Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ruby-pg-1.2.3/ext/pg_type_map_by_mri_type.c
Examining data/ruby-pg-1.2.3/ext/pg_coder.c
Examining data/ruby-pg-1.2.3/ext/pg_connection.c
Examining data/ruby-pg-1.2.3/ext/pg_result.c
Examining data/ruby-pg-1.2.3/ext/pg_type_map_by_class.c
Examining data/ruby-pg-1.2.3/ext/pg_type_map_all_strings.c
Examining data/ruby-pg-1.2.3/ext/gvl_wrappers.c
Examining data/ruby-pg-1.2.3/ext/pg_binary_encoder.c
Examining data/ruby-pg-1.2.3/ext/pg_util.c
Examining data/ruby-pg-1.2.3/ext/pg_binary_decoder.c
Examining data/ruby-pg-1.2.3/ext/pg_type_map_in_ruby.c
Examining data/ruby-pg-1.2.3/ext/pg_errors.c
Examining data/ruby-pg-1.2.3/ext/pg_type_map_by_column.c
Examining data/ruby-pg-1.2.3/ext/pg_text_encoder.c
Examining data/ruby-pg-1.2.3/ext/pg_record_coder.c
Examining data/ruby-pg-1.2.3/ext/pg.h
Examining data/ruby-pg-1.2.3/ext/gvl_wrappers.h
Examining data/ruby-pg-1.2.3/ext/pg_util.h
Examining data/ruby-pg-1.2.3/ext/pg.c
Examining data/ruby-pg-1.2.3/ext/pg_copy_coder.c
Examining data/ruby-pg-1.2.3/ext/pg_type_map.c
Examining data/ruby-pg-1.2.3/ext/pg_tuple.c
Examining data/ruby-pg-1.2.3/ext/pg_text_decoder.c
Examining data/ruby-pg-1.2.3/ext/pg_type_map_by_oid.c
FINAL RESULTS:
data/ruby-pg-1.2.3/ext/pg_connection.c:679:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return INT2NUM(atol(port));
data/ruby-pg-1.2.3/ext/pg_connection.c:997:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[0];
data/ruby-pg-1.2.3/ext/pg_connection.c:1050:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memory_pool[QUERYDATA_BUFFER_SIZE];
data/ruby-pg-1.2.3/ext/pg_connection.c:2172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[256];
data/ruby-pg-1.2.3/ext/pg_copy_coder.c:216:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( current_out, RSTRING_PTR(this->null_string), RSTRING_LEN(this->null_string) );
data/ruby-pg-1.2.3/ext/pg_result.c:249:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, this, len);
data/ruby-pg-1.2.3/ext/pg_text_decoder.c:813:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[16];
data/ruby-pg-1.2.3/ext/pg_text_decoder.c:814:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ruby-pg-1.2.3/ext/pg_text_decoder.c:825:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, val, len-2);
data/ruby-pg-1.2.3/ext/pg_text_decoder.c:830:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, val, len-3);
data/ruby-pg-1.2.3/ext/pg_text_decoder.c:835:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, val, len-4);
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:243:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( out, "-Infinity", 9);
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:246:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( out, "Infinity", 8);
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:250:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( out, "NaN", 3);
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:464:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p_out, p_in, strlen );
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:489:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( current_out, RSTRING_PTR(subint), strlen );
data/ruby-pg-1.2.3/ext/pg_type_map_by_column.c:43:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( p_new_typemap, this, struct_size );
data/ruby-pg-1.2.3/ext/pg_binary_encoder.c:106:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int strlen;
data/ruby-pg-1.2.3/ext/pg_binary_encoder.c:114:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen = base64_decode( out, out, strlen );
data/ruby-pg-1.2.3/ext/pg_binary_encoder.c:116:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen;
data/ruby-pg-1.2.3/ext/pg_binary_encoder.c:126:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_str = rb_str_new(NULL, BASE64_DECODED_SIZE(strlen));
data/ruby-pg-1.2.3/ext/pg_binary_encoder.c:128:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen = base64_decode( RSTRING_PTR(out_str), RSTRING_PTR(subint), strlen);
data/ruby-pg-1.2.3/ext/pg_binary_encoder.c:129:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb_str_set_len( out_str, strlen );
data/ruby-pg-1.2.3/ext/pg_binary_encoder.c:136:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return BASE64_DECODED_SIZE(strlen);
data/ruby-pg-1.2.3/ext/pg_copy_coder.c:201:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int strlen;
data/ruby-pg-1.2.3/ext/pg_copy_coder.c:231:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PG_RB_STR_ENSURE_CAPA( *intermediate, strlen * 2, current_out, end_capa_ptr );
data/ruby-pg-1.2.3/ext/pg_copy_coder.c:234:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(ptr1 = RSTRING_PTR(subint); ptr1 < RSTRING_PTR(subint) + strlen; ptr1++) {
data/ruby-pg-1.2.3/ext/pg_copy_coder.c:244:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PG_RB_STR_ENSURE_CAPA( *intermediate, strlen * 2, current_out, end_capa_ptr );
data/ruby-pg-1.2.3/ext/pg_copy_coder.c:250:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr2 = current_out + strlen;
data/ruby-pg-1.2.3/ext/pg_copy_coder.c:260:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr1 = current_out + strlen;
data/ruby-pg-1.2.3/ext/pg_record_coder.c:171:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int strlen;
data/ruby-pg-1.2.3/ext/pg_record_coder.c:199:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PG_RB_STR_ENSURE_CAPA( *intermediate, strlen * 2 + 2, current_out, end_capa_ptr );
data/ruby-pg-1.2.3/ext/pg_record_coder.c:203:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(ptr1 = RSTRING_PTR(subint); ptr1 < RSTRING_PTR(subint) + strlen; ptr1++) {
data/ruby-pg-1.2.3/ext/pg_record_coder.c:213:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
PG_RB_STR_ENSURE_CAPA( *intermediate, strlen * 2 + 2, current_out, end_capa_ptr );
data/ruby-pg-1.2.3/ext/pg_record_coder.c:220:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr2 = current_out + strlen;
data/ruby-pg-1.2.3/ext/pg_record_coder.c:230:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr1 = current_out + strlen;
data/ruby-pg-1.2.3/ext/pg_result.c:423:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname = rb_check_symbol_cstr(cstr, strlen(cstr), enc);
data/ruby-pg-1.2.3/ext/pg_result.c:432:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname = ID2SYM(rb_intern3(cstr, strlen(cstr), enc));
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:396:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *eptr = iptr + strlen;
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:414:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
typedef int (*t_quote_func)( void *_this, char *p_in, int strlen, char *p_out );
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:417:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
quote_array_buffer( void *_this, char *p_in, int strlen, char *p_out ){
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:427:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen == 4 && rbpg_strncasecmp(p_in, "NULL", strlen) == 0)
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:433:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(ptr1 = p_in; ptr1 != p_in + strlen; ptr1++) {
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:446:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr1 = p_in + strlen;
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:464:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy( p_out, p_in, strlen );
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:465:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen;
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:472:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int strlen;
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:484:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_out = pg_rb_str_ensure_capa( string, strlen * 2 + 2, current_out, NULL );
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:486:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_out += quote_buffer( func_data, RSTRING_PTR(subint), strlen, current_out );
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:488:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_out = pg_rb_str_ensure_capa( string, strlen, current_out, NULL );
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:489:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy( current_out, RSTRING_PTR(subint), strlen );
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:490:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_out += strlen;
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:504:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_out += quote_buffer( func_data, current_out, strlen, current_out );
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:507:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_out = pg_rb_str_ensure_capa( string, strlen, current_out, NULL );
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:589:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p_inend = p_in + strlen;
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:673:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
quote_literal_buffer( void *_this, char *p_in, int strlen, char *p_out ){
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:679:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(ptr1 = p_in; ptr1 != p_in + strlen; ptr1++) {
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:685:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr1 = p_in + strlen;
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:741:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int strlen;
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:749:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base64_encode( out, out, strlen );
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:751:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return BASE64_ENCODED_SIZE(strlen);
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:761:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out_str = rb_str_new(NULL, BASE64_ENCODED_SIZE(strlen));
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:764:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
base64_encode( RSTRING_PTR(out_str), RSTRING_PTR(subint), strlen);
data/ruby-pg-1.2.3/ext/pg_text_encoder.c:771:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return BASE64_ENCODED_SIZE(strlen);
data/ruby-pg-1.2.3/ext/pg_util.h:57:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define BASE64_ENCODED_SIZE(strlen) (((strlen) + 2) / 3 * 4)
data/ruby-pg-1.2.3/ext/pg_util.h:57:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define BASE64_ENCODED_SIZE(strlen) (((strlen) + 2) / 3 * 4)
ANALYSIS SUMMARY:
Hits = 66
Lines analyzed = 13778 in approximately 0.37 seconds (37478 lines/second)
Physical Source Lines of Code (SLOC) = 7771
Hits@level = [0] 0 [1] 49 [2] 17 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 66 [1+] 66 [2+] 17 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 8.49312 [1+] 8.49312 [2+] 2.18762 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.