The following issues were found

deps/jemalloc/include/jemalloc/internal/stats.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 24 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
/* Options for stats_print. */
extern bool opt_stats_print;
extern char opt_stats_print_opts[stats_print_tot_num_options+1];

/* Implements je_malloc_stats_print. */
void stats_print(void (*write_cb)(void *, const char *), void *cbopaque,
    const char *opts);

Reported by FlawFinder.

deps/jemalloc/include/jemalloc/internal/prof_externs.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 17 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              extern bool	opt_prof_final;       /* Final profile dumping. */
extern bool	opt_prof_leak;        /* Dump leak summary at exit. */
extern bool	opt_prof_accum;       /* Report cumulative bytes. */
extern char	opt_prof_prefix[
    /* Minimize memory bloat for non-prof builds. */
#ifdef JEMALLOC_PROF
    PATH_MAX +
#endif
    1];

Reported by FlawFinder.

deps/jemalloc/include/jemalloc/internal/malloc_io.h
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 93 Column: 19 CWE codes: 120 20 

              #if defined(JEMALLOC_USE_SYSCALL) && defined(SYS_read)
	long result = syscall(SYS_read, fd, buf, count);
#else
	ssize_t result = read(fd, buf,
#ifdef _WIN32
	    (unsigned int)
#endif
	    count);
#endif

Reported by FlawFinder.

deps/jemalloc/include/jemalloc/internal/jemalloc_internal_inlines_c.h
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 167 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	 * expectation that the extra bytes will be reliably preserved.
	 */
	copysize = (size < oldsize) ? size : oldsize;
	memcpy(p, ptr, copysize);
	isdalloct(tsdn, ptr, oldsize, tcache, NULL, true);
	return p;
}

JEMALLOC_ALWAYS_INLINE void *

Reported by FlawFinder.

src/connection.c
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 182 Column: 15 CWE codes: 120 20 

              }

static int connSocketRead(connection *conn, void *buf, size_t buf_len) {
    int ret = read(conn->fd, buf, buf_len);
    if (!ret) {
        conn->state = CONN_STATE_CLOSED;
    } else if (ret < 0 && errno != EAGAIN) {
        conn->last_errno = errno;

Reported by FlawFinder.

deps/jemalloc/include/jemalloc/internal/arena_stats.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 101 Column: 13 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              arena_stats_init(UNUSED tsdn_t *tsdn, arena_stats_t *arena_stats) {
	if (config_debug) {
		for (size_t i = 0; i < sizeof(arena_stats_t); i++) {
			assert(((char *)arena_stats)[i] == 0);
		}
	}
#ifndef JEMALLOC_ATOMIC_U64
	if (malloc_mutex_init(&arena_stats->mtx, "arena_stats",
	    WITNESS_RANK_ARENA_STATS, malloc_mutex_rank_exclusive)) {

Reported by FlawFinder.

deps/hiredis/sds.h
1 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 237 Column: 27 CWE codes: 134
Suggestion: Use a constant for the format specification 

              hisds hi_sdscatvprintf(hisds s, const char *fmt, va_list ap);
#ifdef __GNUC__
hisds hi_sdscatprintf(hisds s, const char *fmt, ...)
    __attribute__((format(printf, 2, 3)));
#else
hisds hi_sdscatprintf(hisds s, const char *fmt, ...);
#endif

hisds hi_sdscatfmt(hisds s, char const *fmt, ...);

Reported by FlawFinder.

src/childinfo.c
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 150 Column: 17 CWE codes: 120 20 

                  /* Do not overlap */
    if (server.child_info_nread == wlen) server.child_info_nread = 0;

    int nread = read(server.child_info_pipe[0], (char *)&buffer + server.child_info_nread, wlen - server.child_info_nread);
    if (nread > 0) {
        server.child_info_nread += nread;
    }

    /* We have complete child info */

Reported by FlawFinder.

src/intset.c
1 issues
srand - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 399 Column: 5 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

                  uint8_t success;
    int i;
    intset *is;
    srand(time(NULL));

    UNUSED(argc);
    UNUSED(argv);
    UNUSED(accurate);

Reported by FlawFinder.

src/blocked.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 359 Column: 52 CWE codes: 126 

                          struct redisCommand *cmd = where == ZSET_MIN ?
                                       server.zpopminCommand :
                                       server.zpopmaxCommand;
            argv[0] = createStringObject(cmd->name,strlen(cmd->name));
            argv[1] = rl->key;
            incrRefCount(rl->key);
            propagate(cmd,receiver->db->id,
                      argv,2,PROPAGATE_AOF|PROPAGATE_REPL);
            decrRefCount(argv[0]);

Reported by FlawFinder.