The following issues were found
src/third_party/boost/libs/locale/src/util/default_locale.cpp
5 issues
Line: 33
Column: 28
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
{
char const *lang = 0;
if(!lang || !*lang)
lang = getenv("LC_CTYPE");
if(!lang || !*lang)
lang = getenv("LC_ALL");
if(!lang || !*lang)
lang = getenv("LANG");
#ifndef BOOST_LOCALE_USE_WIN32_API
Reported by FlawFinder.
Line: 35
Column: 28
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if(!lang || !*lang)
lang = getenv("LC_CTYPE");
if(!lang || !*lang)
lang = getenv("LC_ALL");
if(!lang || !*lang)
lang = getenv("LANG");
#ifndef BOOST_LOCALE_USE_WIN32_API
(void)use_utf8; // not relevant for non-windows
if(!lang || !*lang)
Reported by FlawFinder.
Line: 37
Column: 28
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if(!lang || !*lang)
lang = getenv("LC_ALL");
if(!lang || !*lang)
lang = getenv("LANG");
#ifndef BOOST_LOCALE_USE_WIN32_API
(void)use_utf8; // not relevant for non-windows
if(!lang || !*lang)
lang = "C";
return lang;
Reported by FlawFinder.
Line: 47
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if(lang && *lang) {
return lang;
}
char buf[10];
if(GetLocaleInfoA(LOCALE_USER_DEFAULT,LOCALE_SISO639LANGNAME,buf,sizeof(buf))==0)
return "C";
std::string lc_name = buf;
if(GetLocaleInfoA(LOCALE_USER_DEFAULT,LOCALE_SISO3166CTRYNAME,buf,sizeof(buf))!=0) {
lc_name += "_";
Reported by FlawFinder.
Line: 57
Column: 28
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
if(!use_utf8) {
if(GetLocaleInfoA(LOCALE_USER_DEFAULT,LOCALE_IDEFAULTANSICODEPAGE,buf,sizeof(buf))!=0) {
if(atoi(buf)==0)
lc_name+=".UTF-8";
else {
lc_name +=".windows-";
lc_name +=buf;
}
Reported by FlawFinder.
src/mongo/base/encoded_value_storage_test.cpp
5 issues
Line: 122
};
} // namespace EncodedValueStorageTest
TEST(EncodedValueStorage, EncodedValueStorage) {
EncodedValueStorageTest::Value raw;
EncodedValueStorageTest::Value zerod(kZeroInitTag);
char buf[sizeof(EncodedValueStorageTest::Layout)] = {0};
ASSERT_EQUALS(raw.view().view2ptr(), raw.constView().view2ptr());
Reported by Cppcheck.
Line: 125
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TEST(EncodedValueStorage, EncodedValueStorage) {
EncodedValueStorageTest::Value raw;
EncodedValueStorageTest::Value zerod(kZeroInitTag);
char buf[sizeof(EncodedValueStorageTest::Layout)] = {0};
ASSERT_EQUALS(raw.view().view2ptr(), raw.constView().view2ptr());
// ensure zeroing with the init tag works
ASSERT_EQUALS(std::memcmp(zerod.view().view2ptr(), buf, sizeof(buf)), 0);
Reported by FlawFinder.
Line: 63
Column: 23
CWE codes:
120
20
}
uint32_t getNative() {
return data().read<uint32_t>(offsetof(Layout, native));
}
uint32_t getLE() {
return data().read<LittleEndian<uint32_t>>(offsetof(Layout, le));
}
Reported by FlawFinder.
Line: 67
Column: 23
CWE codes:
120
20
}
uint32_t getLE() {
return data().read<LittleEndian<uint32_t>>(offsetof(Layout, le));
}
uint32_t getBE() {
return data().read<BigEndian<uint32_t>>(offsetof(Layout, be));
}
Reported by FlawFinder.
src/third_party/wiredtiger/ext/test/fail_fs/fail_fs.c
5 issues
Line: 507
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
(void)file_system; /* Unused */
(void)session; /* Unused */
*existp = (access(name, F_OK) == 0);
return (0);
}
/*
* fail_fs_open --
Reported by FlawFinder.
Line: 484
Column: 18
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
char *s, *value;
result = 0;
if ((value = getenv(name)) != NULL) {
s = value;
if (strcmp(value, "true") == 0)
result = 1;
else if (strcmp(value, "false") != 0) {
result = strtoll(value, &s, 10);
Reported by FlawFinder.
Line: 557
Column: 20
CWE codes:
362
*/
if (file_type == WT_FS_OPEN_FILE_TYPE_DIRECTORY)
fd = -1;
else if ((fd = open(name, open_flags, 0666)) < 0) {
ret = errno;
goto err;
}
/* We create a handle structure for each open. */
Reported by FlawFinder.
Line: 411
Column: 11
CWE codes:
126
entries = NULL;
allocated = count = 0;
len = strlen(directory);
prefix_len = prefix == NULL ? 0 : strlen(prefix);
fail_fs_lock(&fail_fs->lock);
TAILQ_FOREACH (fail_fh, &fail_fs->fileq, q) {
name = fail_fh->iface.name;
Reported by FlawFinder.
Line: 412
Column: 39
CWE codes:
126
entries = NULL;
allocated = count = 0;
len = strlen(directory);
prefix_len = prefix == NULL ? 0 : strlen(prefix);
fail_fs_lock(&fail_fs->lock);
TAILQ_FOREACH (fail_fh, &fail_fs->fileq, q) {
name = fail_fh->iface.name;
if (strncmp(name, directory, len) != 0 ||
Reported by FlawFinder.
src/third_party/boost/libs/filesystem/src/path_traits.cpp
5 issues
Line: 23
Column: 23
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
namespace pt = boost::filesystem::path_traits;
namespace fs = boost::filesystem;
namespace bs = boost::system;
//--------------------------------------------------------------------------------------//
// configuration //
//--------------------------------------------------------------------------------------//
Reported by FlawFinder.
Line: 150
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
else
{
wchar_t buf[default_codecvt_buf_size];
convert_aux(from, from_end, buf, buf+default_codecvt_buf_size, to, cvt);
}
}
//--------------------------------------------------------------------------------------//
Reported by FlawFinder.
Line: 189
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
else
{
char buf[default_codecvt_buf_size];
convert_aux(from, from_end, buf, buf+default_codecvt_buf_size, to, cvt);
}
}
}}} // namespace boost::filesystem::path_traits
Reported by FlawFinder.
Line: 135
Column: 30
CWE codes:
126
if (!from_end) // null terminated
{
from_end = from + std::strlen(from);
}
if (from == from_end) return;
std::size_t buf_size = (from_end - from) * 3; // perhaps too large, but that's OK
Reported by FlawFinder.
Line: 169
Column: 30
CWE codes:
126
if (!from_end) // null terminated
{
from_end = from + std::wcslen(from);
}
if (from == from_end) return;
// The codecvt length functions may not be implemented, and I don't really
Reported by FlawFinder.
src/third_party/boost/libs/filesystem/src/unique_path.cpp
5 issues
Line: 41
Column: 34
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
//# endif // defined(SYS_getrandom)
# if defined(__has_include)
# if __has_include(<sys/random.h>)
# define BOOST_FILESYSTEM_HAS_GETRANDOM
# endif
# elif defined(__GLIBC__)
# if __GLIBC_PREREQ(2, 25)
# define BOOST_FILESYSTEM_HAS_GETRANDOM
Reported by FlawFinder.
Line: 149
Column: 14
CWE codes:
362
#else
int file = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
if (file == -1)
{
file = open("/dev/random", O_RDONLY | O_CLOEXEC);
if (file == -1)
{
Reported by FlawFinder.
Line: 152
Column: 12
CWE codes:
362
int file = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
if (file == -1)
{
file = open("/dev/random", O_RDONLY | O_CLOEXEC);
if (file == -1)
{
emit_error(errno, ec, "boost::filesystem::unique_path");
return;
}
Reported by FlawFinder.
Line: 250
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
path::string_type s( model.native() );
char ran[16] = {}; // init to avoid clang static analyzer message
// see ticket #8954
BOOST_CONSTEXPR_OR_CONST unsigned int max_nibbles = 2u * sizeof(ran); // 4-bits per nibble
unsigned int nibbles_used = max_nibbles;
for (path::string_type::size_type i = 0, n = s.size(); i < n; ++i)
Reported by FlawFinder.
Line: 163
Column: 17
CWE codes:
120
20
std::size_t bytes_read = 0;
while (bytes_read < len)
{
ssize_t n = read(file, buf, len - bytes_read);
if (BOOST_UNLIKELY(n == -1))
{
int err = errno;
if (err == EINTR)
continue;
Reported by FlawFinder.
src/mongo/util/generate_icu_init_cpp.py
5 issues
Line: 30
Column: 1
# exception statement from all source files in the program, then also delete
# it in the license file.
import optparse
import os
import sys
def main(argv):
Reported by Pylint.
Line: 31
Column: 1
# it in the license file.
import optparse
import os
import sys
def main(argv):
parser = optparse.OptionParser()
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python3
#
# Copyright (C) 2018-present MongoDB, Inc.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the Server Side Public License, version 1,
# as published by MongoDB, Inc.
#
# This program is distributed in the hope that it will be useful,
Reported by Pylint.
Line: 35
Column: 1
import sys
def main(argv):
parser = optparse.OptionParser()
parser.add_option('-o', '--output', action='store', dest='output_cpp_file',
help='path to output cpp file')
parser.add_option('-i', '--input', action='store', dest='input_data_file',
help='input ICU data file, in common format (.dat)')
Reported by Pylint.
Line: 51
Column: 1
generate_cpp_file(options.input_data_file, options.output_cpp_file)
def generate_cpp_file(data_file_path, cpp_file_path):
source_template = '''// AUTO-GENERATED FILE DO NOT EDIT
// See generate_icu_init_cpp.py.
/**
* Copyright (C) 2018-present MongoDB, Inc.
*
Reported by Pylint.
src/mongo/db/exec/document_value/document.cpp
5 issues
Line: 205
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// Append structure of a ValueElement
char* dest = _cache + pos.index; // must be after alloc since it changes _cache
#define append(x) \
memcpy(dest, &(x), sizeof(x)); \
dest += sizeof(x)
append(value);
append(nextCollision);
append(nameSize);
append(kind);
Reported by FlawFinder.
Line: 267
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!firstAlloc) {
// This just copies the elements
memcpy(_cache, oldBuf.get(), _usedBytes);
if (_numFields >= HASH_TAB_MIN) {
// if we were hashing, deal with the hash table
if (doingRehash) {
rehash();
Reported by FlawFinder.
Line: 275
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rehash();
} else {
// no rehash needed so just slide table down to new position
memcpy(_hashTab, oldBuf.get() + oldCapacity, hashTabBytes());
}
}
}
}
Reported by FlawFinder.
Line: 308
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const size_t bufferBytes = allocatedBytes();
out->_cache = new char[bufferBytes];
out->_cacheEnd = out->_cache + (_cacheEnd - _cache);
memcpy(out->_cache, _cache, bufferBytes);
out->_hashTabMask = _hashTabMask;
out->_usedBytes = _usedBytes;
out->_numFields = _numFields;
Reported by FlawFinder.
Line: 792
Column: 30
CWE codes:
120
20
}
Document Document::deserializeForSorter(BufReader& buf, const SorterDeserializeSettings&) {
const int numElems = buf.read<LittleEndian<int>>();
MutableDocument doc(numElems);
for (int i = 0; i < numElems; i++) {
StringData name = buf.readCStr();
doc.addField(name, Value::deserializeForSorter(buf, Value::SorterDeserializeSettings()));
}
Reported by FlawFinder.
src/third_party/boost/boost/type_traits/type_with_alignment.hpp
5 issues
Line: 134
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
//
namespace tt_align_ns {
struct __declspec(align(8)) a8 {
char m[8];
typedef a8 type;
};
struct __declspec(align(16)) a16 {
char m[16];
typedef a16 type;
Reported by FlawFinder.
Line: 138
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef a8 type;
};
struct __declspec(align(16)) a16 {
char m[16];
typedef a16 type;
};
struct __declspec(align(32)) a32 {
char m[32];
typedef a32 type;
Reported by FlawFinder.
Line: 142
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef a16 type;
};
struct __declspec(align(32)) a32 {
char m[32];
typedef a32 type;
};
struct __declspec(align(64)) a64
{
char m[64];
Reported by FlawFinder.
Line: 147
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct __declspec(align(64)) a64
{
char m[64];
typedef a64 type;
};
struct __declspec(align(128)) a128 {
char m[128];
typedef a128 type;
Reported by FlawFinder.
Line: 151
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef a64 type;
};
struct __declspec(align(128)) a128 {
char m[128];
typedef a128 type;
};
}
template<> struct type_with_alignment<8>
Reported by FlawFinder.
src/third_party/wiredtiger/dist/test_data.py
5 issues
Line: 1
Column: 1
# This file is a python script that describes the cpp test framework test configuration options.
class Method:
def __init__(self, config):
# Deal with duplicates: with complex configurations (like
# WT_SESSION::create), it's simpler to deal with duplicates once than
# manually as configurations are defined
self.config = []
lastname = None
Reported by Pylint.
Line: 3
Column: 1
# This file is a python script that describes the cpp test framework test configuration options.
class Method:
def __init__(self, config):
# Deal with duplicates: with complex configurations (like
# WT_SESSION::create), it's simpler to deal with duplicates once than
# manually as configurations are defined
self.config = []
lastname = None
Reported by Pylint.
Line: 3
Column: 1
# This file is a python script that describes the cpp test framework test configuration options.
class Method:
def __init__(self, config):
# Deal with duplicates: with complex configurations (like
# WT_SESSION::create), it's simpler to deal with duplicates once than
# manually as configurations are defined
self.config = []
lastname = None
Reported by Pylint.
Line: 10
Column: 13
# manually as configurations are defined
self.config = []
lastname = None
for c in sorted(config):
if '.' in c.name:
raise "Bad config key '%s'" % c.name
if c.name == lastname:
continue
lastname = c.name
Reported by Pylint.
Line: 18
Column: 1
lastname = c.name
self.config.append(c)
class Config:
def __init__(self, name, default, desc, subconfig=None, **flags):
self.name = name
self.default = default
self.desc = desc
self.subconfig = subconfig
Reported by Pylint.
src/third_party/boost/libs/iostreams/src/mapped_file.cpp
5 issues
Line: 324
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
void* data =
::MapViewOfFileEx(
mapped_handle_,
access,
(DWORD) (p.offset >> 32),
(DWORD) (p.offset & 0xffffffff),
(SIZE_T) (numeric_cast<size_type>(size_) != max_length ? size_ : 0),
(LPVOID) p.hint );
if (!data)
Reported by FlawFinder.
Line: 56
Column: 10
CWE codes:
362
size_type, max_length = mapped_file_source::max_length);
mapped_file_impl();
~mapped_file_impl();
void open(param_type p);
bool is_open() const { return data_ != 0; }
void close();
bool error() const { return error_; }
mapmode flags() const { return params_.flags; }
std::size_t size() const { return static_cast<std::size_t>(size_); }
Reported by FlawFinder.
Line: 87
Column: 24
CWE codes:
362
mapped_file_impl::~mapped_file_impl()
{ try { close(); } catch (...) { } }
void mapped_file_impl::open(param_type p)
{
if (is_open())
boost::throw_exception(BOOST_IOSTREAMS_FAILURE("file already open"));
p.normalize();
open_file(p);
Reported by FlawFinder.
Line: 267
Column: 17
CWE codes:
362
#endif
errno = 0;
if (p.path.is_wide()) { errno = EINVAL; cleanup_and_throw("wide path not supported here"); } // happens on CYGWIN
handle_ = ::open(p.path.c_str(), flags, S_IRWXU);
if (errno != 0)
cleanup_and_throw("failed opening file");
//--------------Set file size---------------------------------------------//
Reported by FlawFinder.
Line: 480
Column: 11
CWE codes:
362
void mapped_file_source::init() { pimpl_.reset(new impl_type); }
void mapped_file_source::open_impl(const param_type& p)
{ pimpl_->open(p); }
//------------------Implementation of mapped_file-----------------------------//
mapped_file::mapped_file(const mapped_file& other)
: delegate_(other.delegate_)
Reported by FlawFinder.