Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/virtualpg-2.0.1/virtualpg.c Examining data/virtualpg-2.0.1/virtualpg.h FINAL RESULTS: data/virtualpg-2.0.1/virtualpg.c:306:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (new_buf, buf->Buffer); data/virtualpg-2.0.1/virtualpg.c:312:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (buf->Buffer + buf->WriteOffset, payload); data/virtualpg-2.0.1/virtualpg.c:847:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (clean, value); data/virtualpg-2.0.1/virtualpg.c:1552:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p_vt->pg_schema, pg_schema); data/virtualpg-2.0.1/virtualpg.c:1555:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p_vt->pg_table, pg_table); data/virtualpg-2.0.1/virtualpg.c:1591:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (*(p_vt->Column + r), col_name); data/virtualpg-2.0.1/virtualpg.c:1594:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (*(p_vt->Type + r), col_type); data/virtualpg-2.0.1/virtualpg.c:1734:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p_vt->pg_schema, pg_schema); data/virtualpg-2.0.1/virtualpg.c:1737:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (p_vt->pg_table, pg_table); data/virtualpg-2.0.1/virtualpg.c:1767:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (*(p_vt->Column + r), col_name); data/virtualpg-2.0.1/virtualpg.c:1770:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (*(p_vt->Type + r), col_type); data/virtualpg-2.0.1/virtualpg.c:1974:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (*(p_vt->PKstrings + k), value); data/virtualpg-2.0.1/virtualpg.c:651:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p->Text, value, size); data/virtualpg-2.0.1/virtualpg.c:973:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy[1024]; data/virtualpg-2.0.1/virtualpg.c:1011:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dummy, "%I64d", sqlite3_value_int64 (argv[c])); data/virtualpg-2.0.1/virtualpg.c:1013:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dummy, "%lld", sqlite3_value_int64 (argv[c])); data/virtualpg-2.0.1/virtualpg.c:1077:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const char *) data/virtualpg-2.0.1/virtualpg.c:1122:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy[1024]; data/virtualpg-2.0.1/virtualpg.c:1161:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dummy, "%I64d", sqlite3_value_int64 (argv[c2])); data/virtualpg-2.0.1/virtualpg.c:1163:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (dummy, "%lld", sqlite3_value_int64 (argv[c2])); data/virtualpg-2.0.1/virtualpg.c:1227:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const char *) data/virtualpg-2.0.1/virtualpg.c:1409:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi (vpgPQgetvalue (res, 0, 0)); data/virtualpg-2.0.1/virtualpg.c:1450:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[64]; data/virtualpg-2.0.1/virtualpg.c:1478:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. vtable = vpgDequoted ((char *) argv[2]); data/virtualpg-2.0.1/virtualpg.c:1479:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. conninfo = vpgDequoted ((char *) argv[3]); data/virtualpg-2.0.1/virtualpg.c:1480:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pg_schema = vpgDequoted ((char *) argv[4]); data/virtualpg-2.0.1/virtualpg.c:1481:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pg_table = vpgDequoted ((char *) argv[5]); data/virtualpg-2.0.1/virtualpg.c:1485:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *wr = vpgDequoted ((char *) argv[6]); data/virtualpg-2.0.1/virtualpg.c:1493:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *julian = vpgDequoted ((char *) argv[7]); data/virtualpg-2.0.1/virtualpg.c:1581:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max_size = atoi (vpgPQgetvalue (res, r, 2)); data/virtualpg-2.0.1/virtualpg.c:1649:8: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (prefix, ", "); data/virtualpg-2.0.1/virtualpg.c:283:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t size = strlen (payload); data/virtualpg-2.0.1/virtualpg.c:398:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = (strlen (value) - 1); i >= 0; i--) data/virtualpg-2.0.1/virtualpg.c:641:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int size = strlen (value); data/virtualpg-2.0.1/virtualpg.c:663:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (db, sql, strlen (sql), &stmt, NULL); data/virtualpg-2.0.1/virtualpg.c:674:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sqlite3_bind_text (stmt, 1, value, strlen (value), SQLITE_STATIC); data/virtualpg-2.0.1/virtualpg.c:700:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (db, sql, strlen (sql), &stmt, NULL); data/virtualpg-2.0.1/virtualpg.c:740:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (db, sql, strlen (sql), &stmt, NULL); data/virtualpg-2.0.1/virtualpg.c:780:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = sqlite3_prepare_v2 (db, sql, strlen (sql), &stmt, NULL); data/virtualpg-2.0.1/virtualpg.c:838:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (value); data/virtualpg-2.0.1/virtualpg.c:1550:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (pg_schema); data/virtualpg-2.0.1/virtualpg.c:1553:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (pg_table); data/virtualpg-2.0.1/virtualpg.c:1589:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (col_name); data/virtualpg-2.0.1/virtualpg.c:1592:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (col_type); data/virtualpg-2.0.1/virtualpg.c:1647:8: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy (prefix, "("); data/virtualpg-2.0.1/virtualpg.c:1732:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (pg_schema); data/virtualpg-2.0.1/virtualpg.c:1735:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (pg_table); data/virtualpg-2.0.1/virtualpg.c:1765:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (col_name); data/virtualpg-2.0.1/virtualpg.c:1768:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (col_type); data/virtualpg-2.0.1/virtualpg.c:1972:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (value); ANALYSIS SUMMARY: Hits = 50 Lines analyzed = 2510 in approximately 0.09 seconds (27991 lines/second) Physical Source Lines of Code (SLOC) = 2071 Hits@level = [0] 0 [1] 19 [2] 19 [3] 0 [4] 12 [5] 0 Hits@level+ = [0+] 50 [1+] 50 [2+] 31 [3+] 12 [4+] 12 [5+] 0 Hits/KSLOC@level+ = [0+] 24.1429 [1+] 24.1429 [2+] 14.9686 [3+] 5.7943 [4+] 5.7943 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.