The following issues were found

src/stream/ngx_stream_handler.c
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 176 Column: 14 CWE codes: 120 20 

                  s->start_sec = tp->sec;
    s->start_msec = tp->msec;

    rev = c->read;
    rev->handler = ngx_stream_session_handler;

    if (addr_conf->proxy_protocol) {
        c->log->action = "reading PROXY protocol";

Reported by FlawFinder.

src/os/win32/ngx_dlopen.h
1 issues
LoadLibrary - Ensure that the full path to the library is specified, or current directory may be used
Security

Line: 19 Column: 36 CWE codes: 829 20
Suggestion: Use LoadLibraryEx with one of the search flags, or call SetSearchPathMode to use a safe search path, or pass a full path to the library 

              #define NGX_HAVE_DLOPEN  1


#define ngx_dlopen(path)           LoadLibrary((char *) path)
#define ngx_dlopen_n               "LoadLibrary()"

#define ngx_dlsym(handle, symbol)  (void *) GetProcAddress(handle, symbol)
#define ngx_dlsym_n                "GetProcAddress()"

Reported by FlawFinder.

src/os/win32/ngx_event_log.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 23 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  HANDLE          ev;
    va_list         args;
    u_char          text[NGX_MAX_ERROR_STR];
    const char     *msgarg[9];
    static u_char   netmsg[] = "%SystemRoot%\\System32\\netmsg.dll";

    last = text + NGX_MAX_ERROR_STR;
    p = text + GetModuleFileName(NULL, (char *) text, NGX_MAX_ERROR_STR - 50);

Reported by FlawFinder.

src/os/win32/ngx_files.c
1 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 22 Column: 64 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              /* FILE_FLAG_BACKUP_SEMANTICS allows to obtain a handle to a directory */

ngx_fd_t
ngx_open_file(u_char *name, u_long mode, u_long create, u_long access)
{
    size_t      len;
    u_short    *u;
    ngx_fd_t    fd;
    ngx_err_t   err;

Reported by FlawFinder.

src/http/modules/ngx_http_charset_filter_module.c
1 issues
Dangerous assignment - the function parameter is assigned the address of a local auto-variable. Local auto-variables are reserved from the stack which is freed when the function ends. So the pointer to a local variable is invalid after the function ends.
Error

Line: 1285 CWE codes: 562 

                  ctx.characters = 0;

    pvcf = *cf;
    cf->ctx = &ctx;
    cf->handler = ngx_http_charset_map;
    cf->handler_conf = conf;

    rv = ngx_conf_parse(cf, NULL);

Reported by Cppcheck.

src/event/ngx_event_pipe.h
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 57 Column: 24 CWE codes: 120 20 

                  ngx_thread_task_t                *thread_task;
#endif

    unsigned           read:1;
    unsigned           cacheable:1;
    unsigned           single_buf:1;
    unsigned           free_bufs:1;
    unsigned           upstream_done:1;
    unsigned           upstream_error:1;

Reported by FlawFinder.

src/event/ngx_event_connect.c
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 186 Column: 14 CWE codes: 120 20 

              
    c->log_error = pc->log_error;

    rev = c->read;
    wev = c->write;

    rev->log = pc->log;
    wev->log = pc->log;

Reported by FlawFinder.

src/stream/ngx_stream_map_module.c
1 issues
Dangerous assignment - the function parameter is assigned the address of a local auto-variable. Local auto-variables are reserved from the stack which is freed when the function ends. So the pointer to a local variable is invalid after the function ends.
Error

Line: 272 CWE codes: 562 

              
    save = *cf;
    cf->pool = pool;
    cf->ctx = &ctx;
    cf->handler = ngx_stream_map;
    cf->handler_conf = conf;

    rv = ngx_conf_parse(cf, NULL);

Reported by Cppcheck.

src/core/ngx_open_file_cache.h
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 114 Column: 30 CWE codes: 120 20 

              
    /* ngx_connection_t stub to allow use c->fd as event ident */
    void                    *data;
    ngx_event_t             *read;
    ngx_event_t             *write;
    ngx_fd_t                 fd;

    ngx_cached_open_file_t  *file;
    ngx_open_file_cache_t   *cache;

Reported by FlawFinder.

src/core/ngx_config.h
1 issues
random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 57 Column: 34 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              #define ngx_signal_helper(n)     SIG##n
#define ngx_signal_value(n)      ngx_signal_helper(n)

#define ngx_random               random

/* TODO: #ifndef */
#define NGX_SHUTDOWN_SIGNAL      QUIT
#define NGX_TERMINATE_SIGNAL     TERM
#define NGX_NOACCEPT_SIGNAL      WINCH

Reported by FlawFinder.