The following issues were found
src/third_party/fmt/dist/include/fmt/format-inl.h
6 issues
Line: 48
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
#ifndef _MSC_VER
# define FMT_SNPRINTF snprintf
#else // _MSC_VER
inline int fmt_snprintf(char* buffer, size_t size, const char* format, ...) {
va_list args;
va_start(args, format);
int result = vsnprintf_s(buffer, size, _TRUNCATE, format, args);
Reported by FlawFinder.
Line: 2507
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Build the format string.
enum { max_format_size = 7 }; // The longest format is "%#.*Le".
char format[max_format_size];
char* format_ptr = format;
*format_ptr++ = '%';
if (specs.showpoint && specs.format == float_format::hex) *format_ptr++ = '#';
if (precision >= 0) {
*format_ptr++ = '.';
Reported by FlawFinder.
Line: 2703
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (auto end = p + s.size() - block_size + 1; p < end;) p = transcode(p);
}
if (auto num_chars_left = s.data() + s.size() - p) {
char buf[2 * block_size - 1] = {};
memcpy(buf, p, to_unsigned(num_chars_left));
p = buf;
do {
p = transcode(p);
} while (p - buf < num_chars_left);
Reported by FlawFinder.
Line: 2704
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (auto num_chars_left = s.data() + s.size() - p) {
char buf[2 * block_size - 1] = {};
memcpy(buf, p, to_unsigned(num_chars_left));
p = buf;
do {
p = transcode(p);
} while (p - buf < num_chars_left);
}
Reported by FlawFinder.
Line: 92
Column: 33
CWE codes:
126
FMT_MAYBE_UNUSED
int handle(char* message) {
// If the buffer is full then the message is probably truncated.
if (message == buffer_ && strlen(buffer_) == buffer_size_ - 1)
return ERANGE;
buffer_ = message;
return 0;
}
Reported by FlawFinder.
Line: 108
Column: 29
CWE codes:
126
FMT_MAYBE_UNUSED
int fallback(int result) {
// If the buffer is full then the message is probably truncated.
return result == 0 && strlen(buffer_) == buffer_size_ - 1 ? ERANGE
: result;
}
#if !FMT_MSC_VER
// Fallback to strerror if strerror_r and strerror_s are not available.
Reported by FlawFinder.
src/third_party/unwind/dist/src/os-linux.h
6 issues
Line: 68
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline int
maps_init (struct map_iterator *mi, pid_t pid)
{
char path[sizeof ("/proc/0123456789/maps")], *cp;
memcpy (path, "/proc/", 6);
cp = ltoa (path + 6, pid);
assert (cp + 6 < path + sizeof (path));
memcpy (cp, "/maps", 6);
Reported by FlawFinder.
Line: 70
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
char path[sizeof ("/proc/0123456789/maps")], *cp;
memcpy (path, "/proc/", 6);
cp = ltoa (path + 6, pid);
assert (cp + 6 < path + sizeof (path));
memcpy (cp, "/maps", 6);
mi->fd = open (path, O_RDONLY);
Reported by FlawFinder.
Line: 73
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy (path, "/proc/", 6);
cp = ltoa (path + 6, pid);
assert (cp + 6 < path + sizeof (path));
memcpy (cp, "/maps", 6);
mi->fd = open (path, O_RDONLY);
if (mi->fd >= 0)
{
/* Try to allocate a page-sized buffer. */
Reported by FlawFinder.
Line: 75
Column: 12
CWE codes:
362
assert (cp + 6 < path + sizeof (path));
memcpy (cp, "/maps", 6);
mi->fd = open (path, O_RDONLY);
if (mi->fd >= 0)
{
/* Try to allocate a page-sized buffer. */
mi->buf_size = getpagesize ();
cp = mmap (NULL, mi->buf_size, PROT_READ | PROT_WRITE,
Reported by FlawFinder.
Line: 206
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
maps_next (struct map_iterator *mi,
unsigned long *low, unsigned long *high, unsigned long *offset)
{
char perm[16], dash = 0, colon = 0, *cp;
unsigned long major, minor, inum;
ssize_t i, nread;
if (mi->fd < 0)
return 0;
Reported by FlawFinder.
Line: 235
Column: 19
CWE codes:
120
20
memmove (mi->buf_end - mi->buf_size, mi->buf, bytes_left);
mi->buf = mi->buf_end - mi->buf_size;
nread = read (mi->fd, mi->buf + bytes_left,
mi->buf_size - bytes_left);
if (nread <= 0)
return 0;
else if ((size_t) (nread + bytes_left) < mi->buf_size)
{
Reported by FlawFinder.
src/third_party/boost/libs/regex/src/cregex.cpp
6 issues
Line: 374
Column: 24
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
#if BOOST_WORKAROUND(BOOST_MSVC, >= 1400) && !defined(_WIN32_WCE) && !defined(UNDER_CE)
int r = (::sprintf_s)(buf, sizeof(buf), "%s%s%s", dstart.path(), directory_iterator::separator(), ptr);
#else
int r = (std::sprintf)(buf, "%s%s%s", dstart.path(), directory_iterator::separator(), ptr);
#endif
if(r < 0)
{
// sprintf failed, skip this item:
++dstart;
Reported by FlawFinder.
Line: 340
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if(recurse)
{
// go through sub directories:
char buf[MAX_PATH];
BOOST_REGEX_DETAIL_NS::overflow_error_if_not_zero(BOOST_REGEX_DETAIL_NS::strcpy_s(buf, MAX_PATH, start.root()));
if(*buf == 0)
{
BOOST_REGEX_DETAIL_NS::overflow_error_if_not_zero(BOOST_REGEX_DETAIL_NS::strcpy_s(buf, MAX_PATH, "."));
BOOST_REGEX_DETAIL_NS::overflow_error_if_not_zero(BOOST_REGEX_DETAIL_NS::strcat_s(buf, MAX_PATH, directory_iterator::separator()));
Reported by FlawFinder.
Line: 365
Column: 18
CWE codes:
126
while(dstart != dend)
{
// Verify that sprintf will not overflow:
if(std::strlen(dstart.path()) + std::strlen(directory_iterator::separator()) + std::strlen(ptr) >= MAX_PATH)
{
// Oops overflow, skip this item:
++dstart;
continue;
}
Reported by FlawFinder.
Line: 365
Column: 94
CWE codes:
126
while(dstart != dend)
{
// Verify that sprintf will not overflow:
if(std::strlen(dstart.path()) + std::strlen(directory_iterator::separator()) + std::strlen(ptr) >= MAX_PATH)
{
// Oops overflow, skip this item:
++dstart;
continue;
}
Reported by FlawFinder.
Line: 365
Column: 47
CWE codes:
126
while(dstart != dend)
{
// Verify that sprintf will not overflow:
if(std::strlen(dstart.path()) + std::strlen(directory_iterator::separator()) + std::strlen(ptr) >= MAX_PATH)
{
// Oops overflow, skip this item:
++dstart;
continue;
}
Reported by FlawFinder.
Line: 471
Column: 35
CWE codes:
126
std::string result;
if(!copy) flags |= format_no_copy;
BOOST_REGEX_DETAIL_NS::string_out_iterator<std::string> i(result);
regex_replace(i, in, in + std::strlen(in), pdata->e, fmt, flags);
return result;
}
std::size_t RegEx::Split(std::vector<std::string>& v,
std::string& s,
Reported by FlawFinder.
src/third_party/boost/libs/log/src/windows/ipc_sync_wrappers.cpp
6 issues
Line: 48
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
namespace aux {
//! Hex character table, defined in dump.cpp
extern const char g_hex_char_table[2][16];
} // namespace aux
namespace ipc {
Reported by FlawFinder.
Line: 108
Column: 13
CWE codes:
362
const boost::winapi::DWORD_ err = boost::winapi::GetLastError();
if (BOOST_LIKELY(err == ERROR_ALREADY_EXISTS))
{
open(name);
return;
}
else
{
BOOST_LOG_THROW_DESCR_PARAMS(boost::log::system_error, "Failed to create an interprocess event object", (err));
Reported by FlawFinder.
Line: 120
Column: 26
CWE codes:
362
m_event.init(h);
}
void interprocess_event::open(const wchar_t* name)
{
boost::winapi::HANDLE_ h = boost::winapi::OpenEventW(boost::winapi::SYNCHRONIZE_ | boost::winapi::EVENT_MODIFY_STATE_, false, name);
if (BOOST_UNLIKELY(h == NULL))
{
const boost::winapi::DWORD_ err = boost::winapi::GetLastError();
Reported by FlawFinder.
Line: 161
Column: 13
CWE codes:
362
boost::winapi::DWORD_ err = boost::winapi::GetLastError();
if (BOOST_LIKELY(err == ERROR_ALREADY_EXISTS))
{
open(name);
return;
}
else
{
BOOST_LOG_THROW_DESCR_PARAMS(boost::log::system_error, "Failed to create an interprocess semaphore object", (err));
Reported by FlawFinder.
Line: 173
Column: 30
CWE codes:
362
m_sem.init(h);
}
void interprocess_semaphore::open(const wchar_t* name)
{
boost::winapi::HANDLE_ h = boost::winapi::OpenSemaphoreW(boost::winapi::SYNCHRONIZE_ | boost::winapi::SEMAPHORE_MODIFY_STATE_ | boost::winapi::SEMAPHORE_QUERY_STATE_, false, name);
if (BOOST_UNLIKELY(h == NULL))
{
const boost::winapi::DWORD_ err = boost::winapi::GetLastError();
Reported by FlawFinder.
Line: 219
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
);
if (BOOST_UNLIKELY(err != 0u))
{
char buf[sizeof(unsigned int) * 2u + 4u];
boost::log::aux::snprintf(buf, sizeof(buf), "0x%08x", static_cast< unsigned int >(err));
BOOST_LOG_THROW_DESCR_PARAMS(boost::log::system_error, std::string("Failed to test an interprocess semaphore object for zero count, NT status: ") + buf, (ERROR_INVALID_HANDLE));
}
return info.current_count == 0u;
Reported by FlawFinder.
buildscripts/util/runcommand.py
6 issues
Line: 9
Column: 1
import sys
import subprocess
from . import fileops
class RunCommand(object):
"""Class to abstract executing a subprocess."""
Reported by Pylint.
Line: 7
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess
import pipes
import shlex
import sys
import subprocess
from . import fileops
class RunCommand(object):
Reported by Bandit.
Line: 54
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
def execute(self):
"""Execute 'cmd' and return err_code and output."""
self._process = subprocess.Popen(self._cmd_list(), stdout=subprocess.PIPE,
stderr=subprocess.STDOUT, **self._preexec_kargs)
output, _ = self._process.communicate()
error_code = self._process.returncode
return error_code, output
Reported by Bandit.
Line: 62
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
def execute_with_output(self):
"""Execute the command, return result as a string."""
return subprocess.check_output(self._cmd_list()).decode('utf-8')
def execute_save_output(self):
"""Execute the command, save result in 'self.output_file' and return returncode."""
with fileops.get_file_handle(self.output_file, self.append_file) as file_handle:
ret = subprocess.check_call(self._cmd_list(), stdout=file_handle)
Reported by Bandit.
Line: 67
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
def execute_save_output(self):
"""Execute the command, save result in 'self.output_file' and return returncode."""
with fileops.get_file_handle(self.output_file, self.append_file) as file_handle:
ret = subprocess.check_call(self._cmd_list(), stdout=file_handle)
return ret
def start_process(self):
"""Start to execute the command."""
# Do not propagate interrupts to the child process.
Reported by Bandit.
Line: 74
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
"""Start to execute the command."""
# Do not propagate interrupts to the child process.
with fileops.get_file_handle(self.output_file, self.append_file) as file_handle:
self._process = subprocess.Popen(self._cmd_list(), stdin=subprocess.PIPE,
stdout=file_handle, stderr=subprocess.STDOUT,
**self._preexec_kargs)
def send_to_process(self, string=None):
"""Send 'string' to a running processs and return stdout, stderr."""
Reported by Bandit.
src/third_party/tomcrypt-1.18.2/src/headers/tomcrypt_prng.h
6 issues
Line: 14
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef LTC_YARROW
struct yarrow_prng {
int cipher, hash;
unsigned char pool[MAXBLOCKSIZE];
symmetric_CTR ctr;
};
#endif
#ifdef LTC_RC4
Reported by FlawFinder.
Line: 28
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef LTC_CHACHA20_PRNG
struct chacha20_prng {
chacha_state s; /* chacha state */
unsigned char ent[40]; /* entropy buffer */
unsigned long idx; /* entropy counter */
};
#endif
#ifdef LTC_FORTUNA
Reported by FlawFinder.
Line: 39
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
symmetric_key skey;
unsigned char K[32], /* the current key */
IV[16]; /* IV for CTR mode */
unsigned long pool_idx, /* current pool we will add to */
pool0_len, /* length of 0'th pool */
wd;
Reported by FlawFinder.
Line: 53
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef LTC_SOBER128
struct sober128_prng {
sober128_state s; /* sober128 state */
unsigned char ent[40]; /* entropy buffer */
unsigned long idx; /* entropy counter */
};
#endif
typedef struct {
Reported by FlawFinder.
Line: 60
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct {
union {
char dummy[1];
#ifdef LTC_YARROW
struct yarrow_prng yarrow;
#endif
#ifdef LTC_RC4
struct rc4_prng rc4;
Reported by FlawFinder.
Line: 110
Column: 21
CWE codes:
120
20
@param prng The PRNG state to read from
@return Number of octets read
*/
unsigned long (*read)(unsigned char *out, unsigned long outlen, prng_state *prng);
/** Terminate a PRNG state
@param prng The PRNG state to terminate
@return CRYPT_OK if successful
*/
int (*done)(prng_state *prng);
Reported by FlawFinder.
src/third_party/boost/libs/log/src/posix/ipc_reliable_message_queue.cpp
6 issues
Line: 107
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
//! A tag value to ensure the correct binary layout of the message queue data structures. Must be placed first and always have a fixed size and alignment.
uint32_t m_abi_tag;
//! Padding to protect against alignment changes in Boost.Atomic. Don't use BOOST_ALIGNMENT to ensure portability.
unsigned char m_padding[BOOST_LOG_CPU_CACHE_LINE_SIZE - sizeof(uint32_t)];
//! Reference counter. Also acts as a flag indicating that the queue is constructed (i.e. the queue is constructed when the counter is not 0).
boost::atomic< uint32_t > m_ref_count;
//! Number of allocation blocks in the queue.
const uint32_t m_capacity;
//! Size of an allocation block, in bytes.
Reported by FlawFinder.
Line: 622
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
block->m_size = message_size;
size_type write_size = (std::min)(static_cast< size_type >((capacity - pos) * block_size - block_header::get_header_overhead()), message_size);
std::memcpy(block->get_data(), message_data, write_size);
pos += block_count;
if (BOOST_UNLIKELY(pos >= capacity))
{
// Write the rest of the message at the beginning of the queue
Reported by FlawFinder.
Line: 632
Column: 22
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
message_data = static_cast< const unsigned char* >(message_data) + write_size;
write_size = message_size - write_size;
if (write_size > 0u)
std::memcpy(hdr->get_block(0u), message_data, write_size);
}
hdr->m_put_pos = pos;
const uint32_t old_queue_size = hdr->m_size;
Reported by FlawFinder.
Line: 718
Column: 44
CWE codes:
362
}
}
BOOST_LOG_API void reliable_message_queue::open(object_name const& name, overflow_policy oflow_policy, permissions const&)
{
BOOST_ASSERT(m_impl == NULL);
try
{
m_impl = new implementation(open_mode::open_only, name, oflow_policy);
Reported by FlawFinder.
Line: 865
Column: 10
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (BOOST_UNLIKELY(size > p->size))
BOOST_THROW_EXCEPTION(bad_alloc("Buffer too small to receive the message"));
std::memcpy(p->data, data, size);
p->data += size;
p->size -= size;
}
BOOST_LOG_API void reliable_message_queue::remove(object_name const& name)
Reported by FlawFinder.
Line: 489
Column: 17
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
ts.tv_nsec = 1000;
nanosleep(&ts, NULL);
#else
usleep(1);
#endif
}
}
BOOST_LOG_THROW_DESCR(setup_error, "Boost.Log interprocess message queue cannot be opened: shared memory segment is not initialized by creator for too long");
Reported by FlawFinder.
src/third_party/unwind/dist/src/ppc32/Gstep.c
6 issues
Line: 94
CWE codes:
570
chain. This is very crude, however, and won't be able to unwind
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
Reported by Cppcheck.
Line: 94
CWE codes:
908
chain. This is very crude, however, and won't be able to unwind
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
Reported by Cppcheck.
Line: 94
CWE codes:
570
chain. This is very crude, however, and won't be able to unwind
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
Reported by Cppcheck.
Line: 94
CWE codes:
908
chain. This is very crude, however, and won't be able to unwind
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
Reported by Cppcheck.
Line: 95
CWE codes:
570
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
dwarf_get (&c->dwarf, back_chain_loc, &c->dwarf.cfa)) < 0)
Reported by Cppcheck.
Line: 95
CWE codes:
570
any registers besides the IP, SP, and LR . */
back_chain_offset = ((void *) &dummy.back_chain - (void *) &dummy);
lr_save_offset = ((void *) &dummy.lr_save - (void *) &dummy);
back_chain_loc = DWARF_LOC (c->dwarf.cfa + back_chain_offset, 0);
if ((ret =
dwarf_get (&c->dwarf, back_chain_loc, &c->dwarf.cfa)) < 0)
Reported by Cppcheck.
src/third_party/boost/libs/locale/src/posix/codecvt.cpp
6 issues
Line: 47
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
throw std::runtime_error("Unsupported encoding" + encoding);
}
for(unsigned c=0;c<256;c++) {
char ibuf[2] = { char(c) , 0 };
char *in = ibuf;
size_t insize =2;
uint32_t obuf[2] = {illegal,illegal};
char *out = reinterpret_cast<char *>(obuf);
size_t outsize = 8;
Reported by FlawFinder.
Line: 134
Column: 13
CWE codes:
362
else if(begin+1 == end)
return incomplete;
open(to_utf_,utf32_encoding(),encoding_.c_str());
// maybe illegal or may be double byte
char inseq[3] = { static_cast<char>(seq0) , begin[1], 0};
char *inbuf = inseq;
Reported by FlawFinder.
Line: 138
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// maybe illegal or may be double byte
char inseq[3] = { static_cast<char>(seq0) , begin[1], 0};
char *inbuf = inseq;
size_t insize = 3;
uint32_t result[2] = { illegal, illegal };
size_t outsize = 8;
char *outbuf = reinterpret_cast<char*>(result);
Reported by FlawFinder.
Line: 164
Column: 13
CWE codes:
362
}
}
open(from_utf_,encoding_.c_str(),utf32_encoding());
uint32_t codepoints[2] = {cp,0};
char *inbuf = reinterpret_cast<char *>(codepoints);
size_t insize = sizeof(codepoints);
char outseq[3] = {0};
Reported by FlawFinder.
Line: 169
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint32_t codepoints[2] = {cp,0};
char *inbuf = reinterpret_cast<char *>(codepoints);
size_t insize = sizeof(codepoints);
char outseq[3] = {0};
char *outbuf = outseq;
size_t outsize = 3;
call_iconv(from_utf_,&inbuf,&insize,&outbuf,&outsize);
Reported by FlawFinder.
Line: 186
Column: 14
CWE codes:
362
return len;
}
void open(iconv_t &d,char const *to,char const *from)
{
if(d!=(iconv_t)(-1))
return;
d=iconv_open(to,from);
}
Reported by FlawFinder.
src/third_party/wiredtiger/test/fops/t.c
6 issues
Line: 40
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static FILE *logfp; /* Log file */
static char home[512];
static int handle_error(WT_EVENT_HANDLER *, WT_SESSION *, int, const char *);
static int handle_message(WT_EVENT_HANDLER *, WT_SESSION *, const char *);
static void onint(int) WT_GCC_FUNC_DECL_ATTRIBUTE((noreturn));
static void shutdown(void);
Reported by FlawFinder.
Line: 88
Column: 26
CWE codes:
362
working_dir = __wt_optarg;
break;
case 'l': /* log */
if ((logfp = fopen(__wt_optarg, "w")) == NULL) {
fprintf(stderr, "%s: %s\n", __wt_optarg, strerror(errno));
return (EXIT_FAILURE);
}
break;
case 'n': /* operations */
Reported by FlawFinder.
Line: 94
Column: 27
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
break;
case 'n': /* operations */
nops = (u_int)atoi(__wt_optarg);
break;
case 'r': /* runs */
runs = atoi(__wt_optarg);
break;
case 't':
Reported by FlawFinder.
Line: 97
Column: 20
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
nops = (u_int)atoi(__wt_optarg);
break;
case 'r': /* runs */
runs = atoi(__wt_optarg);
break;
case 't':
nthreads = (u_int)atoi(__wt_optarg);
break;
case 'x':
Reported by FlawFinder.
Line: 100
Column: 31
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
runs = atoi(__wt_optarg);
break;
case 't':
nthreads = (u_int)atoi(__wt_optarg);
break;
case 'x':
use_txn = true;
break;
default:
Reported by FlawFinder.
Line: 149
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static WT_EVENT_HANDLER event_handler = {
handle_error, handle_message, NULL, NULL /* Close handler. */
};
char config_buf[128];
testutil_make_work_dir(home);
testutil_check(__wt_snprintf(config_buf, sizeof(config_buf),
"create,error_prefix=\"%s\",cache_size=5MB%s%s,operation_tracking=(enabled=false)", progname,
Reported by FlawFinder.