The following issues were found

libnetdata/avl/avl.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 50 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  avl_t *w;     /* New root of rebalanced subtree. */
    unsigned char dir; /* Direction to descend. */

    unsigned char da[AVL_MAX_HEIGHT]; /* Cached comparison results. */
    int k = 0;              /* Number of cached results. */

    // assert(tree != NULL && item != NULL);

    z = (avl_t *) &tree->root;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 142 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              avl_t *avl_remove(avl_tree_type *tree, avl_t *item) {
    /* Stack of nodes. */
    avl_t *pa[AVL_MAX_HEIGHT]; /* Nodes. */
    unsigned char da[AVL_MAX_HEIGHT];    /* |avl_link[]| indexes. */
    int k;                               /* Stack pointer. */

    avl_t *p;   /* Traverses tree to find node to delete. */
    int cmp;              /* Result of comparison between |item| and |p|. */

Reported by FlawFinder.

libnetdata/buffer/buffer.c
2 issues
strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 10 Column: 5 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              static inline void buffer_overflow_init(BUFFER *b)
{
    b->buffer[b->size] = '\0';
    strcpy(&b->buffer[b->size + 1], BUFFER_OVERFLOW_EOF);
}

#ifdef NETDATA_INTERNAL_CHECKS
#define buffer_overflow_check(b) _buffer_overflow_check(b, __FILE__, __FUNCTION__, __LINE__)
#else

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 151 Column: 15 CWE codes: 126 

              
    if(*txt) {
        debug(D_WEB_BUFFER, "strcat(): increasing web_buffer at position %zu, size = %zu\n", wb->len, wb->size);
        len = strlen(txt);
        buffer_increase(wb, len);
        buffer_strcat(wb, txt);
    }
    else {
        // terminate the string

Reported by FlawFinder.

libnetdata/dictionary/dictionary.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 93 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      nv->value = value;
    else {
        nv->value = mallocz(value_len);
        memcpy(nv->value, value, value_len);
    }

    // index it
    NETDATA_DICTIONARY_STATS_INSERTS_PLUS1(dict);
    if(unlikely(avl_insert(&((dict)->values_index), (avl_t *)(nv)) != (avl_t *)nv))

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 203 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                          void *new = mallocz(value_len),
                    *old = nv->value;

            memcpy(new, value, value_len);
            nv->value = new;

            debug(D_REGISTRY, "Dictionary: freeing old value of '%s'", name);
            freez(old);
        }

Reported by FlawFinder.

collectors/ebpf.plugin/ebpf_dcstat.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 6 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #include "ebpf.h"
#include "ebpf_dcstat.h"

static char *dcstat_counter_dimension_name[NETDATA_DCSTAT_IDX_END] = { "ratio", "reference", "slow", "miss" };
static netdata_syscall_stat_t dcstat_counter_aggregated_data[NETDATA_DCSTAT_IDX_END];
static netdata_publish_syscall_t dcstat_counter_publish_aggregated[NETDATA_DCSTAT_IDX_END];

static ebpf_data_t dcstat_data;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 237 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

               */
static inline void dcstat_save_pid_values(netdata_publish_dcstat_t *out, netdata_dcstat_pid_t *publish)
{
    memcpy(&out->curr, &publish[0], sizeof(netdata_dcstat_pid_t));
}

/**
 * Fill PID
 *

Reported by FlawFinder.

libnetdata/json/json.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 26 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
typedef struct json_entry {
    JSON_ENTRY_TYPE type;
    char name[JSON_NAME_LEN + 1];
    char fullname[JSON_FULLNAME_LEN + 1];
    union {
        char *string;			// type == JSON_STRING
        long double number;		// type == JSON_NUMBER
        int boolean;			// type == JSON_BOOLEAN

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 27 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              typedef struct json_entry {
    JSON_ENTRY_TYPE type;
    char name[JSON_NAME_LEN + 1];
    char fullname[JSON_FULLNAME_LEN + 1];
    union {
        char *string;			// type == JSON_STRING
        long double number;		// type == JSON_NUMBER
        int boolean;			// type == JSON_BOOLEAN
        size_t items;			// type == JSON_ARRAY

Reported by FlawFinder.

libnetdata/procfile/procfile.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 50 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              } PF_CHAR_TYPE;

typedef struct {
    char filename[FILENAME_MAX + 1]; // not populated until profile_filename() is called

    uint32_t flags;
    int fd;               // the file descriptor
    size_t len;           // the bytes we have placed into data
    size_t size;          // the bytes we have allocated for data

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 79 Column: 63 CWE codes: 362 

              extern void procfile_print(procfile *ff);

extern void procfile_set_quotes(procfile *ff, const char *quotes);
extern void procfile_set_open_close(procfile *ff, const char *open, const char *close);

extern char *procfile_filename(procfile *ff);

// ----------------------------------------------------------------------------

Reported by FlawFinder.

parser/parser.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 245 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              inline int parser_action(PARSER *parser, char *input)
{
    PARSER_RC   rc = PARSER_RC_OK;
    char *words[PLUGINSD_MAX_WORDS] = { NULL };
    char command[PLUGINSD_LINE_MAX];
    keyword_function action_function;
    keyword_function *action_function_list = NULL;

    if (unlikely(!parser))

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 246 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
    PARSER_RC   rc = PARSER_RC_OK;
    char *words[PLUGINSD_MAX_WORDS] = { NULL };
    char command[PLUGINSD_LINE_MAX];
    keyword_function action_function;
    keyword_function *action_function_list = NULL;

    if (unlikely(!parser))
        return 1;

Reported by FlawFinder.

collectors/cgroups.plugin/tests/test_cgroups_plugin.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 20 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  struct k8s_test_data {
        char *data;
        char *name;
        char *key[3];
        char *value[3];
    };

    struct k8s_test_data test_data[] = {
        // One label

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 21 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      char *data;
        char *name;
        char *key[3];
        char *value[3];
    };

    struct k8s_test_data test_data[] = {
        // One label
        { .data = "name label1=\"value1\"",

Reported by FlawFinder.

registry/registry_person.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 24 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  uint32_t last_t;            // the last time we saw this
    uint32_t usages;            // how many times this has been accessed

    char machine_name[1];       // the name of the machine, as known by the user
    // dynamically allocated to fit properly
};
typedef struct registry_person_url REGISTRY_PERSON_URL;

// A person

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 31 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
// A person
struct registry_person {
    char guid[GUID_LEN + 1];    // the person GUID

    avl_tree_type person_urls;  // dictionary of PERSON_URLs

    uint32_t first_t;           // the first time we saw this
    uint32_t last_t;            // the last time we saw this

Reported by FlawFinder.

spawn/spawn_client.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 11 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static uv_loop_t *loop;
uv_async_t spawn_async;

static char prot_buffer[MAX_COMMAND_LENGTH];
static unsigned prot_buffer_len = 0;

static void async_cb(uv_async_t *handle)
{
    uv_stop(handle->loop);

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 151 Column: 41 CWE codes: 126 

              
    write_ctx->header.opcode = SPAWN_PROT_EXEC_CMD;
    write_ctx->header.handle = cmdinfo;
    write_ctx->payload.command_length = strlen(cmdinfo->command_to_run);

    writebuf[0] = uv_buf_init((char *)&write_ctx->header, sizeof(write_ctx->header));
    writebuf[1] = uv_buf_init((char *)&write_ctx->payload, sizeof(write_ctx->payload));
    writebuf[2] = uv_buf_init((char *)cmdinfo->command_to_run, write_ctx->payload.command_length);

Reported by FlawFinder.