The following issues were found
deps/lua/src/strbuf.h
2 issues
Line: 130
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void strbuf_append_mem(strbuf_t *s, const char *c, int len)
{
strbuf_ensure_empty_length(s, len);
memcpy(s->buf + s->length, c, len);
s->length += len;
}
static inline void strbuf_append_mem_unsafe(strbuf_t *s, const char *c, int len)
{
Reported by FlawFinder.
Line: 136
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void strbuf_append_mem_unsafe(strbuf_t *s, const char *c, int len)
{
memcpy(s->buf + s->length, c, len);
s->length += len;
}
static inline void strbuf_ensure_null(strbuf_t *s)
{
Reported by FlawFinder.
src/ae_select.c
2 issues
Line: 81
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
aeApiState *state = eventLoop->apidata;
int retval, j, numevents = 0;
memcpy(&state->_rfds,&state->rfds,sizeof(fd_set));
memcpy(&state->_wfds,&state->wfds,sizeof(fd_set));
retval = select(eventLoop->maxfd+1,
&state->_rfds,&state->_wfds,NULL,tvp);
if (retval > 0) {
Reported by FlawFinder.
Line: 82
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int retval, j, numevents = 0;
memcpy(&state->_rfds,&state->rfds,sizeof(fd_set));
memcpy(&state->_wfds,&state->wfds,sizeof(fd_set));
retval = select(eventLoop->maxfd+1,
&state->_rfds,&state->_wfds,NULL,tvp);
if (retval > 0) {
for (j = 0; j <= eventLoop->maxfd; j++) {
Reported by FlawFinder.
src/cli_common.c
2 issues
Line: 203
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Create an sds from stdin */
sds readArgFromStdin(void) {
char buf[1024];
sds arg = sdsempty();
while(1) {
int nread = read(fileno(stdin),buf,1024);
Reported by FlawFinder.
Line: 207
Column: 21
CWE codes:
120
20
sds arg = sdsempty();
while(1) {
int nread = read(fileno(stdin),buf,1024);
if (nread == 0) break;
else if (nread == -1) {
perror("Reading from standard input");
exit(1);
Reported by FlawFinder.
src/connection.h
2 issues
Line: 60
Column: 11
CWE codes:
120
20
void (*ae_handler)(struct aeEventLoop *el, int fd, void *clientData, int mask);
int (*connect)(struct connection *conn, const char *addr, int port, const char *source_addr, ConnectionCallbackFunc connect_handler);
int (*write)(struct connection *conn, const void *data, size_t data_len);
int (*read)(struct connection *conn, void *buf, size_t buf_len);
void (*close)(struct connection *conn);
int (*accept)(struct connection *conn, ConnectionCallbackFunc accept_handler);
int (*set_write_handler)(struct connection *conn, ConnectionCallbackFunc handler, int barrier);
int (*set_read_handler)(struct connection *conn, ConnectionCallbackFunc handler);
const char *(*get_last_error)(struct connection *conn);
Reported by FlawFinder.
Line: 152
Column: 24
CWE codes:
120
20
* connGetState() to see if the connection state is still CONN_STATE_CONNECTED.
*/
static inline int connRead(connection *conn, void *buf, size_t buf_len) {
return conn->type->read(conn, buf, buf_len);
}
/* Register a write handler, to be called when the connection is writable.
* If NULL, the existing handler is removed.
*/
Reported by FlawFinder.
src/debugmacro.h
2 issues
Line: 38
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
do { \
FILE *fp = fopen("/tmp/log.txt","a"); \
fprintf(fp,"%s:%s:%d:\t", __FILE__, __func__, __LINE__); \
fprintf(fp,__VA_ARGS__); \
fprintf(fp,"\n"); \
fclose(fp); \
} while (0)
Reported by FlawFinder.
Line: 36
Column: 20
CWE codes:
362
#include <stdio.h>
#define D(...) \
do { \
FILE *fp = fopen("/tmp/log.txt","a"); \
fprintf(fp,"%s:%s:%d:\t", __FILE__, __func__, __LINE__); \
fprintf(fp,__VA_ARGS__); \
fprintf(fp,"\n"); \
fclose(fp); \
} while (0)
Reported by FlawFinder.
src/dict.h
2 issues
Line: 159
Column: 23
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#if ULONG_MAX >= 0xffffffffffffffff
#define randomULong() ((unsigned long) genrand64_int64())
#else
#define randomULong() random()
#endif
/* API */
dict *dictCreate(dictType *type);
int dictExpand(dict *d, unsigned long size);
Reported by FlawFinder.
Line: 83
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Keep small vars at end for optimal (minimal) struct padding */
int16_t pauserehash; /* If >0 rehashing is paused (<0 indicates coding error) */
signed char ht_size_exp[2]; /* exponent of size. (size = 1<<exp) */
};
/* If safe is set to 1 this is a safe iterator, that means, you can call
* dictAdd, dictFind, and other functions against the dictionary even while
* iterating. Otherwise it is a non safe iterator, and only dictNext()
Reported by FlawFinder.
src/evict.c
2 issues
Line: 233
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (klen > EVPOOL_CACHED_SDS_SIZE) {
pool[k].key = sdsdup(key);
} else {
memcpy(pool[k].cached,key,klen+1);
sdssetlen(pool[k].cached,klen);
pool[k].key = pool[k].cached;
}
pool[k].idle = idle;
pool[k].dbid = dbid;
Reported by FlawFinder.
Line: 705
Column: 13
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
* that some items are being freed in the lazyfree thread. Perform a
* short wait here if such jobs exist, but don't wait long. */
if (bioPendingJobsOfType(BIO_LAZY_FREE)) {
usleep(eviction_time_limit_us);
if (getMaxmemoryState(NULL,NULL,NULL,NULL) == C_OK) {
result = EVICT_OK;
}
}
}
Reported by FlawFinder.
src/geo.c
2 issues
Line: 207
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* so that the returned value is decently accurate even when the unit is
* the kilometer. */
void addReplyDoubleDistance(client *c, double d) {
char dbuf[128];
int dlen = snprintf(dbuf, sizeof(dbuf), "%.4f", d);
addReplyBulkCBuffer(c, dbuf, dlen);
}
/* Helper function for geoGetPointsInRange(): given a sorted set score
Reported by FlawFinder.
Line: 908
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
r[1].max = 90;
geohashEncode(&r[0],&r[1],xy[0],xy[1],26,&hash);
char buf[12];
int i;
for (i = 0; i < 11; i++) {
int idx;
if (i == 10) {
/* We have just 52 bits, but the API used to output
Reported by FlawFinder.
src/memtest.c
2 issues
Line: 305
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Always test an even number of pages. */
if (len/4096 % 2) len -= 4096;
memcpy(backup,p,len); /* Backup. */
while(pass != passes) {
pass++;
errors += memtest_addressing(p,len,0);
memtest_fill_random(p,len,0);
if (bytes >= MEMTEST_DECACHE_SIZE) {
Reported by FlawFinder.
Line: 328
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
errors += memtest_compare_times(p,len,pass,4,0);
}
memcpy(p,backup,len); /* Restore. */
left -= len;
p += len/sizeof(unsigned long);
}
return errors;
}
Reported by FlawFinder.
src/multi.c
2 issues
Line: 75
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mc->cmd = c->cmd;
mc->argc = c->argc;
mc->argv = zmalloc(sizeof(robj*)*c->argc);
memcpy(mc->argv,c->argv,sizeof(robj*)*c->argc);
for (j = 0; j < c->argc; j++)
incrRefCount(mc->argv[j]);
c->mstate.count++;
c->mstate.cmd_flags |= c->cmd->flags;
c->mstate.cmd_inv_flags |= ~c->cmd->flags;
Reported by FlawFinder.
Line: 271
Column: 44
CWE codes:
126
* backlog with the final EXEC. */
if (server.repl_backlog && was_master && !is_master) {
char *execcmd = "*1\r\n$4\r\nEXEC\r\n";
feedReplicationBacklog(execcmd,strlen(execcmd));
}
afterPropagateExec();
}
server.in_exec = 0;
Reported by FlawFinder.