The following issues were found
registry/registry_machine.h
1 issues
Line: 25
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// A machine
struct registry_machine {
char guid[GUID_LEN + 1]; // the GUID
uint32_t links; // the number of REGISTRY_PERSON_URL linked to this machine
DICTIONARY *machine_urls; // MACHINE_URL *
Reported by FlawFinder.
collectors/proc.plugin/proc_loadavg.c
1 issues
Line: 17
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static usec_t next_loadavg_dt = 0;
if(unlikely(!ff)) {
char filename[FILENAME_MAX + 1];
snprintfz(filename, FILENAME_MAX, "%s%s", netdata_configured_host_prefix, "/proc/loadavg");
ff = procfile_open(config_get(CONFIG_SECTION_PLUGIN_PROC_LOADAVG, "filename to monitor", filename), " \t,:|/", PROCFILE_FLAG_DEFAULT);
if(unlikely(!ff))
return 1;
Reported by FlawFinder.
collectors/python.d.plugin/python_modules/pyyaml2/scanner.py
1 issues
Line: 1428
Column: 35
self.forward(2)
try:
value = unicode(''.join(bytes), 'utf-8')
except UnicodeDecodeError, exc:
raise ScannerError("while scanning a %s" % name, start_mark, str(exc), mark)
return value
def scan_line_break(self):
# Transforms:
Reported by Pylint.
registry/registry_url.c
1 issues
Line: 30
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
debug(D_REGISTRY, "Registry: registry_url_get('%s', %zu)", url, urllen);
char buf[sizeof(REGISTRY_URL) + urllen]; // no need for +1, 1 is already in REGISTRY_URL
REGISTRY_URL *n = (REGISTRY_URL *)&buf[0];
n->len = (uint16_t)urllen;
strncpyz(n->url, url, n->len);
n->hash = simple_hash(n->url);
Reported by FlawFinder.
registry/registry_url.h
1 issues
Line: 21
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint32_t links; // the number of links to this URL - when none is left, we free it
uint16_t len; // the length of the URL in bytes
char url[1]; // the URL - dynamically allocated to more size
};
typedef struct registry_url REGISTRY_URL;
// REGISTRY_URL INDEX
extern int registry_url_compare(void *a, void *b);
Reported by FlawFinder.
collectors/slabinfo.plugin/slabinfo.c
1 issues
Line: 16
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
// #define slabdebug(...) if (debug) { fprintf(stderr, __VA_ARGS__); }
#define slabdebug(args...) if (debug) { \
fprintf(stderr, "slabinfo.plugin DEBUG (%04d@%-10.10s:%-15.15s)::", __LINE__, __FILE__, __FUNCTION__); \
fprintf(stderr, ##args); \
fprintf(stderr, "\n"); }
// ----------------------------------------------------------------------------
Reported by FlawFinder.
spawn/spawn.h
1 issues
Line: 103
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned to_copy;
to_copy = MIN(max_to_copy, *source_len);
memcpy(prot_buffer + *prot_buffer_len, *source, to_copy);
*prot_buffer_len += to_copy;
*source += to_copy;
*source_len -= to_copy;
}
Reported by FlawFinder.
collectors/python.d.plugin/python_modules/pyyaml2/resolver.py
1 issues
Line: 172
Column: 23
u'tag:yaml.org,2002:bool',
re.compile(ur'''^(?:yes|Yes|YES|no|No|NO
|true|True|TRUE|false|False|FALSE
|on|On|ON|off|Off|OFF)$''', re.X),
list(u'yYnNtTfFoO'))
Resolver.add_implicit_resolver(
u'tag:yaml.org,2002:float',
re.compile(ur'''^(?:[-+]?(?:[0-9][0-9_]*)\.[0-9_]*(?:[eE][-+][0-9]+)?
Reported by Pylint.
spawn/spawn_server.c
1 issues
Line: 15
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* spawn outstanding execution structure */
static avl_tree_lock spawn_outstanding_exec_tree;
static char prot_buffer[MAX_COMMAND_LENGTH];
static unsigned prot_buffer_len = 0;
struct spawn_execution_info {
avl_t avl;
Reported by FlawFinder.
collectors/proc.plugin/proc_meminfo.c
1 issues
Line: 125
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if(unlikely(!ff)) {
char filename[FILENAME_MAX + 1];
snprintfz(filename, FILENAME_MAX, "%s%s", netdata_configured_host_prefix, "/proc/meminfo");
ff = procfile_open(config_get(CONFIG_SECTION_PLUGIN_PROC_MEMINFO, "filename to monitor", filename), " \t:", PROCFILE_FLAG_DEFAULT);
if(unlikely(!ff))
return 1;
}
Reported by FlawFinder.