The following issues were found
src/third_party/wiredtiger/test/suite/test_lsm04.py
6 issues
Line: 29
Column: 1
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
import wiredtiger, wttest
# test_lsm_key_format
# LSM doesn't current support column-store keys.
class test_lsm_key_format(wttest.WiredTigerTestCase):
def test_lsm_key_format(self):
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled
Reported by Pylint.
Line: 29
Column: 1
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
import wiredtiger, wttest
# test_lsm_key_format
# LSM doesn't current support column-store keys.
class test_lsm_key_format(wttest.WiredTigerTestCase):
def test_lsm_key_format(self):
Reported by Pylint.
Line: 33
Column: 1
# test_lsm_key_format
# LSM doesn't current support column-store keys.
class test_lsm_key_format(wttest.WiredTigerTestCase):
def test_lsm_key_format(self):
self.assertRaisesWithMessage(wiredtiger.WiredTigerError,
lambda: self.session.create(
"table:A", "key_format=r,value_format=S,type=lsm"),
'/key_format/')
Reported by Pylint.
Line: 33
Column: 1
# test_lsm_key_format
# LSM doesn't current support column-store keys.
class test_lsm_key_format(wttest.WiredTigerTestCase):
def test_lsm_key_format(self):
self.assertRaisesWithMessage(wiredtiger.WiredTigerError,
lambda: self.session.create(
"table:A", "key_format=r,value_format=S,type=lsm"),
'/key_format/')
Reported by Pylint.
Line: 34
Column: 5
# test_lsm_key_format
# LSM doesn't current support column-store keys.
class test_lsm_key_format(wttest.WiredTigerTestCase):
def test_lsm_key_format(self):
self.assertRaisesWithMessage(wiredtiger.WiredTigerError,
lambda: self.session.create(
"table:A", "key_format=r,value_format=S,type=lsm"),
'/key_format/')
Reported by Pylint.
src/mongo/bson/oid.cpp
6 issues
Line: 109
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void OID::hash_combine(size_t& seed) const {
uint32_t v;
for (int i = 0; i != kOIDSize; i += sizeof(uint32_t)) {
memcpy(&v, _data + i, sizeof(uint32_t));
boost::hash_combine(seed, v);
}
}
size_t OID::Hasher::operator()(const OID& oid) const {
Reported by FlawFinder.
Line: 127
Column: 10
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned OID::getMachineId() {
uint32_t ret = 0;
std::memcpy(&ret, _instanceUnique.bytes, sizeof(uint32_t));
return ret;
}
void OID::justForked() {
regenMachineId();
Reported by FlawFinder.
Line: 159
Column: 10
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void OID::init(Date_t date, bool max) {
setTimestamp(uint32_t(date.toMillisSinceEpoch() / 1000));
uint64_t rest = max ? std::numeric_limits<uint64_t>::max() : 0u;
std::memcpy(_view().view(kInstanceUniqueOffset), &rest, kInstanceUniqueSize + kIncrementSize);
}
time_t OID::asTimeT() const {
return getTimestamp();
}
Reported by FlawFinder.
Line: 94
Column: 19
CWE codes:
120
20
}
OID::Timestamp OID::getTimestamp() const {
return view().read<BigEndian<Timestamp>>(kTimestampOffset);
}
OID::InstanceUnique OID::getInstanceUnique() const {
// Byte order doesn't matter here
return view().read<InstanceUnique>(kInstanceUniqueOffset);
Reported by FlawFinder.
Line: 99
Column: 19
CWE codes:
120
20
OID::InstanceUnique OID::getInstanceUnique() const {
// Byte order doesn't matter here
return view().read<InstanceUnique>(kInstanceUniqueOffset);
}
OID::Increment OID::getIncrement() const {
return view().read<Increment>(kIncrementOffset);
}
Reported by FlawFinder.
Line: 103
Column: 19
CWE codes:
120
20
}
OID::Increment OID::getIncrement() const {
return view().read<Increment>(kIncrementOffset);
}
void OID::hash_combine(size_t& seed) const {
uint32_t v;
for (int i = 0; i != kOIDSize; i += sizeof(uint32_t)) {
Reported by FlawFinder.
src/third_party/unwind/dist/tests/Gperf-trace.c
6 issues
Line: 36
Column: 7
CWE codes:
134
Suggestion:
Use a constant for the format specification
#include <sys/time.h>
#define panic(args...) \
do { fprintf (stderr, args); exit (-1); } while (0)
long dummy;
static long iterations = 10000;
static int maxlevel = 100;
Reported by FlawFinder.
Line: 46
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define KB 1024
#define MB (1024*1024)
static char big[64*MB]; /* should be >> max. cache size */
static inline double
gettime (void)
{
struct timeval tv;
Reported by FlawFinder.
Line: 143
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct
{
unw_cursor_t c;
char padding[1024]; /* should be > 2 * max. cacheline size */
}
cursor[N];
struct
{
unw_context_t uc;
Reported by FlawFinder.
Line: 149
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct
{
unw_context_t uc;
char padding[1024]; /* should be > 2 * max. cacheline size */
}
uc[N];
int i, j;
/* Run each test M times and take the minimum to filter out noise
Reported by FlawFinder.
Line: 231
Column: 18
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
if (argc > 1)
{
maxlevel = atol (argv[1]);
if (argc > 2)
iterations = atol (argv[2]);
}
measure_init ();
Reported by FlawFinder.
Line: 233
Column: 15
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
{
maxlevel = atol (argv[1]);
if (argc > 2)
iterations = atol (argv[2]);
}
measure_init ();
doit ("default ");
Reported by FlawFinder.
src/third_party/gperftools/dist/src/tests/profiler_unittest.cc
6 issues
Line: 90
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(stderr, " 0 or 1 for single-threaded mode,\n");
fprintf(stderr, " -# to fork instead of thread.\n");
fprintf(stderr, " filename: The name of the output profile.\n");
fprintf(stderr, (" If you don't specify, set CPUPROFILE "
"in the environment instead!\n"));
return 1;
}
g_iters = atoi(argv[1]);
Reported by FlawFinder.
Line: 130
Column: 18
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
printf("FORK failed!\n");
return 1;
case 0: // child
return execl(argv[0], argv[0], argv[1], NULL);
default:
wait(NULL); // we'll let the kids run one at a time
}
}
#else
Reported by FlawFinder.
Line: 59
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ProfilerRegisterThread();
int i, m;
char b[128];
MutexLock ml(&mutex);
for (m = 0; m < 1000000; ++m) { // run millions of times
for (i = 0; i < g_iters; ++i ) {
result ^= i;
}
Reported by FlawFinder.
Line: 72
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void test_main_thread() {
int i, m;
char b[128];
MutexLock ml(&mutex);
for (m = 0; m < 1000000; ++m) { // run millions of times
for (i = 0; i < g_iters; ++i ) {
result ^= i;
}
Reported by FlawFinder.
Line: 95
Column: 13
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
return 1;
}
g_iters = atoi(argv[1]);
int num_threads = 1;
const char* filename = NULL;
if (argc > 2) {
num_threads = atoi(argv[2]);
}
Reported by FlawFinder.
Line: 99
Column: 19
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
int num_threads = 1;
const char* filename = NULL;
if (argc > 2) {
num_threads = atoi(argv[2]);
}
if (argc > 3) {
filename = argv[3];
}
Reported by FlawFinder.
src/third_party/unwind/dist/src/os-linux.h
6 issues
Line: 68
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline int
maps_init (struct map_iterator *mi, pid_t pid)
{
char path[sizeof ("/proc/0123456789/maps")], *cp;
memcpy (path, "/proc/", 6);
cp = ltoa (path + 6, pid);
assert (cp + 6 < path + sizeof (path));
memcpy (cp, "/maps", 6);
Reported by FlawFinder.
Line: 70
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
char path[sizeof ("/proc/0123456789/maps")], *cp;
memcpy (path, "/proc/", 6);
cp = ltoa (path + 6, pid);
assert (cp + 6 < path + sizeof (path));
memcpy (cp, "/maps", 6);
mi->fd = open (path, O_RDONLY);
Reported by FlawFinder.
Line: 73
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy (path, "/proc/", 6);
cp = ltoa (path + 6, pid);
assert (cp + 6 < path + sizeof (path));
memcpy (cp, "/maps", 6);
mi->fd = open (path, O_RDONLY);
if (mi->fd >= 0)
{
/* Try to allocate a page-sized buffer. */
Reported by FlawFinder.
Line: 75
Column: 12
CWE codes:
362
assert (cp + 6 < path + sizeof (path));
memcpy (cp, "/maps", 6);
mi->fd = open (path, O_RDONLY);
if (mi->fd >= 0)
{
/* Try to allocate a page-sized buffer. */
mi->buf_size = getpagesize ();
cp = mmap (NULL, mi->buf_size, PROT_READ | PROT_WRITE,
Reported by FlawFinder.
Line: 206
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
maps_next (struct map_iterator *mi,
unsigned long *low, unsigned long *high, unsigned long *offset)
{
char perm[16], dash = 0, colon = 0, *cp;
unsigned long major, minor, inum;
ssize_t i, nread;
if (mi->fd < 0)
return 0;
Reported by FlawFinder.
Line: 235
Column: 19
CWE codes:
120
20
memmove (mi->buf_end - mi->buf_size, mi->buf, bytes_left);
mi->buf = mi->buf_end - mi->buf_size;
nread = read (mi->fd, mi->buf + bytes_left,
mi->buf_size - bytes_left);
if (nread <= 0)
return 0;
else if ((size_t) (nread + bytes_left) < mi->buf_size)
{
Reported by FlawFinder.
src/third_party/unwind/dist/src/ppc32/Gstep.c
6 issues
Line: 94
CWE codes:
570
chain. This is very crude, however, and won't be able to unwind
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
Reported by Cppcheck.
Line: 94
CWE codes:
908
chain. This is very crude, however, and won't be able to unwind
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
Reported by Cppcheck.
Line: 94
CWE codes:
570
chain. This is very crude, however, and won't be able to unwind
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
Reported by Cppcheck.
Line: 94
CWE codes:
908
chain. This is very crude, however, and won't be able to unwind
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
Reported by Cppcheck.
Line: 95
CWE codes:
570
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
dwarf_get (&c->dwarf, back_chain_loc, &c->dwarf.cfa)) < 0)
Reported by Cppcheck.
Line: 95
CWE codes:
570
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
dwarf_get (&c->dwarf, back_chain_loc, &c->dwarf.cfa)) < 0)
Reported by Cppcheck.
buildscripts/linter/runner.py
6 issues
Line: 15
Column: 1
import threading
import pkg_resources
from . import base
def _check_version(linter, cmd_path, args):
# type: (base.LinterBase, List[str], List[str]) -> bool
"""Check if the given linter has the correct version."""
Reported by Pylint.
Line: 10
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess
import os
import re
import site
import subprocess
import sys
import threading
import pkg_resources
from . import base
Reported by Bandit.
Line: 25
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
try:
cmd = cmd_path + args
logging.info(str(cmd))
process_handle = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
output, stderr = process_handle.communicate()
decoded_output = output.decode('utf-8')
if process_handle.returncode:
logging.info(
Reported by Bandit.
Line: 196
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
with open(file_name, 'rb') as original_text:
original_file = original_text.read().decode('utf-8')
formatted_file = subprocess.check_output(cmd).decode('utf-8')
if original_file != formatted_file:
original_lines = original_file.splitlines()
formatted_lines = formatted_file.splitlines()
result = difflib.unified_diff(original_lines, formatted_lines)
Reported by Bandit.
Line: 217
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
return False
else:
subprocess.check_output(cmd).decode('utf-8')
except subprocess.CalledProcessError as cpe:
self._safe_print("CMD [%s] failed:\n%s" % (' '.join(cmd), cpe.output.decode('utf-8')))
return False
Reported by Bandit.
Line: 232
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
logging.debug(str(cmd))
try:
subprocess.check_output(cmd).decode('utf-8')
except subprocess.CalledProcessError as cpe:
self._safe_print("CMD [%s] failed:\n%s" % (' '.join(cmd), cpe.output))
return False
return True
Reported by Bandit.
src/third_party/unwind/dist/src/ppc64/Gstep.c
6 issues
Line: 89
CWE codes:
908
chain. This is very crude, however, and won't be able to unwind
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
Reported by Cppcheck.
Line: 89
CWE codes:
570
chain. This is very crude, however, and won't be able to unwind
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
Reported by Cppcheck.
Line: 89
CWE codes:
908
chain. This is very crude, however, and won't be able to unwind
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
Reported by Cppcheck.
Line: 89
CWE codes:
570
chain. This is very crude, however, and won't be able to unwind
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
Reported by Cppcheck.
Line: 90
CWE codes:
570
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
dwarf_get (&c->dwarf, back_chain_loc, &c->dwarf.cfa)) < 0)
Reported by Cppcheck.
Line: 90
CWE codes:
570
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
dwarf_get (&c->dwarf, back_chain_loc, &c->dwarf.cfa)) < 0)
Reported by Cppcheck.
src/third_party/gperftools/dist/src/profiler.cc
6 issues
Line: 182
Column: 7
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
// TODO(cgd) Move this code *out* of the CpuProfile constructor into a
// separate object responsible for initialization. With ProfileHandler there
// is no need to limit the number of profilers.
if (getenv("CPUPROFILE") == NULL) {
if (!FLAGS_cpu_profiler_unittest) {
RAW_LOG(WARNING, "CPU profiler linked but no valid CPUPROFILE environment variable found\n");
}
return;
}
Reported by FlawFinder.
Line: 199
Column: 29
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
}
#endif
char *signal_number_str = getenv("CPUPROFILESIGNAL");
if (signal_number_str != NULL) {
long int signal_number = strtol(signal_number_str, NULL, 10);
if (signal_number >= 1 && signal_number <= 64) {
intptr_t old_signal_handler = reinterpret_cast<intptr_t>(signal(signal_number, CpuProfilerSwitch));
if (old_signal_handler == 0) {
Reported by FlawFinder.
Line: 145
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void CpuProfilerSwitch(int signal_number)
{
static unsigned profile_count;
static char base_profile_name[PATH_MAX];
static bool started = false;
if (base_profile_name[0] == '\0') {
if (!GetUniquePathFromEnv("CPUPROFILE", base_profile_name)) {
RAW_LOG(FATAL,"Cpu profiler switch is registered but no CPUPROFILE is defined");
Reported by FlawFinder.
Line: 156
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (!started) {
char full_profile_name[PATH_MAX + 16];
snprintf(full_profile_name, sizeof(full_profile_name), "%s.%u",
base_profile_name, profile_count++);
if(!ProfilerStart(full_profile_name)) {
Reported by FlawFinder.
Line: 213
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
RAW_LOG(FATAL, "Signal number %s is invalid\n", signal_number_str);
}
} else {
char fname[PATH_MAX];
if (!GetUniquePathFromEnv("CPUPROFILE", fname)) {
if (!FLAGS_cpu_profiler_unittest) {
RAW_LOG(WARNING, "CPU profiler linked but no valid CPUPROFILE environment variable found\n");
}
return;
Reported by FlawFinder.
Line: 311
Column: 3
CWE codes:
120
state->start_time = static_cast<time_t>(collector_state.start_time);
state->samples_gathered = collector_state.samples_gathered;
int buf_size = sizeof(state->profile_name);
strncpy(state->profile_name, collector_state.profile_name, buf_size);
state->profile_name[buf_size-1] = '\0';
}
void CpuProfiler::EnableHandler() {
RAW_CHECK(prof_handler_token_ == NULL, "SIGPROF handler already registered");
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/common/wintz.c
6 issues
Line: 122
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static LONG openTZRegKey(HKEY *hkey, const char *winid)
{
char subKeyName[110]; /* TODO: why 96?? */
char *name;
LONG result;
/* This isn't thread safe, but it's good enough because the result should be constant per system. */
if (gWinType <= 0) {
Reported by FlawFinder.
Line: 277
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
UErrorCode status = U_ZERO_ERROR;
UResourceBundle* bundle = NULL;
char* icuid = NULL;
char apiStdName[MAX_LENGTH_ID];
char regStdName[MAX_LENGTH_ID];
char tmpid[MAX_LENGTH_ID];
int32_t len;
int id;
int errorCode;
Reported by FlawFinder.
Line: 278
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
UResourceBundle* bundle = NULL;
char* icuid = NULL;
char apiStdName[MAX_LENGTH_ID];
char regStdName[MAX_LENGTH_ID];
char tmpid[MAX_LENGTH_ID];
int32_t len;
int id;
int errorCode;
UChar ISOcodeW[3]; /* 2 letter iso code in UTF-16*/
Reported by FlawFinder.
Line: 279
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char* icuid = NULL;
char apiStdName[MAX_LENGTH_ID];
char regStdName[MAX_LENGTH_ID];
char tmpid[MAX_LENGTH_ID];
int32_t len;
int id;
int errorCode;
UChar ISOcodeW[3]; /* 2 letter iso code in UTF-16*/
char ISOcodeA[3]; /* 2 letter iso code in ansi */
Reported by FlawFinder.
Line: 284
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int id;
int errorCode;
UChar ISOcodeW[3]; /* 2 letter iso code in UTF-16*/
char ISOcodeA[3]; /* 2 letter iso code in ansi */
LONG result;
TZI tziKey;
TZI tziReg;
TIME_ZONE_INFORMATION apiTZI;
Reported by FlawFinder.
Line: 132
Column: 24
CWE codes:
126
}
uprv_strcpy(subKeyName, TZ_REGKEY[(gWinType != WIN_9X_ME_TYPE)]);
name = &subKeyName[strlen(subKeyName)];
uprv_strcat(subKeyName, winid);
if (gWinType == WIN_9X_ME_TYPE) {
/* Remove " Standard Time" */
char *pStd = uprv_strstr(subKeyName, STANDARD_TIME_REGKEY);
Reported by FlawFinder.