13.1/src/port/unsetenv.c:50:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(envstr, "="); data/postgresql-13-13.1/src/port/win32env.c:67:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cp)) data/postgresql-13-13.1/src/port/win32env.c:118:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). envbuf = (char *) malloc(strlen(name) + 2); data/postgresql-13-13.1/src/port/win32setlocale.c:136:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). match = strstr(match_start + strlen(needle_start), needle_end); data/postgresql-13-13.1/src/port/win32setlocale.c:138:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). match_end = match + strlen(needle_end); data/postgresql-13-13.1/src/port/win32setlocale.c:143:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). match_end = match_start + strlen(needle_start); data/postgresql-13-13.1/src/port/win32setlocale.c:150:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int replacementlen = strlen(replacement); data/postgresql-13-13.1/src/port/win32setlocale.c:152:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int restlen = strlen(rest); data/postgresql-13-13.1/src/test/examples/testlo.c:64:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((nbytes = read(fd, buf, BUFSIZE)) > 0) data/postgresql-13-13.1/src/test/examples/testlo64.c:64:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((nbytes = read(fd, buf, BUFSIZE)) > 0) data/postgresql-13-13.1/src/test/isolation/specparse.c:771:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define yystrlen strlen data/postgresql-13-13.1/src/test/isolation/specscanner.c:876:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (c = getc( yyin )) != EOF && c != '\n'; ++n ) \ data/postgresql-13-13.1/src/test/isolation/specscanner.c:1897:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return yy_scan_bytes( yystr, (int) strlen(yystr) ); data/postgresql-13-13.1/src/test/modules/ssl_passphrase_callback/ssl_passphrase_func.c:88:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(buf); data/postgresql-13-13.1/src/test/modules/test_bloomfilter/test_bloomfilter.c:41:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bloom_add_element(filter, (unsigned char *) element, strlen(element)); data/postgresql-13-13.1/src/test/modules/test_bloomfilter/test_bloomfilter.c:63:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(element))) data/postgresql-13-13.1/src/test/modules/test_integerset/test_integerset.c:152:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). patternlen = strlen(spec->pattern_str); data/postgresql-13-13.1/src/test/regress/pg_regress.c:452:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcat(string, dup + (ptr - string) + strlen(replace)); data/postgresql-13-13.1/src/test/regress/pg_regress.c:527:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(*name) < 8) data/postgresql-13-13.1/src/test/regress/pg_regress.c:529:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(*name + strlen(*name) - 7, ".source") != 0) data/postgresql-13-13.1/src/test/regress/pg_regress.c:535:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(prefix, strlen(*name) - 6, "%s", *name); data/postgresql-13-13.1/src/test/regress/pg_regress.c:629:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(buf); data/postgresql-13-13.1/src/test/regress/pg_regress.c:905:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wp = ret = realloc(ret, 3 + strlen(raw) * 2); data/postgresql-13-13.1/src/test/regress/pg_regress.c:1252:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(f)) != EOF) data/postgresql-13-13.1/src/test/regress/pg_regress.c:1303:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ssize = strlen(expectfile) + 2 + 1; data/postgresql-13-13.1/src/test/regress/pg_regress.c:1653:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(scbuf); data/postgresql-13-13.1/src/test/regress/pg_regress.c:2206:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg)) data/postgresql-13-13.1/src/test/regress/pg_regress.c:2610:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(buf); i > 0; i--) data/postgresql-13-13.1/src/test/regress/pg_regress.c:2613:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(buf); i > 0; i--) data/postgresql-13-13.1/src/test/regress/regress.c:417:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(query + strlen(query), "$%d%s", data/postgresql-13-13.1/src/timezone/localtime.c:235:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nread = read(fid, up->buf, sizeof up->buf); data/postgresql-13-13.1/src/timezone/localtime.c:447:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int tsabbrlen = strlen(tsabbr); data/postgresql-13-13.1/src/timezone/localtime.c:950:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stdlen = strlen(name); /* length of standard zone name */ data/postgresql-13-13.1/src/timezone/pgtz.c:54:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlcpy(tzdir + strlen(tzdir), "/timezone", MAXPGPATH - strlen(tzdir)); data/postgresql-13-13.1/src/timezone/pgtz.c:54:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlcpy(tzdir + strlen(tzdir), "/timezone", MAXPGPATH - strlen(tzdir)); data/postgresql-13-13.1/src/timezone/pgtz.c:85:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). orignamelen = fullnamelen = strlen(fullname); data/postgresql-13-13.1/src/timezone/pgtz.c:87:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fullnamelen + 1 + strlen(name) >= MAXPGPATH) data/postgresql-13-13.1/src/timezone/pgtz.c:125:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fnamelen = strlen(fname); data/postgresql-13-13.1/src/timezone/pgtz.c:131:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullnamelen += strlen(fullname + fullnamelen); data/postgresql-13-13.1/src/timezone/pgtz.c:169:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(direntry->d_name) == fnamelen && data/postgresql-13-13.1/src/timezone/pgtz.c:244:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > TZ_STRLEN_MAX) data/postgresql-13-13.1/src/timezone/pgtz.c:333:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(offsetstr + strlen(offsetstr), data/postgresql-13-13.1/src/timezone/pgtz.c:334:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(offsetstr) - strlen(offsetstr), data/postgresql-13-13.1/src/timezone/pgtz.c:338:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(offsetstr + strlen(offsetstr), data/postgresql-13-13.1/src/timezone/pgtz.c:339:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(offsetstr) - strlen(offsetstr), data/postgresql-13-13.1/src/timezone/pgtz.c:404:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret->baselen = strlen(startdir) + 1; data/postgresql-13-13.1/src/timezone/zic.c:661:2: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(umask(S_IWGRP | S_IWOTH) | (S_IWGRP | S_IWOTH)); data/postgresql-13-13.1/src/timezone/zic.c:661:8: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(umask(S_IWGRP | S_IWOTH) | (S_IWGRP | S_IWOTH)); data/postgresql-13-13.1/src/timezone/zic.c:963:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(directory); data/postgresql-13-13.1/src/timezone/zic.c:966:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). linksize = len + needslash + strlen(target) + 1; data/postgresql-13-13.1/src/timezone/zic.c:977:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). taillen = strlen(f + dir_len); data/postgresql-13-13.1/src/timezone/zic.c:1086:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(fp)) != EOF) data/postgresql-13-13.1/src/timezone/zic.c:1114:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n = strlen(name); data/postgresql-13-13.1/src/timezone/zic.c:1445:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t fieldlen = strlen(field); data/postgresql-13-13.1/src/timezone/zic.c:1509:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (max_abbrvar_len < strlen(r.r_abbrvar)) data/postgresql-13-13.1/src/timezone/zic.c:1510:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max_abbrvar_len = strlen(r.r_abbrvar); data/postgresql-13-13.1/src/timezone/zic.c:1625:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (max_format_len < strlen(z.z_format)) data/postgresql-13-13.1/src/timezone/zic.c:1626:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max_format_len = strlen(z.z_format); data/postgresql-13-13.1/src/timezone/zic.c:1845:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ep = dp + strlen(dp) - 1; data/postgresql-13-13.1/src/timezone/zic.c:2332:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). old0 = strlen(omittype); data/postgresql-13-13.1/src/timezone/zic.c:2425:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). thischarcnt += strlen(thisabbr) + 1; data/postgresql-13-13.1/src/timezone/zic.c:2656:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(abbr); data/postgresql-13-13.1/src/timezone/zic.c:2930:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(result + len); data/postgresql-13-13.1/src/timezone/zic.c:3723:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). array = emalloc(size_product(strlen(cp) + 1, sizeof *array)); data/postgresql-13-13.1/src/timezone/zic.c:3931:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(string) + 1; ANALYSIS SUMMARY: Hits = 7716 Lines analyzed = 1621072 in approximately 39.78 seconds (40750 lines/second) Physical Source Lines of Code (SLOC) = 1051014 Hits@level = [0] 4749 [1] 2083 [2] 4474 [3] 248 [4] 888 [5] 23 Hits@level+ = [0+] 12465 [1+] 7716 [2+] 5633 [3+] 1159 [4+] 911 [5+] 23 Hits/KSLOC@level+ = [0+] 11.86 [1+] 7.34148 [2+] 5.35959 [3+] 1.10274 [4+] 0.866782 [5+] 0.0218836 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.