Conversation
marco6
force-pushed
the
add-security-scan
branch
from
126981e to
d9c0116
Compare
Flawfinder scanTotal issues found: 337 (41 HIGH | 296 MEDIUM)DetailsAt
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n_filename = strlen(filename);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n_suffix = strlen(suffix);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(&f->header[8], &salt[0], sizeof salt[0]);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(&f->header[12], &salt[1], sizeof salt[1]);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(f->page, page, page_size);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *dbname = sqlite3_malloc((int)strlen(name) + 1);At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(dbname, name);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n = strlen(filename);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n -= strlen("-wal");At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n -= strlen("-journal");At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(database->name) == n &&At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(buf, f->database->wal.hdr, VFS__WAL_HEADER_SIZE);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(buf, f->database->wal.hdr + offset, (size_t)amount);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(buf, frame->header, (size_t)amount);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(buf, frame->header + 16, (size_t)amount);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(buf, frame->page, (size_t)amount);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(buf, frame->header, FORMAT__WAL_FRAME_HDR_SIZE);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(buf + FORMAT__WAL_FRAME_HDR_SIZE, frame->page,At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(f->database->wal.hdr, buf, (size_t)amount);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(frame->header, buf, FORMAT__WAL_FRAME_HDR_SIZE);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(frame->page, buf, (size_t)amount);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(buf, pgno == 1 ? page + offset : page, (size_t)amount);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(page, buf, (size_t)amount);At
integer/atoi:Unless checked, the resulting number can exceed the expected range (CWE-190). int page_size = atoi(right);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(region, f->mappedShmRegions.ptr[i], VFS__WAL_INDEX_REGION_SIZE);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(first_region_shared + headerSize, first_region_private + headerSize, VFS__WAL_INDEX_REGION_SIZE - headerSize);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(first_region_shared + VFS__WAL_INDEX_HEADER_SIZE, f->mappedShmRegions.ptr[0] + VFS__WAL_INDEX_HEADER_SIZE, VFS__WAL_INDEX_HEADER_SIZE);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(first_region_shared, f->mappedShmRegions.ptr[0], VFS__WAL_INDEX_HEADER_SIZE);At
integer/atoi:Unless checked, the resulting number can exceed the expected range (CWE-190). int page_size = atoi(right);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(*cursor, d->pages[i], page_size);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(*cursor, w->hdr, VFS__WAL_HEADER_SIZE);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(*cursor, frame->header, FORMAT__WAL_FRAME_HDR_SIZE);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(*cursor, frame->page, page_size);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(page, &data[offset], page_size);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(w->hdr, data, VFS__WAL_HEADER_SIZE);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(frame->header, p, VFS__FRAME_HEADER_SIZE);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(frame->page, p + VFS__FRAME_HEADER_SIZE, page_size);At
misc/open:Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDONLY);At
misc/open:Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0600);At
buffer/getenv:Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). const char *trace_level = getenv(LIBDQLITE_TRACE);At
integer/atoi:Unless checked, the resulting number can exceed the expected range (CWE-190). tracer__level = (unsigned)atoi(trace_level);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return p != NULL ? p + strlen(top_src_dir) : fname;At
format/fprintf:If format strings can be influenced by an attacker, they can be exploited (CWE-134). fprintf(stderr,At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char msg[1024];At
format/vsnprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). vsnprintf(msg, sizeof msg, fmt, args);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). db->filename = sqlite3_malloc((int)(strlen(filename) + 1));At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(db->filename, filename);At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). rv = snprintf(db->path, MAX_PATHNAME + 1, "%s/%s",At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). rv = snprintf(db->path, MAX_PATHNAME + 1, "%s", db->filename);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char pragma[255];At
buffer/sprintf:Does not check for buffer overflows (CWE-120). sprintf(pragma, "PRAGMA page_size=%d", db->config->page_size);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer__reset(&c->read);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buf->base = buffer__advance(&c->read, size);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer__close(&c->read);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cursor->p = buffer__cursor(&c->read, 0);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cursor->cap = buffer__offset(&c->read);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cursor.p = buffer__cursor(&c->read, 0);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cursor.cap = buffer__offset(&c->read);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cursor.p = buffer__cursor(&c->read, 0);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cursor.cap = buffer__offset(&c->read);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rv = buffer__init(&c->read);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer__close(&c->read);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char db_dir_path[1024];At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). rv = snprintf(db_dir_path, sizeof db_dir_path, DATABASE_DIR_FMT, dir);At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(d->errmsg, DQLITE_ERRMSG_BUF_SIZE,At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(d->errmsg, DQLITE_ERRMSG_BUF_SIZE,At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(d->errmsg, DQLITE_ERRMSG_BUF_SIZE,At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(d->errmsg, DQLITE_ERRMSG_BUF_SIZE,At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(d->errmsg, DQLITE_ERRMSG_BUF_SIZE, "raft_init(): %s",At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(d->errmsg, DQLITE_ERRMSG_BUF_SIZE, "sem_init(): %s",At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(d->errmsg, DQLITE_ERRMSG_BUF_SIZE, "sem_init(): %s",At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(d->errmsg, DQLITE_ERRMSG_BUF_SIZE, "sem_init(): %s",At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sz = ((int)strlen(address)) + 1; /* Room for '\0' */At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(t->bind_address, address);At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(d->errmsg, DQLITE_ERRMSG_BUF_SIZE,At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(d->errmsg, DQLITE_ERRMSG_BUF_SIZE, "raft_start(): %s",At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path[PATH_MAX];At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(path, sizeof(path), "%s/%s", dir, LOCK_FILENAME);At
misc/open:Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDWR|O_CREAT|O_CLOEXEC, S_IRUSR|S_IWUSR);At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(t->errmsg, DQLITE_ERRMSG_BUF_SIZE,At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(t->errmsg, DQLITE_ERRMSG_BUF_SIZE,At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(t->errmsg, DQLITE_ERRMSG_BUF_SIZE,At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(n->errmsg, DQLITE_ERRMSG_BUF_SIZE, "raft_recover(): %s",At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(new, cache->nodes, cache->len * sizeof *new);At
format/fprintf:If format strings can be influenced by an attacker, they can be exploited (CWE-134). k = fprintf(f, "%s\n", NODE_STORE_INFO_FORMAT_V1);At
format/fprintf:If format strings can be influenced by an attacker, they can be exploited (CWE-134). k = fprintf(f, "%s\n%" PRIu64 "\n%s\n",At
format/fprintf:If format strings can be influenced by an attacker, they can be exploited (CWE-134). k = fprintf(f, "%s\n%s\n%" PRIu64 "\n", NODE_STORE_INFO_FORMAT_V1,At
misc/open:Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). server->dir_fd = open(server->dir_path, O_RDONLY | O_DIRECTORY);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). struct buffer read; /* Read buffer */At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c->address = sqlite3_malloc((int)strlen(address) + 1);At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(c->address, address);At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). rv = snprintf(c->name, sizeof c->name, "dqlite-%u", serial);At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(c->raft_dir, sizeof(c->raft_dir), "%s", (raft_dir != NULL) ? raft_dir : "");At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(c->database_dir, sizeof(c->database_dir), "%s", database_dir);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(p, val->blob.base, val->blob.len);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(val, cursor.p, sizeof(*val));At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(fd, (char *)buf + (size_t)total,At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cursor.p = buffer__cursor(&c->read, 0);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cursor.cap = buffer__offset(&c->read);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rv = buffer__init(&c->read);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer__close(&c->read);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer__reset(&c->read);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). p = buffer__advance(&c->read, n);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer__reset(&c->read);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). p = buffer__advance(&c->read, n);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cursor.p = buffer__cursor(&c->read, 0); \At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cursor.cap = buffer__offset(&c->read); \At
misc/open:Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). REQUEST(open, OPEN, 0);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cursor.p = buffer__cursor(&c->read, 0);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cursor.cap = buffer__offset(&c->read);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(fs[i].blob, cursor.p, z);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). struct buffer read; /* Read buffer */At
misc/open:Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). X(open, OPEN, __VA_ARGS__) \At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t address_len = bytePad64(strlen(address) + 1);At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(cursor, address);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char hostname[NI_MAXHOST];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char service[NI_MAXSERV];At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(&entries[i], entryAt(l, i), sizeof *entries);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(block, buffer, 64);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(&s->buffer[j], data, (i = 64 - j));At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(&s->buffer[j], &data[i], len - i);At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(ERRMSG, RAFT_ERRMSG_BUF_SIZE, __VA_ARGS__)At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char _errmsg[RAFT_ERRMSG_BUF_SIZE]; \At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(ERRMSG2, ERRMSG1, RAFT_ERRMSG_BUF_SIZE); \At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(ERRMSG2, ERRMSG1, RAFT_ERRMSG_BUF_SIZE); \At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r->address = RaftHeapMalloc(strlen(address) + 1);At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(r->address, address);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). byteSha1Update(&sha1, (const uint8_t *)text, (uint32_t)strlen(text));At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(&digest, value + (sizeof value - sizeof digest), sizeof digest);At
random/random:This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). unsigned timeout = (unsigned)r->io->random(At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(TMP_FILE_PREFIX)) == 0) {At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(new_segments, &(*segments)[i],At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char snapshot_filename[UV__FILENAME_LEN];At
random/srand:This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). srand(seed);At
buffer/strncpy:Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(uv->dir, dir, sizeof(uv->dir) - 1);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t filename_len = strlen(filename);At
buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). matched = sscanf(filename, UV__SNAPSHOT_META_TEMPLATE "%n",At
buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). matched = sscanf(filename, UV__SNAPSHOT_TEMPLATE "%n", term,At
buffer/strncpy:Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(info->filename, filename, n);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(info->filename) - strlen(".meta");At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(info->filename) - strlen(".meta");At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(filename, info->filename);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char snapshot_filename[UV__FILENAME_LEN];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char sibling_filename[UV__FILENAME_LEN];At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). rv = snprintf(sibling_filename, UV__FILENAME_LEN,At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). rv = snprintf(sibling_filename, UV__FILENAME_LEN,At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char ignored[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename[UV__FILENAME_LEN];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename[UV__FILENAME_LEN];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char metadata[UV__FILENAME_LEN];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char snapshot[UV__FILENAME_LEN];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
format/sprintf:Potential format string problem (CWE-134). sprintf(metadata, UV__SNAPSHOT_META_TEMPLATE, put->snapshot->term,At
format/sprintf:Potential format string problem (CWE-134). sprintf(snapshot, UV__SNAPSHOT_TEMPLATE, put->snapshot->term,At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char hostname[NI_MAXHOST];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char service[NI_MAXSERV];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path[UV__PATH_SZ];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path[UV__PATH_SZ];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path[UV__PATH_SZ];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path[UV__PATH_SZ];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path[UV__PATH_SZ];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char tmp_filename[UV__FILENAME_LEN + 1] = {0};At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path[UV__PATH_SZ] = {0};At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char tmp_path[UV__PATH_SZ] = {0};At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). rv = snprintf(tmp_filename, sz, TMP_FILE_FMT, filename);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char ignored[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path[UV__PATH_SZ];At
misc/open:Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open:At
misc/open:Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). goto open;At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rv = read(fd, (char *)buf->base + offset, buf->len - offset);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path[UV__PATH_SZ];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path[UV__PATH_SZ];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path[UV__PATH_SZ];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path1[UV__PATH_SZ];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path2[UV__PATH_SZ];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path1[UV__PATH_SZ];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char path2[UV__PATH_SZ];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char ignored[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char ignored[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char msg[128];At
buffer/sprintf:Does not check for buffer overflows (CWE-120). sprintf(msg, "remote term %lld is higher than %lld -> bump local term",At
buffer/strcat:Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). strcat(msg, " and step down");At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RaftHeapMalloc(strlen(address) + 1);At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(r->follower_state.current_leader.address, address);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). (char *)bufs[i].base + src_offset, src_size, NULL);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define WRAP_SEP_LEN ((size_t)strlen(WRAP_SEP))At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix_n = strlen(format);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char dir[UV__DIR_LEN]; /* Data directory */At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename[UV__SEGMENT_FILENAME_BUF_SIZE]; /* Segment filename */At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename[UV__FILENAME_LEN];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char hostname[NI_MAXHOST];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char service[NI_MAXSERV];At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t->bind_address = raft_malloc(strlen(address) + 1);At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(t->bind_address, address);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename1[UV__FILENAME_LEN];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename2[UV__FILENAME_LEN];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
format/sprintf:Potential format string problem (CWE-134). sprintf(filename1, UV__OPEN_TEMPLATE, segment->counter);At
format/sprintf:Potential format string problem (CWE-134). sprintf(filename2, UV__CLOSED_TEMPLATE, segment->first_index,At
buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). matched = sscanf(filename, UV__CLOSED_TEMPLATE "%n", &info->first_index,At
buffer/sscanf:The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). sscanf(filename, UV__OPEN_TEMPLATE "%n", &info->counter, &consumed);At
buffer/strncpy:Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(info->filename, filename, n);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename[UV__SEGMENT_FILENAME_BUF_SIZE];At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). int nb = snprintf(filename, sizeof(filename),At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(info->filename, filename, (size_t)nb);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(base, b->arena.base, b->arena.len);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(cursor, entry->buf.base, entry->buf.len);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(b->arena.base, b->arena.base + retain * b->block_size,At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE] = {0};At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char new_filename[UV__FILENAME_LEN + 1] = {0};At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). rv = snprintf(new_filename, sz, CORRUPT_FILE_FMT, ns, info->filename);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename[UV__FILENAME_LEN];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
format/sprintf:Potential format string problem (CWE-134). sprintf(filename, UV__CLOSED_TEMPLATE, first_index, last_index);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename[UV__FILENAME_LEN];At
format/sprintf:Potential format string problem (CWE-134). sprintf(filename, UV__CLOSED_TEMPLATE, index, index);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename[UV__FILENAME_LEN];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
format/sprintf:Potential format string problem (CWE-134). sprintf(filename, UV__CLOSED_TEMPLATE, segment->first_index, index - 1);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c->address = RaftHeapMalloc(strlen(address) + 1);At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(c->address, address);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(filename) >= UV__FILENAME_LEN) {At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char msg[128];At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(msg, sizeof(msg), "uncommitted config change at index:%llu",At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(sb, &req.statbuf, sizeof *sb);At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(path, dir);At
buffer/strcat:Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). strcat(path, "/");At
buffer/strcat:Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). strcat(path, filename);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(dst->buf.base, src->buf.base, dst->buf.len);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy((*dst)[i].buf.base, src[i].buf.base, src[i].buf.len);At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(*p, value);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *p += strlen(value) + 1;At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). address_copy = raft_malloc(strlen(address) + 1);At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(address_copy, address);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n += strlen(server->address) + 1; /* Address */At
format/fprintf:If format strings can be influenced by an attacker, they can be exploited (CWE-134). #define DBG() fprintf(stderr, "%s:%d\n", __func__, __LINE__)At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[256]; /* Error description (for thread-safety) */At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rv = (int)read(w->event_fd, &completed, sizeof completed);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE]; /* Error of threadpool callback */At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename[UV__FILENAME_LEN]; /* Filename of the segment */At
format/sprintf:Potential format string problem (CWE-134). sprintf(segment->filename, UV__OPEN_TEMPLATE, segment->counter);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename[UV__FILENAME_LEN];At
format/sprintf:Potential format string problem (CWE-134). sprintf(filename, UV__OPEN_TEMPLATE, counter);At
format/sprintf:Potential format string problem (CWE-134). sprintf(filename, METADATA_FILENAME_PREFIX "%d", n);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename[METADATA_FILENAME_SIZE]; /* Filename of the metadata fileAt
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename[METADATA_FILENAME_SIZE]; /* Filename of the metadata fileAt
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s->address = RaftHeapMalloc(strlen(address) + 1);At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(s->address, address);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(cursor, src->bufs[i].base, src->bufs[i].len);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char address[16]; /* Server address (stringified ID). */At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(dst->data.base, src->data.base, src->data.len);At
format/fprintf:If format strings can be influenced by an attacker, they can be exploited (CWE-134). fprintf(stderr, "%d: %30s:%*d - %s\n", id, file, 3, line, message);At
buffer/sprintf:Does not check for buffer overflows (CWE-120). sprintf(s->address, "%llu", s->id);At
format/fprintf:If format strings can be influenced by an attacker, they can be exploited (CWE-134). fprintf(stderr,At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(buf.base, entry->buf.base, buf.len);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(*e) + 1;At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(copy, *e, len);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cluster[i].address = raft_malloc(strlen(server->address) + 1);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(cluster[i].address, server->address,At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(server->address) + 1);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). leader_addr = raft_malloc(strlen(borrowed_addr) + 1);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(leader_addr, borrowed_addr, strlen(borrowed_addr) + 1);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(leader_addr, borrowed_addr, strlen(borrowed_addr) + 1);At
misc/open:Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). START_V0(open, db);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(cur, data, n);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char filename[1024] = { 0 };At
buffer/strncpy:Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename, request.filename,At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sizeof(filename) - strlen(wal_suffix) - 1);At
buffer/strcat:Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). strcat(filename, wal_suffix);At
format/fprintf:If format strings can be influenced by an attacker, they can be exploited (CWE-134). #define DBG() fprintf(stderr, "%s:%d\n", __func__, __LINE__)At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char name[256]; /* VFS/replication registriatio name */At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char raft_dir[1024]; /* Directory used by raft */At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char database_dir[1024]; /* Data dir for on-disk database */At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[DQLITE_ERRMSG_BUF_SIZE]; /* Last error occurred */At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(*cursor, frames->pages[i], frames->page_size);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char buf[EMIT_BUF_LEN];At
buffer/sprintf:Does not check for buffer overflows (CWE-120). sprintf(cursor, "[DEBUG]: ");At
buffer/sprintf:Does not check for buffer overflows (CWE-120). sprintf(cursor, "[INFO ]: ");At
buffer/sprintf:Does not check for buffer overflows (CWE-120). sprintf(cursor, "[WARN ]: ");At
buffer/sprintf:Does not check for buffer overflows (CWE-120). sprintf(cursor, "[ERROR]: ");At
buffer/sprintf:Does not check for buffer overflows (CWE-120). sprintf(cursor, "[ ]: ");At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cursor = buf + strlen(buf);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = EMIT_BUF_LEN - strlen(buf) - 1;At
format/vsnprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). vsnprintf(cursor, n, fmt, args);At
format/fprintf:If format strings can be influenced by an attacker, they can be exploited (CWE-134). fprintf(stderr, "%s\n", buf);At
misc/open:Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). X(open, OPEN, __VA_ARGS__) \At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
input/recv:Function accepts input from outside program (CWE-20). raft_io_recv_cb recv);At
random/random:This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). int (*random)(struct raft_io *io, int min, int max);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char errmsg[RAFT_ERRMSG_BUF_SIZE];At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char name[SM_MAX_NAME_LENGTH];At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t input_len = strlen(input);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(addr_un->sun_path + 1, name, name_len);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(addr, res->ai_addr, res->ai_addrlen);At
buffer/char:Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). char v[SM_MAX_ATTR_LENGTH];At
format/vsnprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). vsnprintf(v, sizeof(v), fmt, ap);At
format/snprintf:If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). snprintf(m->name, SM_MAX_NAME_LENGTH, "%s", name);At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return BytePad64(strlen(*value) + 1);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(*cursor, &x, sizeof(uint16_t));At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(*cursor, &x, sizeof(uint32_t));At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(*cursor, &x, sizeof(uint64_t));At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(*cursor, &x, sizeof(int64_t));At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(*cursor, &x, sizeof(uint64_t));At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = BytePad64(strlen(*value) + 1);At
buffer/strcpy:Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). strcpy(*cursor, *value);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(*cursor, value->base, value->len);At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(value, cursor->p, sizeof(*value));At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(value, cursor->p, sizeof(*value));At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(value, cursor->p, sizeof(*value));At
buffer/memcpy:Does not check for buffer overflows when copying to destination (CWE-120). memcpy(value, cursor->p, sizeof(*value));At
buffer/strlen:Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = BytePad64(strlen(*value) + 1);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert(t->read.base != NULL);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert(t->read.len > 0);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). *buf = t->read;At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t->read.base = NULL;At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t->read.len = 0;At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert(n <= t->read.len);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t->read.base += n;At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t->read.len -= n;At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (t->read.len > 0) {At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t->read.base = NULL;At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). t->read.len = 0;At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert(t->read.base == NULL);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert(t->read.len == 0);At
buffer/read:Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uv_buf_t read; /* Read buffer */ |
marco6
force-pushed
the
add-security-scan
branch
from
d9c0116 to
e7af89e
Compare
marco6
force-pushed
the
master
branch
7 times, most recently
from
2ec54b4 to
3769fab
Compare
marco6
added
Maybe
2 participants
No description provided.