The following issues were found

src/third_party/wiredtiger/src/include/os_fstream_inline.h
1 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 60 Column: 33 CWE codes: 134
Suggestion: Use a constant for the format specification 

               */
static inline int
__wt_fprintf(WT_SESSION_IMPL *session, WT_FSTREAM *fstr, const char *fmt, ...)
  WT_GCC_FUNC_ATTRIBUTE((format(printf, 3, 4)))
{
    WT_DECL_RET;
    va_list ap;

    va_start(ap, fmt);

Reported by FlawFinder.

src/third_party/wiredtiger/src/include/os_fhandle_inline.h
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 166 Column: 52 CWE codes: 126 

              
    WT_ASSERT(session,
      !F_ISSET(S2C(session), WT_CONN_READONLY) ||
        WT_STRING_MATCH(fh->name, WT_SINGLETHREAD, strlen(WT_SINGLETHREAD)));

    __wt_verbose(session, WT_VERB_HANDLEOPS, "%s: handle-write: %" WT_SIZET_FMT " at %" PRIuMAX,
      fh->handle->name, len, (uintmax_t)offset);

    /*

Reported by FlawFinder.

src/third_party/wiredtiger/src/include/hardware.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 78 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #define WT_CACHE_LINE_PAD_END                \
    }                                        \
    ;                                        \
    char __padding[WT_CACHE_LINE_ALIGNMENT]; \
    }                                        \
    ;

Reported by FlawFinder.

src/third_party/wiredtiger/src/include/cursor_inline.h
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 511 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  WT_ASSERT(session, cbt->row_key->size >= key_prefix);
    cbt->row_key->size = key_prefix;
    WT_RET(__wt_buf_grow(session, cbt->row_key, key_prefix + key_size));
    memcpy((uint8_t *)cbt->row_key->data + key_prefix, key_data, key_size);
    cbt->row_key->size = key_prefix + key_size;

    if (0) {
slow: /*
       * Call __wt_row_leaf_key_work() instead of __wt_row_leaf_key(): we already did the

Reported by FlawFinder.

src/third_party/wiredtiger/src/include/capacity.h
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 50 Column: 14 CWE codes: 120 20 

                  uint64_t ckpt;      /* Bytes/sec checkpoint capacity */
    uint64_t evict;     /* Bytes/sec eviction capacity */
    uint64_t log;       /* Bytes/sec logging capacity */
    uint64_t read;      /* Bytes/sec read capacity */
    uint64_t total;     /* Bytes/sec total capacity */
    uint64_t threshold; /* Capacity size period */

    volatile uint64_t written; /* Written this period */
    volatile bool signalled;   /* Capacity signalled */

Reported by FlawFinder.

src/third_party/wiredtiger/src/include/buf_inline.h
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 96 Column: 43 CWE codes: 126 

              static inline int
__wt_buf_setstr(WT_SESSION_IMPL *session, WT_ITEM *buf, const char *s)
{
    return (__wt_buf_set(session, buf, s, strlen(s) + 1));
}

/*
 * __wt_buf_free --
 *     Free a buffer.

Reported by FlawFinder.

src/third_party/wiredtiger/src/history/hs_rec.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 827 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #ifdef HAVE_DIAGNOSTIC
    int cmp;
#endif
    char ts_string[5][WT_TS_INT_STRING_SIZE];

    hs_insert_cursor = NULL;
    hs_cbt = __wt_curhs_get_cbt(hs_cursor);
    WT_CLEAR(hs_key);
    WT_CLEAR(hs_value);

Reported by FlawFinder.

src/third_party/wiredtiger/src/cursor/cur_file.c
1 issues
There is an unknown macro here somewhere. Configuration is required. If WT_STAT_USECS_HIST_INCR_FUNC is a macro then please configure it.
Error

Line: 15 

               * Define functions that increment histogram statistics for cursor read and write operations
 * latency.
 */
WT_STAT_USECS_HIST_INCR_FUNC(opread, perf_hist_opread_latency, 100)
WT_STAT_USECS_HIST_INCR_FUNC(opwrite, perf_hist_opwrite_latency, 100)

/*
 * __curfile_compare --
 *     WT_CURSOR->compare method for the btree cursor type.

Reported by Cppcheck.

src/third_party/wiredtiger/src/cursor/cur_dump.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 407 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  WT_CURSOR_JSON *json;
    WT_DECL_RET;
    WT_SESSION_IMPL *session;
    const char *cfg[2];

    WT_STATIC_ASSERT(offsetof(WT_CURSOR_DUMP, iface) == 0);

    session = (WT_SESSION_IMPL *)child->session;

Reported by FlawFinder.

src/third_party/wiredtiger/src/conn/api_strerror.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 70 Column: 12 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              const char *
wiredtiger_strerror(int error)
{
    static char buf[128];

    return (__wt_strerror(NULL, error, buf, sizeof(buf)));
}

Reported by FlawFinder.