The following issues were found
src/third_party/wiredtiger/src/utilities/util_load_json.c
5 issues
Line: 218
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t gotnolen, keystrlen;
uint64_t gotno, recno;
int nfield, nkeys, toktype, tret;
char config[64], *endp, *uri;
const char *keyformat;
bool isrec;
cursor = NULL;
uri = NULL;
Reported by FlawFinder.
Line: 53
Column: 27
CWE codes:
126
static int json_top_level(WT_SESSION *, JSON_INPUT_STATE *, uint32_t);
#define JSON_STRING_MATCH(ins, match) \
((ins)->toklen - 2 == strlen(match) && \
strncmp((ins)->tokstart + 1, (match), (ins)->toklen - 2) == 0)
#define JSON_INPUT_POS(ins) ((size_t)((ins)->p - (const char *)(ins)->line.mem))
#define JSON_EXPECT(session, ins, tok) \
Reported by FlawFinder.
Line: 149
Column: 20
CWE codes:
126
char *tmp;
if (len > 0) {
needsize = strlen(ins->kvraw) + len + 2;
if ((tmp = malloc(needsize)) == NULL)
return (util_err(session, errno, NULL));
WT_ERR(__wt_snprintf(tmp, needsize, "%s %.*s", ins->kvraw, (int)len, str));
free(ins->kvraw);
ins->kvraw = tmp;
Reported by FlawFinder.
Line: 288
Column: 29
CWE codes:
126
curpos - ins->kvrawstart)) != 0)
goto err;
ins->kvrawstart = curpos;
keystrlen = strlen(ins->kvraw);
}
if (json_peek(session, ins) != ',')
break;
JSON_EXPECT(session, ins, ',');
if (json_peek(session, ins) != 's')
Reported by FlawFinder.
Line: 472
Column: 23
CWE codes:
126
break;
if (ins->kvraw != NULL) {
if (json_kvraw_append(session, ins, (char *)ins->line.mem + ins->kvrawstart,
strlen(ins->line.mem) - ins->kvrawstart)) {
ret = -1;
goto err;
}
ins->kvrawstart = 0;
}
Reported by FlawFinder.
src/mongo/bson/util/builder.h
5 issues
Line: 688
Column: 17
CWE codes:
134
Suggestion:
Use a constant for the format specification
template <typename T>
StringBuilderImpl& SBNUM(T val, int maxSize, const char* macro) {
int prev = _buf.l;
int z = snprintf(_buf.grow(maxSize), maxSize, macro, (val));
verify(z >= 0);
verify(z < maxSize);
_buf.l = prev + z;
return *this;
}
Reported by FlawFinder.
Line: 248
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (_ptr == _buf) {
if (sz > SZ) {
_ptr = mongoMalloc(sz);
memcpy(_ptr, _buf, SZ);
_capacity = sz;
} else {
_capacity = SZ;
}
} else {
Reported by FlawFinder.
Line: 275
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
private:
char _buf[SZ];
size_t _capacity = SZ;
void* _ptr = _buf;
};
Reported by FlawFinder.
Line: 377
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
void appendBuf(const void* src, size_t len) {
if (len)
memcpy(grow((int)len), src, len);
}
template <class T>
void appendStruct(const T& s) {
appendBuf(&s, sizeof(T));
Reported by FlawFinder.
Line: 631
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
void write(const char* buf, int len) {
memcpy(_buf.grow(len), buf, len);
}
void append(StringData str) {
str.copyTo(_buf.grow(str.size()), false);
}
Reported by FlawFinder.
src/third_party/wiredtiger/src/support/scratch.c
5 issues
Line: 82
Column: 33
CWE codes:
134
Suggestion:
Use a constant for the format specification
*/
int
__wt_buf_fmt(WT_SESSION_IMPL *session, WT_ITEM *buf, const char *fmt, ...)
WT_GCC_FUNC_ATTRIBUTE((format(printf, 3, 4))) WT_GCC_FUNC_ATTRIBUTE((visibility("default")))
{
WT_DECL_RET;
WT_VA_ARGS_BUF_FORMAT(session, buf, fmt, false);
Reported by FlawFinder.
Line: 98
Column: 33
CWE codes:
134
Suggestion:
Use a constant for the format specification
*/
int
__wt_buf_catfmt(WT_SESSION_IMPL *session, WT_ITEM *buf, const char *fmt, ...)
WT_GCC_FUNC_ATTRIBUTE((format(printf, 3, 4))) WT_GCC_FUNC_ATTRIBUTE((visibility("default")))
{
WT_DECL_RET;
/*
* If we're appending data to an existing buffer, any data field should point into the allocated
Reported by FlawFinder.
Line: 68
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* which is harder to debug than this assert.
*/
WT_ASSERT(session, buf->size <= buf->memsize);
memcpy(buf->mem, buf->data, buf->size);
}
buf->data = (uint8_t *)buf->mem + offset;
}
return (0);
Reported by FlawFinder.
Line: 132
Column: 21
CWE codes:
126
if (ret != 0) {
buf->data = "[Error]";
buf->size = strlen("[Error]");
}
return (buf->data);
}
/*
Reported by FlawFinder.
Line: 246
Column: 21
CWE codes:
126
if (ret != 0) {
buf->data = "[Error]";
buf->size = strlen("[Error]");
}
return (buf->data);
}
/*
Reported by FlawFinder.
src/third_party/wiredtiger/src/tiered/tiered_handle.c
5 issues
Line: 104
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
WT_DECL_ITEM(build);
WT_DECL_RET;
WT_TIERED_TIERS *this_tier;
const char *cfg[4] = {NULL, NULL, NULL, NULL};
const char *config, *name;
config = name = NULL;
/* If this ever can be multi-threaded, this would need to be atomic. */
Reported by FlawFinder.
Line: 173
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__tiered_create_object(WT_SESSION_IMPL *session, WT_TIERED *tiered)
{
WT_DECL_RET;
const char *cfg[4] = {NULL, NULL, NULL, NULL};
const char *config, *name, *orig_name;
config = name = NULL;
config = name = orig_name = NULL;
orig_name = tiered->tiers[WT_TIERED_INDEX_LOCAL].name;
Reported by FlawFinder.
Line: 220
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
WT_DECL_ITEM(tmp);
WT_DECL_RET;
WT_TIERED_TIERS *this_tier;
const char *cfg[4] = {NULL, NULL, NULL, NULL};
const char *config, *name;
config = name = NULL;
WT_RET(__wt_scr_alloc(session, 0, &tmp));
Reported by FlawFinder.
Line: 328
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
WT_DATA_HANDLE *dhandle;
WT_DECL_ITEM(tmp);
WT_DECL_RET;
const char *cfg[4] = {NULL, NULL, NULL, NULL};
const char *newconfig;
dhandle = &tiered->iface;
newconfig = NULL;
WT_RET(__wt_scr_alloc(session, 0, &tmp));
Reported by FlawFinder.
Line: 668
Column: 43
CWE codes:
126
/*
* NOTE: Here we do anything we need to do to open or access each shared object.
*/
if (!WT_STRING_MATCH(key, object, strlen(object)))
continue;
__wt_verbose(
session, WT_VERB_TIERED, "TIERED_TREE_OPEN: metadata for %s: %s", object, value);
}
err:
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/builtin/intl/Collator.cpp
5 issues
Line: 313
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char* newLocale = cx->pod_malloc<char>(localeLen + insertLen + 1);
if (!newLocale)
return nullptr;
memcpy(newLocale, oldLocale, index);
memcpy(newLocale + index, insert, insertLen);
memcpy(newLocale + index + insertLen, oldLocale + index, localeLen - index + 1); // '\0'
locale.clear();
locale.initBytes(JS::UniqueChars(newLocale));
} else {
Reported by FlawFinder.
Line: 314
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!newLocale)
return nullptr;
memcpy(newLocale, oldLocale, index);
memcpy(newLocale + index, insert, insertLen);
memcpy(newLocale + index + insertLen, oldLocale + index, localeLen - index + 1); // '\0'
locale.clear();
locale.initBytes(JS::UniqueChars(newLocale));
} else {
MOZ_ASSERT(StringEqualsAscii(usage, "sort"));
Reported by FlawFinder.
Line: 315
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return nullptr;
memcpy(newLocale, oldLocale, index);
memcpy(newLocale + index, insert, insertLen);
memcpy(newLocale + index + insertLen, oldLocale + index, localeLen - index + 1); // '\0'
locale.clear();
locale.initBytes(JS::UniqueChars(newLocale));
} else {
MOZ_ASSERT(StringEqualsAscii(usage, "sort"));
}
Reported by FlawFinder.
Line: 296
Column: 32
CWE codes:
126
const char* oldLocale = locale.ptr();
const char* p;
size_t index;
size_t localeLen = strlen(oldLocale);
if ((p = strstr(oldLocale, "-x-")))
index = p - oldLocale;
else
index = localeLen;
Reported by FlawFinder.
Line: 309
Column: 32
CWE codes:
126
} else {
insert = "-u-co-search";
}
size_t insertLen = strlen(insert);
char* newLocale = cx->pod_malloc<char>(localeLen + insertLen + 1);
if (!newLocale)
return nullptr;
memcpy(newLocale, oldLocale, index);
memcpy(newLocale + index, insert, insertLen);
Reported by FlawFinder.
buildscripts/linter/yapf.py
5 issues
Line: 5
Column: 1
from typing import List
from . import base
class YapfLinter(base.LinterBase):
"""Yapf linter."""
Reported by Pylint.
Line: 16
Column: 5
"""Create a yapf linter."""
super(YapfLinter, self).__init__("yapf", "0.26.0")
def get_lint_version_cmd_args(self):
# type: () -> List[str]
"""Get the command to run a linter version check."""
return ["--version"]
def needs_file_diff(self):
Reported by Pylint.
Line: 21
Column: 5
"""Get the command to run a linter version check."""
return ["--version"]
def needs_file_diff(self):
# type: () -> bool
"""See comment in base class."""
return True
def get_lint_cmd_args(self, file_name):
Reported by Pylint.
Line: 26
Column: 5
"""See comment in base class."""
return True
def get_lint_cmd_args(self, file_name):
# type: (str) -> List[str]
"""Get the command to run a linter."""
return [file_name]
def get_fix_cmd_args(self, file_name):
Reported by Pylint.
Line: 31
Column: 5
"""Get the command to run a linter."""
return [file_name]
def get_fix_cmd_args(self, file_name):
# type: (str) -> List[str]
"""Get the command to run a linter fix."""
return ["-i", file_name]
Reported by Pylint.
src/third_party/wiredtiger/src/os_posix/os_fs.c
5 issues
Line: 128
Column: 29
CWE codes:
362
strrchr(dir, '/')[1] = '\0';
fd = 0; /* -Wconditional-uninitialized */
WT_SYSCALL_RETRY(((fd = open(dir, O_RDONLY | O_CLOEXEC, 0444)) == -1 ? -1 : 0), ret);
if (ret != 0)
WT_ERR_MSG(session, ret, "%s: directory-sync: open", dir);
ret = __posix_sync(session, fd, dir, "directory-sync");
Reported by FlawFinder.
Line: 466
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
mmap_success = false;
if (pfh->mmap_buf != NULL && pfh->mmap_size >= offset + (wt_off_t)len && !pfh->mmap_resizing) {
memcpy(buf, (void *)(pfh->mmap_buf + offset), len);
mmap_success = true;
WT_STAT_CONN_INCRV(session, block_byte_read_mmap, len);
}
/* Signal that we are done using the mapped buffer. */
Reported by FlawFinder.
Line: 653
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
mmap_success = false;
if (pfh->mmap_buf != NULL && pfh->mmap_size >= offset + (wt_off_t)len && !pfh->mmap_resizing) {
memcpy((void *)(pfh->mmap_buf + offset), buf, len);
mmap_success = true;
WT_STAT_CONN_INCRV(session, block_byte_write_mmap, len);
}
/* Signal that we are done using the mapped buffer. */
Reported by FlawFinder.
Line: 747
Column: 38
CWE codes:
362
*/
f |= O_CLOEXEC;
#endif
WT_SYSCALL_RETRY(((pfh->fd = open(name, f, 0444)) == -1 ? -1 : 0), ret);
if (ret != 0)
WT_ERR_MSG(session, ret, "%s: handle-open: open-directory", name);
WT_ERR(__posix_open_file_cloexec(session, pfh->fd, name));
goto directory_open;
}
Reported by FlawFinder.
Line: 799
Column: 34
CWE codes:
362
}
/* Create/Open the file. */
WT_SYSCALL_RETRY(((pfh->fd = open(name, f, mode)) == -1 ? -1 : 0), ret);
if (ret != 0)
WT_ERR_MSG(session, ret,
pfh->direct_io ? "%s: handle-open: open: failed with direct I/O configured, some "
"filesystem types do not support direct I/O" :
"%s: handle-open: open",
Reported by FlawFinder.
src/third_party/wiredtiger/src/txn/txn_recover.c
5 issues
Line: 397
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
WT_CONNECTION_IMPL *conn;
WT_SESSION_IMPL *session;
wt_timestamp_t ckpt_timestamp;
char ts_string[WT_TS_INT_STRING_SIZE];
session = r->session;
conn = S2C(session);
/*
* Read the system checkpoint information from the metadata file and save the stable timestamp
Reported by FlawFinder.
Line: 433
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
WT_CONNECTION_IMPL *conn;
WT_SESSION_IMPL *session;
wt_timestamp_t oldest_timestamp;
char ts_string[WT_TS_INT_STRING_SIZE];
session = r->session;
conn = S2C(session);
/*
* Read the system checkpoint information from the metadata file and save the oldest timestamp
Reported by FlawFinder.
Line: 771
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
WT_RECOVERY_FILE *metafile;
wt_off_t hs_size;
char *config;
char ts_string[2][WT_TS_INT_STRING_SIZE];
bool do_checkpoint, eviction_started, hs_exists, needs_rec, was_backup;
bool rts_executed;
conn = S2C(session);
WT_CLEAR(r);
Reported by FlawFinder.
Line: 115
Column: 60
CWE codes:
120
20
WT_DECL_RET;
WT_ITEM key, start_key, stop_key, value;
WT_SESSION_IMPL *session;
wt_timestamp_t commit, durable, first_commit, prepare, read;
uint64_t recno, start_recno, stop_recno, t_nsec, t_sec;
uint32_t fileid, mode, optype, opsize;
session = r->session;
cursor = NULL;
Reported by FlawFinder.
Line: 272
Column: 91
CWE codes:
120
20
* in the log record to the next operation, but otherwise ignore.
*/
WT_ERR(__wt_logop_txn_timestamp_unpack(
session, pp, end, &t_sec, &t_nsec, &commit, &durable, &first_commit, &prepare, &read));
break;
default:
WT_ERR(__wt_illegal_value(session, optype));
}
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/i18n/winnmfmt.cpp
5 issues
Line: 81
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void getNumberFormat(NUMBERFMTW *fmt, int32_t lcid)
{
char buf[10];
GetLocaleInfoW(lcid, LOCALE_RETURN_NUMBER|LOCALE_IDIGITS, (LPWSTR) &fmt->NumDigits, sizeof(UINT));
GetLocaleInfoW(lcid, LOCALE_RETURN_NUMBER|LOCALE_ILZERO, (LPWSTR) &fmt->LeadingZero, sizeof(UINT));
GetLocaleInfoA(lcid, LOCALE_SGROUPING, buf, 10);
Reported by FlawFinder.
Line: 108
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void getCurrencyFormat(CURRENCYFMTW *fmt, int32_t lcid)
{
char buf[10];
GetLocaleInfoW(lcid, LOCALE_RETURN_NUMBER|LOCALE_ICURRDIGITS, (LPWSTR) &fmt->NumDigits, sizeof(UINT));
GetLocaleInfoW(lcid, LOCALE_RETURN_NUMBER|LOCALE_ILZERO, (LPWSTR) &fmt->LeadingZero, sizeof(UINT));
GetLocaleInfoA(lcid, LOCALE_SMONGROUPING, buf, sizeof(buf));
Reported by FlawFinder.
Line: 146
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Resolve actual locale to be used later
UErrorCode tmpsts = U_ZERO_ERROR;
char tmpLocID[ULOC_FULLNAME_CAPACITY];
int32_t len = uloc_getLocaleForLCID(fLCID, tmpLocID, UPRV_LENGTHOF(tmpLocID) - 1, &tmpsts);
if (U_SUCCESS(tmpsts)) {
tmpLocID[len] = 0;
fLocale = Locale((const char*)tmpLocID);
}
Reported by FlawFinder.
Line: 247
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
UnicodeString &Win32NumberFormat::format(int32_t numDigits, UnicodeString &appendTo, const wchar_t *fmt, ...) const
{
wchar_t nStackBuffer[STACK_BUFFER_SIZE];
wchar_t *nBuffer = nStackBuffer;
va_list args;
int result;
nBuffer[0] = 0x0000;
Reported by FlawFinder.
Line: 344
Column: 39
CWE codes:
126
}
}
appendTo.append(buffer, (int32_t) wcslen(buffer));
if (buffer != stackBuffer) {
DELETE_ARRAY(buffer);
}
Reported by FlawFinder.
src/third_party/wiredtiger/src/cursor/cur_stat.c
5 issues
Line: 537
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/*
* Copy stats from the session to the cursor. Optionally clear the session's statistics.
*/
memcpy(&cst->u.session_stats, &session->stats, sizeof(WT_SESSION_STATS));
if (F_ISSET(cst, WT_STAT_CLEAR))
__wt_stat_session_clear_single(&session->stats);
cst->stats = (int64_t *)&cst->u.session_stats;
cst->stats_base = WT_SESSION_STATS_BASE;
Reported by FlawFinder.
Line: 492
Column: 30
CWE codes:
126
sgrp = &cst->u.join_stats_group;
session = CUR2S(sgrp->join_cursor);
WT_RET(__wt_stat_join_desc(cst, slot, &static_desc));
len = strlen("join: ") + strlen(sgrp->desc_prefix) + strlen(static_desc) + 1;
WT_RET(__wt_realloc(session, NULL, len, &cst->desc_buf));
WT_RET(__wt_snprintf(cst->desc_buf, len, "join: %s%s", sgrp->desc_prefix, static_desc));
*resultp = cst->desc_buf;
return (0);
}
Reported by FlawFinder.
Line: 492
Column: 11
CWE codes:
126
sgrp = &cst->u.join_stats_group;
session = CUR2S(sgrp->join_cursor);
WT_RET(__wt_stat_join_desc(cst, slot, &static_desc));
len = strlen("join: ") + strlen(sgrp->desc_prefix) + strlen(static_desc) + 1;
WT_RET(__wt_realloc(session, NULL, len, &cst->desc_buf));
WT_RET(__wt_snprintf(cst->desc_buf, len, "join: %s%s", sgrp->desc_prefix, static_desc));
*resultp = cst->desc_buf;
return (0);
}
Reported by FlawFinder.
Line: 492
Column: 58
CWE codes:
126
sgrp = &cst->u.join_stats_group;
session = CUR2S(sgrp->join_cursor);
WT_RET(__wt_stat_join_desc(cst, slot, &static_desc));
len = strlen("join: ") + strlen(sgrp->desc_prefix) + strlen(static_desc) + 1;
WT_RET(__wt_realloc(session, NULL, len, &cst->desc_buf));
WT_RET(__wt_snprintf(cst->desc_buf, len, "join: %s%s", sgrp->desc_prefix, static_desc));
*resultp = cst->desc_buf;
return (0);
}
Reported by FlawFinder.
Line: 562
Column: 22
CWE codes:
126
return (0);
}
dsrc_uri = uri + strlen("statistics:");
if (strcmp(dsrc_uri, "join") == 0)
WT_RET(__curstat_join_init(session, curjoin, cfg, cst));
else if (strcmp(dsrc_uri, "session") == 0) {
__curstat_session_init(session, cst);
Reported by FlawFinder.