The following issues were found

src/third_party/wiredtiger/src/os_win/os_path.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 44 Column: 9 CWE codes: 126 

                   * -- "C:tempdir\tmp.txt" refers to a file in a subdirectory to the
     *    current directory on drive C.
     */
    if (strlen(path) >= 3 && __wt_isalpha(path[0]) && path[1] == ':')
        path += 2;
    return (path[0] == '/' || path[0] == '\\');
}

/*

Reported by FlawFinder.

src/third_party/wiredtiger/src/os_win/os_mtx_cond.c
1 issues
InitializeCriticalSection - Exceptions can be thrown in low-memory situations
Security

Line: 22 Column: 5 CWE codes:
Suggestion: Use InitializeCriticalSectionAndSpinCount instead 

              
    WT_RET(__wt_calloc_one(session, &cond));

    InitializeCriticalSection(&cond->mtx);

    /* Initialize the condition variable to permit self-blocking. */
    InitializeConditionVariable(&cond->cond);

    cond->name = name;

Reported by FlawFinder.

src/third_party/wiredtiger/src/os_posix/os_snprintf.c
1 issues
vsnprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 21 Column: 16 CWE codes: 134
Suggestion: Use a constant for the format specification 

              {
    WT_DECL_RET;

    if ((ret = vsnprintf(buf, size, fmt, ap)) >= 0) {
        *retsizep += (size_t)ret;
        return (0);
    }
    return (__wt_errno());
}

Reported by FlawFinder.

src/third_party/wiredtiger/src/os_common/os_fstream_stdio.c
1 issues
vfprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 51 Column: 9 CWE codes: 134
Suggestion: Use a constant for the format specification 

              static int
__stdio_printf(WT_SESSION_IMPL *session, WT_FSTREAM *fs, const char *fmt, va_list ap)
{
    if (vfprintf(fs->fp, fmt, ap) >= 0)
        return (0);
    WT_RET_MSG(session, EIO, "%s: printf", fs->name);
}

/*

Reported by FlawFinder.

src/third_party/wiredtiger/src/optrack/optrack.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 28 Column: 36 CWE codes: 126 

                  conn = S2C(session);
    locked = false;

    WT_ERR(__wt_scr_alloc(session, strlen(func) + 32, &tmp));

    __wt_spin_lock(session, &conn->optrack_map_spinlock);
    locked = true;
    if (*func_idp == 0) {
        *func_idp = ++optrack_uid;

Reported by FlawFinder.

src/third_party/wiredtiger/src/lsm/lsm_stat.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 26 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  WT_LSM_TREE *lsm_tree;
    int64_t bloom_count;
    u_int i;
    char config[64];
    const char *cfg[] = {WT_CONFIG_BASE(session, WT_SESSION_open_cursor), NULL, NULL};
    const char *disk_cfg[] = {
      WT_CONFIG_BASE(session, WT_SESSION_open_cursor), "checkpoint=" WT_CHECKPOINT, NULL, NULL};
    bool locked;

Reported by FlawFinder.

src/third_party/wiredtiger/src/lsm/lsm_meta.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 344 Column: 43 CWE codes: 126 

                  WT_ERR(__wt_buf_catfmt(
      session, buf, ",bloom_oldest=%d", FLD_ISSET(lsm_tree->bloom, WT_LSM_BLOOM_OLDEST)));
    WT_ERR(__wt_buf_catfmt(session, buf, ",bloom_bit_count=%" PRIu32, lsm_tree->bloom_bit_count));
    if (lsm_tree->bloom_config != NULL && strlen(lsm_tree->bloom_config) > 0)
        WT_ERR(__wt_buf_catfmt(session, buf, ",bloom_config=(%s)", lsm_tree->bloom_config));
    else
        WT_ERR(__wt_buf_catfmt(session, buf, ",bloom_config="));
    WT_ERR(__wt_buf_catfmt(session, buf, ",bloom_hash_count=%" PRIu32, lsm_tree->bloom_hash_count));

Reported by FlawFinder.

src/third_party/wiredtiger/src/lsm/lsm_merge.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 334 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  uint32_t generation;
    u_int dest_id, end_chunk, i, nchunks, start_chunk, start_id, verb;
    int tret;
    const char *cfg[3];
    const char *drop_cfg[] = {WT_CONFIG_BASE(session, WT_SESSION_drop), "force", NULL};
    bool created_chunk, create_bloom, locked, in_sync;

    bloom = NULL;
    chunk = NULL;

Reported by FlawFinder.

src/third_party/wiredtiger/src/include/txn_inline.h
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 863 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  WT_RET(__wt_calloc(session, 1, WT_UPDATE_SIZE + (value == NULL ? 0 : value->size), &upd));
    if (value != NULL && value->size != 0) {
        upd->size = WT_STORE_SIZE(value->size);
        memcpy(upd->data, value->data, value->size);
    }
    upd->type = (uint8_t)modify_type;

    *updp = upd;
    if (sizep != NULL)

Reported by FlawFinder.

src/third_party/wiredtiger/src/include/reconcile_inline.h
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 264 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
    /* The data can be quite large -- call memcpy. */
    if (kv->buf.size != 0)
        memcpy(p, kv->buf.data, kv->buf.size);

    WT_ASSERT(session, kv->len == kv->cell_len + kv->buf.size);
    __wt_rec_incr(session, r, 1, kv->len);
}

Reported by FlawFinder.