The following issues were found
src/third_party/icu4c-57.1/source/common/ucnv_u32.c
5 issues
Line: 220
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const unsigned char *targetLimit = (unsigned char *) args->targetLimit;
UChar32 ch, ch2;
unsigned int indexToWrite;
unsigned char temp[sizeof(uint32_t)];
if(mySource >= sourceLimit) {
/* no input, nothing to do */
return;
}
Reported by FlawFinder.
Line: 323
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
UChar32 ch, ch2;
int32_t offsetNum = 0;
unsigned int indexToWrite;
unsigned char temp[sizeof(uint32_t)];
if(mySource >= sourceLimit) {
/* no input, nothing to do */
return;
}
Reported by FlawFinder.
Line: 695
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const unsigned char *targetLimit = (unsigned char *) args->targetLimit;
UChar32 ch, ch2;
unsigned int indexToWrite;
unsigned char temp[sizeof(uint32_t)];
if(mySource >= sourceLimit) {
/* no input, nothing to do */
return;
}
Reported by FlawFinder.
Line: 805
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const unsigned char *targetLimit = (unsigned char *) args->targetLimit;
UChar32 ch, ch2;
unsigned int indexToWrite;
unsigned char temp[sizeof(uint32_t)];
int32_t offsetNum = 0;
if(mySource >= sourceLimit) {
/* no input, nothing to do */
return;
Reported by FlawFinder.
Line: 1036
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
_UTF32Reset(cnv, UCNV_RESET_BOTH);
}
static const char utf32BOM[8]={ 0, 0, (char)0xfe, (char)0xff, (char)0xff, (char)0xfe, 0, 0 };
static void
_UTF32ToUnicodeWithOffsets(UConverterToUnicodeArgs *pArgs,
UErrorCode *pErrorCode) {
UConverter *cnv=pArgs->converter;
Reported by FlawFinder.
src/third_party/wiredtiger/src/btree/bt_io.c
5 issues
Line: 94
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* markers in the stream to signal the end of the compressed bytes. Those engines must store
* the compressed byte length somehow, see the snappy compression extension for an example.
*/
memcpy(buf->mem, ip->data, WT_BLOCK_COMPRESS_SKIP);
ret = btree->compressor->decompress(btree->compressor, &session->iface,
(uint8_t *)ip->data + WT_BLOCK_COMPRESS_SKIP, tmp->size - WT_BLOCK_COMPRESS_SKIP,
(uint8_t *)buf->mem + WT_BLOCK_COMPRESS_SKIP, dsk->mem_size - WT_BLOCK_COMPRESS_SKIP,
&result_len);
Reported by FlawFinder.
Line: 197
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (compressed) {
WT_ERR(__wt_scr_alloc(session, dsk->mem_size, &ctmp));
memcpy(ctmp->mem, buf->data, WT_BLOCK_COMPRESS_SKIP);
WT_ERR(btree->compressor->decompress(btree->compressor, &session->iface,
(uint8_t *)buf->data + WT_BLOCK_COMPRESS_SKIP, buf->size - WT_BLOCK_COMPRESS_SKIP,
(uint8_t *)ctmp->data + WT_BLOCK_COMPRESS_SKIP, ctmp->memsize - WT_BLOCK_COMPRESS_SKIP,
&result_len));
WT_ASSERT(session, dsk->mem_size == result_len + WT_BLOCK_COMPRESS_SKIP);
Reported by FlawFinder.
Line: 275
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/*
* Copy in the skipped header bytes, set the final data size.
*/
memcpy(ctmp->mem, buf->mem, WT_BLOCK_COMPRESS_SKIP);
ctmp->size = result_len;
ip = ctmp;
/* Optionally return the compressed size. */
if (compressed_sizep != NULL)
Reported by FlawFinder.
Line: 38
Column: 20
CWE codes:
120
20
* into the caller's buffer. Else, read directly into the caller's buffer.
*/
if (btree->compressor == NULL && btree->kencryptor == NULL) {
WT_RET(bm->read(bm, session, buf, addr, addr_size));
dsk = buf->data;
ip = NULL;
} else {
WT_RET(__wt_scr_alloc(session, 0, &tmp));
WT_ERR(bm->read(bm, session, tmp, addr, addr_size));
Reported by FlawFinder.
src/third_party/wiredtiger/src/block/block_ckpt_scan.c
5 issues
Line: 100
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = buf->size + len;
WT_RET(__wt_buf_extend(session, buf, size));
p = (uint8_t *)buf->mem + buf->size;
memcpy(p, ckpt->block_metadata, len);
buf->size = size;
/* 4a, copy the checkpoint list length into the buffer. */
len = strlen(ckpt->block_checkpoint);
size = buf->size + WT_INTPACK64_MAXSIZE;
Reported by FlawFinder.
Line: 115
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = buf->size + len;
WT_RET(__wt_buf_extend(session, buf, size));
p = (uint8_t *)buf->mem + buf->size;
memcpy(p, ckpt->block_checkpoint, len);
buf->size = size;
/*
* 5a, copy the not-quite-right checkpoint information length into the
* buffer.
Reported by FlawFinder.
Line: 135
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size = buf->size + len;
WT_RET(__wt_buf_extend(session, buf, size));
p = (uint8_t *)buf->mem + buf->size;
memcpy(p, ckpt->raw.data, len);
buf->size = size;
/*
* We might have grown the buffer beyond the original allocation size, make sure that we're
* still in compliance.
Reported by FlawFinder.
Line: 89
Column: 11
CWE codes:
126
buf->size = size;
/* 3a, copy the metadata length into the buffer. */
len = strlen(ckpt->block_metadata);
size = buf->size + WT_INTPACK64_MAXSIZE;
WT_RET(__wt_buf_extend(session, buf, size));
p = (uint8_t *)buf->mem + buf->size;
WT_RET(__wt_vpack_uint(&p, 0, (uint64_t)len));
buf->size = WT_PTRDIFF(p, buf->mem);
Reported by FlawFinder.
Line: 104
Column: 11
CWE codes:
126
buf->size = size;
/* 4a, copy the checkpoint list length into the buffer. */
len = strlen(ckpt->block_checkpoint);
size = buf->size + WT_INTPACK64_MAXSIZE;
WT_RET(__wt_buf_extend(session, buf, size));
p = (uint8_t *)buf->mem + buf->size;
WT_RET(__wt_vpack_uint(&p, 0, (uint64_t)len));
buf->size = WT_PTRDIFF(p, buf->mem);
Reported by FlawFinder.
src/third_party/wiredtiger/ext/test/fail_fs/fail_fs.c
5 issues
Line: 507
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
(void)file_system; /* Unused */
(void)session; /* Unused */
*existp = (access(name, F_OK) == 0);
return (0);
}
/*
* fail_fs_open --
Reported by FlawFinder.
Line: 484
Column: 18
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
char *s, *value;
result = 0;
if ((value = getenv(name)) != NULL) {
s = value;
if (strcmp(value, "true") == 0)
result = 1;
else if (strcmp(value, "false") != 0) {
result = strtoll(value, &s, 10);
Reported by FlawFinder.
Line: 557
Column: 20
CWE codes:
362
*/
if (file_type == WT_FS_OPEN_FILE_TYPE_DIRECTORY)
fd = -1;
else if ((fd = open(name, open_flags, 0666)) < 0) {
ret = errno;
goto err;
}
/* We create a handle structure for each open. */
Reported by FlawFinder.
Line: 411
Column: 11
CWE codes:
126
entries = NULL;
allocated = count = 0;
len = strlen(directory);
prefix_len = prefix == NULL ? 0 : strlen(prefix);
fail_fs_lock(&fail_fs->lock);
TAILQ_FOREACH (fail_fh, &fail_fs->fileq, q) {
name = fail_fh->iface.name;
Reported by FlawFinder.
Line: 412
Column: 39
CWE codes:
126
entries = NULL;
allocated = count = 0;
len = strlen(directory);
prefix_len = prefix == NULL ? 0 : strlen(prefix);
fail_fs_lock(&fail_fs->lock);
TAILQ_FOREACH (fail_fh, &fail_fs->fileq, q) {
name = fail_fh->iface.name;
if (strncmp(name, directory, len) != 0 ||
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/common/brkiter.cpp
5 issues
Line: 55
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
BreakIterator*
BreakIterator::buildInstance(const Locale& loc, const char *type, int32_t kind, UErrorCode &status)
{
char fnbuff[256];
char ext[4]={'\0'};
CharString actualLocale;
int32_t size;
const UChar* brkfname = NULL;
UResourceBundle brkRulesStack;
Reported by FlawFinder.
Line: 56
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
BreakIterator::buildInstance(const Locale& loc, const char *type, int32_t kind, UErrorCode &status)
{
char fnbuff[256];
char ext[4]={'\0'};
CharString actualLocale;
int32_t size;
const UChar* brkfname = NULL;
UResourceBundle brkRulesStack;
UResourceBundle brkNameStack;
Reported by FlawFinder.
Line: 396
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (U_FAILURE(status)) {
return NULL;
}
char lbType[kKeyValueLenMax];
BreakIterator *result = NULL;
switch (kind) {
case UBRK_CHARACTER:
result = BreakIterator::buildInstance(loc, "grapheme", kind, status);
Reported by FlawFinder.
Line: 409
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
case UBRK_LINE:
uprv_strcpy(lbType, "line");
{
char lbKeyValue[kKeyValueLenMax] = {0};
UErrorCode kvStatus = U_ZERO_ERROR;
int32_t kLen = loc.getKeywordValue("lb", lbKeyValue, kKeyValueLenMax, kvStatus);
if (U_SUCCESS(kvStatus) && kLen > 0 && (uprv_strcmp(lbKeyValue,"strict")==0 || uprv_strcmp(lbKeyValue,"normal")==0 || uprv_strcmp(lbKeyValue,"loose")==0)) {
uprv_strcat(lbType, "_");
uprv_strcat(lbType, lbKeyValue);
Reported by FlawFinder.
Line: 422
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
case UBRK_SENTENCE:
result = BreakIterator::buildInstance(loc, "sentence", kind, status);
{
char ssKeyValue[kKeyValueLenMax] = {0};
UErrorCode kvStatus = U_ZERO_ERROR;
int32_t kLen = loc.getKeywordValue("ss", ssKeyValue, kKeyValueLenMax, kvStatus);
if (U_SUCCESS(kvStatus) && kLen > 0 && uprv_strcmp(ssKeyValue,"standard")==0) {
FilteredBreakIteratorBuilder* fbiBuilder = FilteredBreakIteratorBuilder::createInstance(loc, kvStatus);
if (U_SUCCESS(kvStatus)) {
Reported by FlawFinder.
src/third_party/wiredtiger/examples/c/ex_schema.c
5 issues
Line: 129
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
while ((ret = cursor->next(cursor)) == 0) {
error_check(cursor->get_key(cursor, &recno));
error_check(cursor->get_value(cursor, &country, &year, &population));
printf("ID %" PRIu64, recno);
printf(
": country %s, year %" PRIu16 ", population %" PRIu64 "\n", country, year, population);
}
scan_end_check(ret == WT_NOTFOUND);
error_check(cursor->close(cursor));
Reported by FlawFinder.
Line: 144
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
error_check(cursor->get_key(cursor, &key));
error_check(wiredtiger_struct_unpack(session, key.data, key.size, "r", &recno));
printf("ID %" PRIu64, recno);
error_check(cursor->get_value(cursor, &value));
error_check(wiredtiger_struct_unpack(
session, value.data, value.size, "5sHQ", &country, &year, &population));
printf(
Reported by FlawFinder.
Line: 301
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
while ((ret = join_cursor->next(join_cursor)) == 0) {
error_check(join_cursor->get_key(join_cursor, &recno));
error_check(join_cursor->get_value(join_cursor, &country, &year, &population));
printf("ID %" PRIu64, recno);
printf(
": country %s, year %" PRIu16 ", population %" PRIu64 "\n", country, year, population);
}
scan_end_check(ret == WT_NOTFOUND);
/*! [Join cursors] */
Reported by FlawFinder.
Line: 354
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
while ((ret = join_cursor->next(join_cursor)) == 0) {
error_check(join_cursor->get_key(join_cursor, &recno));
error_check(join_cursor->get_value(join_cursor, &country, &year, &population));
printf("ID %" PRIu64, recno);
printf(
": country %s, year %" PRIu16 ", population %" PRIu64 "\n", country, year, population);
}
scan_end_check(ret == WT_NOTFOUND);
/*! [Complex join cursors] */
Reported by FlawFinder.
Line: 39
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/*! [schema declaration] */
/* The C struct for the data we are storing in a WiredTiger table. */
typedef struct {
char country[5];
uint16_t year;
uint64_t population;
} POP_RECORD;
static POP_RECORD pop_data[] = {{"AU", 1900, 4000000}, {"AU", 1950, 8267337},
Reported by FlawFinder.
src/third_party/gperftools/dist/src/memfs_malloc.cc
5 issues
Line: 119
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
SysAllocator* fallback_; // Default system allocator to fall back to.
};
static union {
char buf[sizeof(HugetlbSysAllocator)];
void *ptr;
} hugetlb_space;
// No locking needed here since we assume that tcmalloc calls
// us with an internal lock held (see tcmalloc/system-alloc.cc).
Reported by FlawFinder.
Line: 229
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
bool HugetlbSysAllocator::Initialize() {
char path[PATH_MAX];
const int pathlen = FLAGS_memfs_malloc_path.size();
if (pathlen + 8 > sizeof(path)) {
Log(kCrash, __FILE__, __LINE__, "XX fatal: memfs_malloc_path too long");
return false;
}
Reported by FlawFinder.
Line: 235
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
Log(kCrash, __FILE__, __LINE__, "XX fatal: memfs_malloc_path too long");
return false;
}
memcpy(path, FLAGS_memfs_malloc_path.data(), pathlen);
memcpy(path + pathlen, ".XXXXXX", 8); // Also copies terminating \0
int hugetlb_fd = mkstemp(path);
if (hugetlb_fd == -1) {
Log(kLog, __FILE__, __LINE__,
Reported by FlawFinder.
Line: 236
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return false;
}
memcpy(path, FLAGS_memfs_malloc_path.data(), pathlen);
memcpy(path + pathlen, ".XXXXXX", 8); // Also copies terminating \0
int hugetlb_fd = mkstemp(path);
if (hugetlb_fd == -1) {
Log(kLog, __FILE__, __LINE__,
"warning: unable to create memfs_malloc_path",
Reported by FlawFinder.
Line: 238
Column: 20
CWE codes:
377
memcpy(path, FLAGS_memfs_malloc_path.data(), pathlen);
memcpy(path + pathlen, ".XXXXXX", 8); // Also copies terminating \0
int hugetlb_fd = mkstemp(path);
if (hugetlb_fd == -1) {
Log(kLog, __FILE__, __LINE__,
"warning: unable to create memfs_malloc_path",
path, strerror(errno));
return false;
Reported by FlawFinder.
src/third_party/wiredtiger/examples/c/ex_config_parse.c
5 issues
Line: 50
Column: 62
CWE codes:
126
"path=/dev/loop,page_size=1024,log=(archive=true,file_max=20MB)";
error_check(
wiredtiger_config_parser_open(NULL, config_string, strlen(config_string), &parser));
error_check(parser->close(parser));
/*! [Create a configuration parser] */
error_check(
wiredtiger_config_parser_open(NULL, config_string, strlen(config_string), &parser));
Reported by FlawFinder.
Line: 55
Column: 62
CWE codes:
126
/*! [Create a configuration parser] */
error_check(
wiredtiger_config_parser_open(NULL, config_string, strlen(config_string), &parser));
{
/*! [get] */
int64_t my_page_size;
/*
Reported by FlawFinder.
Line: 73
Column: 66
CWE codes:
126
{
error_check(
wiredtiger_config_parser_open(NULL, config_string, strlen(config_string), &parser));
/*! [next] */
/*
* Retrieve and print the values of the configuration strings.
*/
while ((ret = parser->next(parser, &k, &v)) == 0) {
Reported by FlawFinder.
Line: 91
Column: 62
CWE codes:
126
}
error_check(
wiredtiger_config_parser_open(NULL, config_string, strlen(config_string), &parser));
/*! [nested get] */
/*
* Retrieve the value of the nested log file_max configuration string using dot shorthand.
* Utilize the configuration parsing automatic conversion of value strings into an integer.
Reported by FlawFinder.
Line: 105
Column: 62
CWE codes:
126
error_check(parser->close(parser));
error_check(
wiredtiger_config_parser_open(NULL, config_string, strlen(config_string), &parser));
/*! [nested traverse] */
{
WT_CONFIG_PARSER *sub_parser;
while ((ret = parser->next(parser, &k, &v)) == 0) {
if (v.type == WT_CONFIG_ITEM_STRUCT) {
Reported by FlawFinder.
src/third_party/wiredtiger/dist/test_data.py
5 issues
Line: 1
Column: 1
# This file is a python script that describes the cpp test framework test configuration options.
class Method:
def __init__(self, config):
# Deal with duplicates: with complex configurations (like
# WT_SESSION::create), it's simpler to deal with duplicates once than
# manually as configurations are defined
self.config = []
lastname = None
Reported by Pylint.
Line: 3
Column: 1
# This file is a python script that describes the cpp test framework test configuration options.
class Method:
def __init__(self, config):
# Deal with duplicates: with complex configurations (like
# WT_SESSION::create), it's simpler to deal with duplicates once than
# manually as configurations are defined
self.config = []
lastname = None
Reported by Pylint.
Line: 3
Column: 1
# This file is a python script that describes the cpp test framework test configuration options.
class Method:
def __init__(self, config):
# Deal with duplicates: with complex configurations (like
# WT_SESSION::create), it's simpler to deal with duplicates once than
# manually as configurations are defined
self.config = []
lastname = None
Reported by Pylint.
Line: 10
Column: 13
# manually as configurations are defined
self.config = []
lastname = None
for c in sorted(config):
if '.' in c.name:
raise "Bad config key '%s'" % c.name
if c.name == lastname:
continue
lastname = c.name
Reported by Pylint.
Line: 18
Column: 1
lastname = c.name
self.config.append(c)
class Config:
def __init__(self, name, default, desc, subconfig=None, **flags):
self.name = name
self.default = default
self.desc = desc
self.subconfig = subconfig
Reported by Pylint.
src/third_party/boost/libs/locale/src/util/default_locale.cpp
5 issues
Line: 33
Column: 28
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
{
char const *lang = 0;
if(!lang || !*lang)
lang = getenv("LC_CTYPE");
if(!lang || !*lang)
lang = getenv("LC_ALL");
if(!lang || !*lang)
lang = getenv("LANG");
#ifndef BOOST_LOCALE_USE_WIN32_API
Reported by FlawFinder.
Line: 35
Column: 28
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if(!lang || !*lang)
lang = getenv("LC_CTYPE");
if(!lang || !*lang)
lang = getenv("LC_ALL");
if(!lang || !*lang)
lang = getenv("LANG");
#ifndef BOOST_LOCALE_USE_WIN32_API
(void)use_utf8; // not relevant for non-windows
if(!lang || !*lang)
Reported by FlawFinder.
Line: 37
Column: 28
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if(!lang || !*lang)
lang = getenv("LC_ALL");
if(!lang || !*lang)
lang = getenv("LANG");
#ifndef BOOST_LOCALE_USE_WIN32_API
(void)use_utf8; // not relevant for non-windows
if(!lang || !*lang)
lang = "C";
return lang;
Reported by FlawFinder.
Line: 47
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if(lang && *lang) {
return lang;
}
char buf[10];
if(GetLocaleInfoA(LOCALE_USER_DEFAULT,LOCALE_SISO639LANGNAME,buf,sizeof(buf))==0)
return "C";
std::string lc_name = buf;
if(GetLocaleInfoA(LOCALE_USER_DEFAULT,LOCALE_SISO3166CTRYNAME,buf,sizeof(buf))!=0) {
lc_name += "_";
Reported by FlawFinder.
Line: 57
Column: 28
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
if(!use_utf8) {
if(GetLocaleInfoA(LOCALE_USER_DEFAULT,LOCALE_IDEFAULTANSICODEPAGE,buf,sizeof(buf))!=0) {
if(atoi(buf)==0)
lc_name+=".UTF-8";
else {
lc_name +=".windows-";
lc_name +=buf;
}
Reported by FlawFinder.