The following issues were found

src/os/win32/ngx_wsarecv_chain.c
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 84 Column: 14 CWE codes: 120 20 

              
    rc = WSARecv(c->fd, vec.elts, vec.nelts, &bytes, &flags, NULL, NULL);

    rev = c->read;

    if (rc == -1) {
        rev->ready = 0;
        err = ngx_socket_errno;

Reported by FlawFinder.

src/misc/ngx_google_perftools_module.c
1 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 104 Column: 9 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                      return NGX_OK;
    }

    if (getenv("CPUPROFILE")) {
        /* disable inherited Profiler enabled in master process */
        ProfilerStop();
    }

    ngx_sprintf(profile, "%V.%d%Z", &gptcf->profiles, ngx_pid);

Reported by FlawFinder.

src/os/unix/ngx_alloc.c
1 issues
memalign - On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct
Security

Line: 78 Column: 9 CWE codes: 676
Suggestion: Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient 

              {
    void  *p;

    p = memalign(alignment, size);
    if (p == NULL) {
        ngx_log_error(NGX_LOG_EMERG, log, ngx_errno,
                      "memalign(%uz, %uz) failed", alignment, size);
    }

Reported by FlawFinder.

src/http/modules/ngx_http_xslt_filter_module.c
1 issues
vsnprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 478 Column: 18 CWE codes: 134
Suggestion: Use a constant for the format specification 

                  buf[0] = '\0';

    va_start(args, msg);
    n = (size_t) vsnprintf((char *) buf, NGX_MAX_ERROR_STR, msg, args);
    va_end(args);

    while (--n && (buf[n] == CR || buf[n] == LF)) { /* void */ }

    ngx_log_error(NGX_LOG_ERR, ctx->request->connection->log, 0,

Reported by FlawFinder.

src/event/ngx_event_acceptex.c
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 166 Column: 18 CWE codes: 120 20 

              
        c->listening = ls;

        rev = c->read;
        wev = c->write;

        rev->ovlp.event = rev;
        wev->ovlp.event = wev;
        rev->handler = ngx_event_acceptex;

Reported by FlawFinder.

src/http/modules/ngx_http_ssi_filter_module.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 2732 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  ngx_http_ssi_ctx_t  *ctx;
    ngx_str_t           *timefmt;
    struct tm            tm;
    char                 buf[NGX_HTTP_SSI_DATE_LEN];

    v->valid = 1;
    v->no_cacheable = 0;
    v->not_found = 0;

Reported by FlawFinder.

src/http/modules/ngx_http_map_module.c
1 issues
Dangerous assignment - the function parameter is assigned the address of a local auto-variable. Local auto-variables are reserved from the stack which is freed when the function ends. So the pointer to a local variable is invalid after the function ends.
Error

Line: 273 CWE codes: 562 

              
    save = *cf;
    cf->pool = pool;
    cf->ctx = &ctx;
    cf->handler = ngx_http_map;
    cf->handler_conf = conf;

    rv = ngx_conf_parse(cf, NULL);

Reported by Cppcheck.

src/http/modules/ngx_http_grpc_module.c
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 1576 Column: 44 CWE codes: 120 20 

                          u->keepalive = 1;
        }

        ngx_post_event(u->peer.connection->read, &ngx_posted_events);
    }

    return rc;
}

Reported by FlawFinder.