The following issues were found
src/third_party/wiredtiger/test/csuite/wt3338_partial_update/main.c
6 issues
Line: 48
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* of the buffer.
*/
#define MAX_REPL_BYTES 17
static char modify_repl[MAX_REPL_BYTES * 2]; /* Replacement bytes */
static WT_RAND_STATE rnd; /* RNG state */
/*
* show --
Reported by FlawFinder.
Line: 108
Column: 42
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < nentries; ++i)
printf("%d: {%.*s} %" WT_SIZET_FMT " bytes replacing %" WT_SIZET_FMT
" bytes @ %" WT_SIZET_FMT "\n",
i, (int)entries[i].data.size, (char *)entries[i].data.data, entries[i].data.size,
entries[i].size, entries[i].offset);
#endif
}
/*
Reported by FlawFinder.
Line: 158
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < nentries; ++i) {
/* Take leading bytes from the original, plus any gap bytes. */
if (entries[i].offset >= ta->size) {
memcpy(tb->mem, ta->mem, ta->size);
if (entries[i].offset > ta->size)
memset((uint8_t *)tb->mem + ta->size, '\0', entries[i].offset - ta->size);
} else if (entries[i].offset > 0)
memcpy(tb->mem, ta->mem, entries[i].offset);
tb->size = entries[i].offset;
Reported by FlawFinder.
Line: 162
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (entries[i].offset > ta->size)
memset((uint8_t *)tb->mem + ta->size, '\0', entries[i].offset - ta->size);
} else if (entries[i].offset > 0)
memcpy(tb->mem, ta->mem, entries[i].offset);
tb->size = entries[i].offset;
/* Take replacement bytes. */
if (entries[i].data.size > 0) {
memcpy((uint8_t *)tb->mem + tb->size, entries[i].data.data, entries[i].data.size);
Reported by FlawFinder.
Line: 167
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Take replacement bytes. */
if (entries[i].data.size > 0) {
memcpy((uint8_t *)tb->mem + tb->size, entries[i].data.data, entries[i].data.size);
tb->size += entries[i].data.size;
}
/* Take trailing bytes from the original. */
len = entries[i].offset + entries[i].size;
Reported by FlawFinder.
Line: 174
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Take trailing bytes from the original. */
len = entries[i].offset + entries[i].size;
if (ta->size > len) {
memcpy((uint8_t *)tb->mem + tb->size, (uint8_t *)ta->mem + len, ta->size - len);
tb->size += ta->size - len;
}
testutil_assert(tb->size <= size);
/* Swap the buffers and do it again. */
Reported by FlawFinder.
src/third_party/boost/boost/fusion/sequence/io/detail/in.hpp
6 issues
Line: 31
Column: 9
CWE codes:
120
20
// read a delimiter
template <typename IS>
static void
read(IS& is, char const* delim, mpl::false_ = mpl::false_())
{
detail::string_ios_manip<Tag, IS> manip(is);
manip.read(delim);
}
Reported by FlawFinder.
Line: 34
Column: 19
CWE codes:
120
20
read(IS& is, char const* delim, mpl::false_ = mpl::false_())
{
detail::string_ios_manip<Tag, IS> manip(is);
manip.read(delim);
}
template <typename IS>
static void
read(IS&, char const*, mpl::true_)
Reported by FlawFinder.
Line: 63
Column: 48
CWE codes:
120
20
is_last;
is >> *first;
delimiter_in<tuple_delimiter_tag>::read(is, " ", is_last);
call(is, fusion::next(first), last, is_last);
}
template <typename IS, typename First, typename Last>
static void
Reported by FlawFinder.
Line: 80
Column: 39
CWE codes:
120
20
inline void
read_sequence(IS& is, Sequence& seq)
{
delimiter_in<tuple_open_tag>::read(is, "(");
read_sequence_loop::call(is, fusion::begin(seq), fusion::end(seq));
delimiter_in<tuple_close_tag>::read(is, ")");
}
}}}
Reported by FlawFinder.
Line: 82
Column: 40
CWE codes:
120
20
{
delimiter_in<tuple_open_tag>::read(is, "(");
read_sequence_loop::call(is, fusion::begin(seq), fusion::end(seq));
delimiter_in<tuple_close_tag>::read(is, ")");
}
}}}
#endif
Reported by FlawFinder.
src/third_party/wiredtiger/test/csuite/scope/main.c
6 issues
Line: 59
Column: 13
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (recno) \
cursor->set_key(cursor, (uint64_t)1); \
else { \
strcpy(keybuf, KEY); \
cursor->set_key(cursor, keybuf); \
} \
} while (0)
#define SET_VALUE \
do { \
Reported by FlawFinder.
Line: 65
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
} while (0)
#define SET_VALUE \
do { \
strcpy(valuebuf, VALUE); \
if (vstring) \
cursor->set_value(cursor, valuebuf); \
else { \
vu.size = strlen(vu.data = valuebuf); \
cursor->set_value(cursor, &vu); \
Reported by FlawFinder.
Line: 143
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
WT_ITEM vu;
uint64_t keyr;
const char *key, *vs;
char keybuf[100], valuebuf[100];
int exact;
bool recno, rollback, vstring;
cursor = NULL;
for (op = ops; op->op != NULL; op++) {
Reported by FlawFinder.
Line: 69
Column: 23
CWE codes:
126
if (vstring) \
cursor->set_value(cursor, valuebuf); \
else { \
vu.size = strlen(vu.data = valuebuf); \
cursor->set_value(cursor, &vu); \
} \
} while (0)
static void
Reported by FlawFinder.
Line: 326
Column: 44
CWE codes:
126
} else {
testutil_assert(cursor->get_value(cursor, &vu) == 0);
testutil_assert(vu.data != valuebuf);
testutil_assert(vu.size == strlen(VALUE));
testutil_assert(memcmp(vu.data, VALUE, strlen(VALUE)) == 0);
}
break;
}
Reported by FlawFinder.
Line: 327
Column: 56
CWE codes:
126
testutil_assert(cursor->get_value(cursor, &vu) == 0);
testutil_assert(vu.data != valuebuf);
testutil_assert(vu.size == strlen(VALUE));
testutil_assert(memcmp(vu.data, VALUE, strlen(VALUE)) == 0);
}
break;
}
if (rollback)
Reported by FlawFinder.
src/third_party/scons-3.1.2/scons-local-3.1.2/SCons/Tool/mssdk.py
6 issues
Line: 36
Column: 1
selection method.
"""
from .MSCommon import mssdk_exists, \
mssdk_setup_env
def generate(env):
"""Add construction variables for an MS SDK to an Environment."""
mssdk_setup_env(env)
Reported by Pylint.
Line: 43
Column: 12
"""Add construction variables for an MS SDK to an Environment."""
mssdk_setup_env(env)
def exists(env):
return mssdk_exists()
# Local Variables:
# tab-width:4
# indent-tabs-mode:nil
Reported by Pylint.
Line: 1
Column: 1
#
# Copyright (c) 2001 - 2019 The SCons Foundation
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
Reported by Pylint.
Line: 24
Column: 1
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
__revision__ = "src/engine/SCons/Tool/mssdk.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"
"""engine.SCons.Tool.mssdk
Tool-specific initialization for Microsoft SDKs, both Platform
SDKs and Windows SDKs.
Reported by Pylint.
Line: 36
Column: 1
selection method.
"""
from .MSCommon import mssdk_exists, \
mssdk_setup_env
def generate(env):
"""Add construction variables for an MS SDK to an Environment."""
mssdk_setup_env(env)
Reported by Pylint.
Line: 43
Column: 1
"""Add construction variables for an MS SDK to an Environment."""
mssdk_setup_env(env)
def exists(env):
return mssdk_exists()
# Local Variables:
# tab-width:4
# indent-tabs-mode:nil
Reported by Pylint.
src/third_party/boost/boost/date_time/posix_time/posix_time_io.hpp
6 issues
Line: 95
Column: 20
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
// if the user wants exceptions on failbit, we'll rethrow our
// date_time exception & set the failbit
if(std::ios_base::failbit & exception_mask) {
try { is.setstate(std::ios_base::failbit); }
catch(std::ios_base::failure&) {} // ignore this one
throw; // rethrow original exception
}
else {
// if the user want's to fail quietly, we simply set the failbit
Reported by FlawFinder.
Line: 101
Column: 14
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
else {
// if the user want's to fail quietly, we simply set the failbit
is.setstate(std::ios_base::failbit);
}
}
}
return is;
}
Reported by FlawFinder.
Line: 159
Column: 20
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
catch(...) {
std::ios_base::iostate exception_mask = is.exceptions();
if(std::ios_base::failbit & exception_mask) {
try { is.setstate(std::ios_base::failbit); }
catch(std::ios_base::failure&) {}
throw; // rethrow original exception
}
else {
is.setstate(std::ios_base::failbit);
Reported by FlawFinder.
Line: 164
Column: 14
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
throw; // rethrow original exception
}
else {
is.setstate(std::ios_base::failbit);
}
}
}
return is;
}
Reported by FlawFinder.
Line: 223
Column: 20
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
catch(...) {
std::ios_base::iostate exception_mask = is.exceptions();
if(std::ios_base::failbit & exception_mask) {
try { is.setstate(std::ios_base::failbit); }
catch(std::ios_base::failure&) {}
throw; // rethrow original exception
}
else {
is.setstate(std::ios_base::failbit);
Reported by FlawFinder.
Line: 228
Column: 14
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
throw; // rethrow original exception
}
else {
is.setstate(std::ios_base::failbit);
}
}
}
return is;
}
Reported by FlawFinder.
src/third_party/wiredtiger/test/bloom/test_bloom.c
6 issues
Line: 77
Column: 32
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
while ((ch = __wt_getopt(progname, argc, argv, "c:f:k:o:")) != EOF)
switch (ch) {
case 'c': /* Cache size */
g.c_cache = (u_int)atoi(__wt_optarg);
break;
case 'f': /* Factor */
g.c_factor = (u_int)atoi(__wt_optarg);
break;
case 'k': /* Number of hash functions */
Reported by FlawFinder.
Line: 80
Column: 33
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
g.c_cache = (u_int)atoi(__wt_optarg);
break;
case 'f': /* Factor */
g.c_factor = (u_int)atoi(__wt_optarg);
break;
case 'k': /* Number of hash functions */
g.c_k = (u_int)atoi(__wt_optarg);
break;
case 'o': /* Number of ops */
Reported by FlawFinder.
Line: 83
Column: 28
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
g.c_factor = (u_int)atoi(__wt_optarg);
break;
case 'k': /* Number of hash functions */
g.c_k = (u_int)atoi(__wt_optarg);
break;
case 'o': /* Number of ops */
g.c_ops = (u_int)atoi(__wt_optarg);
break;
default:
Reported by FlawFinder.
Line: 86
Column: 30
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
g.c_k = (u_int)atoi(__wt_optarg);
break;
case 'o': /* Number of ops */
g.c_ops = (u_int)atoi(__wt_optarg);
break;
default:
usage();
}
Reported by FlawFinder.
Line: 108
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
WT_CONNECTION *conn;
WT_SESSION *session;
char config[512];
static char home[HOME_SIZE]; /* Base home directory */
testutil_work_dir_from_path(home, HOME_SIZE, "WT_TEST");
/* Clean the test directory if it already exists. */
Reported by FlawFinder.
Line: 109
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
WT_CONNECTION *conn;
WT_SESSION *session;
char config[512];
static char home[HOME_SIZE]; /* Base home directory */
testutil_work_dir_from_path(home, HOME_SIZE, "WT_TEST");
/* Clean the test directory if it already exists. */
testutil_clean_work_dir(home);
Reported by FlawFinder.
src/third_party/benchmark/dist/src/timers.cc
6 issues
Line: 20
Column: 8
CWE codes:
120
#ifdef BENCHMARK_OS_WINDOWS
#include <shlwapi.h>
#undef StrCat // Don't let StrCat in string_util.h be renamed to lstrcatA
#include <versionhelpers.h>
#include <windows.h>
#else
#include <fcntl.h>
#ifndef BENCHMARK_OS_FUCHSIA
Reported by FlawFinder.
Line: 177
Column: 51
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
if (clock_gettime(CLOCK_THREAD_CPUTIME_ID, &ts) == 0) return MakeTime(ts);
DiagnoseAndExit("clock_gettime(CLOCK_THREAD_CPUTIME_ID, ...) failed");
#else
#error Per-thread timing is not available on your system.
#endif
}
std::string LocalDateTimeString() {
// Write the local time in RFC3339 format yyyy-mm-ddTHH:MM:SS+/-HH:MM.
Reported by FlawFinder.
Line: 193
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long int offset_minutes;
char tz_offset_sign = '+';
// Long enough buffers to avoid format-overflow warnings
char tz_offset[128];
char storage[128];
#if defined(BENCHMARK_OS_WINDOWS)
std::tm *timeinfo_p = ::localtime(&now);
#else
Reported by FlawFinder.
Line: 194
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char tz_offset_sign = '+';
// Long enough buffers to avoid format-overflow warnings
char tz_offset[128];
char storage[128];
#if defined(BENCHMARK_OS_WINDOWS)
std::tm *timeinfo_p = ::localtime(&now);
#else
std::tm timeinfo;
Reported by FlawFinder.
Line: 231
Column: 5
CWE codes:
120
::gmtime_r(&now, &timeinfo);
#endif
strncpy(tz_offset, "-00:00", kTzOffsetLen + 1);
}
timestamp_len = std::strftime(storage, sizeof(storage), "%Y-%m-%dT%H:%M:%S",
timeinfo_p);
CHECK(timestamp_len == kTimestampLen);
Reported by FlawFinder.
Line: 240
Column: 8
CWE codes:
120
Suggestion:
Consider strcat_s, strlcat, snprintf, or automatically resizing strings
// Prevent unused variable warning in optimized build.
((void)kTimestampLen);
std::strncat(storage, tz_offset, sizeof(storage) - timestamp_len - 1);
return std::string(storage);
}
} // end namespace benchmark
Reported by FlawFinder.
src/third_party/asio-master/asio/include/asio/serial_port.hpp
6 issues
Line: 111
Column: 25
CWE codes:
362
: basic_io_object<ASIO_SVC_T>(io_context)
{
asio::error_code ec;
this->get_service().open(this->get_implementation(), device, ec);
asio::detail::throw_error(ec, "open");
}
/// Construct and open a serial_port.
/**
Reported by FlawFinder.
Line: 131
Column: 25
CWE codes:
362
: basic_io_object<ASIO_SVC_T>(io_context)
{
asio::error_code ec;
this->get_service().open(this->get_implementation(), device, ec);
asio::detail::throw_error(ec, "open");
}
/// Construct a serial_port on an existing native serial port.
/**
Reported by FlawFinder.
Line: 272
Column: 8
CWE codes:
362
*
* @throws asio::system_error Thrown on failure.
*/
void open(const std::string& device)
{
asio::error_code ec;
this->get_service().open(this->get_implementation(), device, ec);
asio::detail::throw_error(ec, "open");
}
Reported by FlawFinder.
Line: 275
Column: 25
CWE codes:
362
void open(const std::string& device)
{
asio::error_code ec;
this->get_service().open(this->get_implementation(), device, ec);
asio::detail::throw_error(ec, "open");
}
/// Open the serial port using the specified device name.
/**
Reported by FlawFinder.
Line: 288
Column: 21
CWE codes:
362
*
* @param ec Set the indicate what error occurred, if any.
*/
ASIO_SYNC_OP_VOID open(const std::string& device,
asio::error_code& ec)
{
this->get_service().open(this->get_implementation(), device, ec);
ASIO_SYNC_OP_VOID_RETURN(ec);
}
Reported by FlawFinder.
Line: 291
Column: 25
CWE codes:
362
ASIO_SYNC_OP_VOID open(const std::string& device,
asio::error_code& ec)
{
this->get_service().open(this->get_implementation(), device, ec);
ASIO_SYNC_OP_VOID_RETURN(ec);
}
/// Assign an existing native serial port to the serial port.
/*
Reported by FlawFinder.
src/third_party/asio-master/asio/include/asio/basic_socket_acceptor.hpp
6 issues
Line: 125
Column: 25
CWE codes:
362
: basic_io_object<ASIO_SVC_T>(io_context)
{
asio::error_code ec;
this->get_service().open(this->get_implementation(), protocol, ec);
asio::detail::throw_error(ec, "open");
}
/// Construct an acceptor opened on the given endpoint.
/**
Reported by FlawFinder.
Line: 162
Column: 25
CWE codes:
362
{
asio::error_code ec;
const protocol_type protocol = endpoint.protocol();
this->get_service().open(this->get_implementation(), protocol, ec);
asio::detail::throw_error(ec, "open");
if (reuse_addr)
{
this->get_service().set_option(this->get_implementation(),
socket_base::reuse_address(true), ec);
Reported by FlawFinder.
Line: 345
Column: 8
CWE codes:
362
* acceptor.open(asio::ip::tcp::v4());
* @endcode
*/
void open(const protocol_type& protocol = protocol_type())
{
asio::error_code ec;
this->get_service().open(this->get_implementation(), protocol, ec);
asio::detail::throw_error(ec, "open");
}
Reported by FlawFinder.
Line: 348
Column: 25
CWE codes:
362
void open(const protocol_type& protocol = protocol_type())
{
asio::error_code ec;
this->get_service().open(this->get_implementation(), protocol, ec);
asio::detail::throw_error(ec, "open");
}
/// Open the acceptor using the specified protocol.
/**
Reported by FlawFinder.
Line: 372
Column: 21
CWE codes:
362
* }
* @endcode
*/
ASIO_SYNC_OP_VOID open(const protocol_type& protocol,
asio::error_code& ec)
{
this->get_service().open(this->get_implementation(), protocol, ec);
ASIO_SYNC_OP_VOID_RETURN(ec);
}
Reported by FlawFinder.
Line: 375
Column: 25
CWE codes:
362
ASIO_SYNC_OP_VOID open(const protocol_type& protocol,
asio::error_code& ec)
{
this->get_service().open(this->get_implementation(), protocol, ec);
ASIO_SYNC_OP_VOID_RETURN(ec);
}
/// Assigns an existing native acceptor to the acceptor.
/*
Reported by FlawFinder.
src/third_party/asio-master/asio/include/asio/basic_serial_port.hpp
6 issues
Line: 87
Column: 25
CWE codes:
362
: basic_io_object<SerialPortService>(io_context)
{
asio::error_code ec;
this->get_service().open(this->get_implementation(), device, ec);
asio::detail::throw_error(ec, "open");
}
/// Construct and open a basic_serial_port.
/**
Reported by FlawFinder.
Line: 107
Column: 25
CWE codes:
362
: basic_io_object<SerialPortService>(io_context)
{
asio::error_code ec;
this->get_service().open(this->get_implementation(), device, ec);
asio::detail::throw_error(ec, "open");
}
/// Construct a basic_serial_port on an existing native serial port.
/**
Reported by FlawFinder.
Line: 204
Column: 8
CWE codes:
362
*
* @throws asio::system_error Thrown on failure.
*/
void open(const std::string& device)
{
asio::error_code ec;
this->get_service().open(this->get_implementation(), device, ec);
asio::detail::throw_error(ec, "open");
}
Reported by FlawFinder.
Line: 207
Column: 25
CWE codes:
362
void open(const std::string& device)
{
asio::error_code ec;
this->get_service().open(this->get_implementation(), device, ec);
asio::detail::throw_error(ec, "open");
}
/// Open the serial port using the specified device name.
/**
Reported by FlawFinder.
Line: 220
Column: 21
CWE codes:
362
*
* @param ec Set the indicate what error occurred, if any.
*/
ASIO_SYNC_OP_VOID open(const std::string& device,
asio::error_code& ec)
{
this->get_service().open(this->get_implementation(), device, ec);
ASIO_SYNC_OP_VOID_RETURN(ec);
}
Reported by FlawFinder.
Line: 223
Column: 25
CWE codes:
362
ASIO_SYNC_OP_VOID open(const std::string& device,
asio::error_code& ec)
{
this->get_service().open(this->get_implementation(), device, ec);
ASIO_SYNC_OP_VOID_RETURN(ec);
}
/// Assign an existing native serial port to the serial port.
/*
Reported by FlawFinder.