The following issues were found
src/third_party/boost/boost/iostreams/detail/adapter/range_adapter.hpp
5 issues
Line: 65
Column: 21
CWE codes:
120
20
explicit range_adapter(const Range& rng);
range_adapter(iterator first, iterator last);
std::streamsize read(char_type* s, std::streamsize n);
std::streamsize write(const char_type* s, std::streamsize n);
std::streampos seek(stream_offset off, BOOST_IOS::seekdir way);
private:
iterator first_, cur_, last_;
};
Reported by FlawFinder.
Line: 83
Column: 52
CWE codes:
120
20
: first_(first), cur_(first), last_(last) { }
template<typename Mode, typename Range>
inline std::streamsize range_adapter<Mode, Range>::read
(char_type* s, std::streamsize n)
{ return impl::read(cur_, last_, s, n); }
template<typename Mode, typename Range>
inline std::streamsize range_adapter<Mode, Range>::write
Reported by FlawFinder.
Line: 85
Column: 16
CWE codes:
120
20
template<typename Mode, typename Range>
inline std::streamsize range_adapter<Mode, Range>::read
(char_type* s, std::streamsize n)
{ return impl::read(cur_, last_, s, n); }
template<typename Mode, typename Range>
inline std::streamsize range_adapter<Mode, Range>::write
(const char_type* s, std::streamsize n)
{ return impl::write(cur_, last_, s, n); }
Reported by FlawFinder.
Line: 106
Column: 28
CWE codes:
120
20
template<>
struct range_adapter_impl<std::forward_iterator_tag> {
template<typename Iter, typename Ch>
static std::streamsize read
(Iter& cur, Iter& last, Ch* s,std::streamsize n)
{
std::streamsize rem = n; // No. of chars remaining.
while (cur != last && rem-- > 0) *s++ = *cur++;
return n - rem != 0 ? n - rem : -1;
Reported by FlawFinder.
Line: 128
Column: 28
CWE codes:
120
20
template<>
struct range_adapter_impl<std::random_access_iterator_tag> {
template<typename Iter, typename Ch>
static std::streamsize read
(Iter& cur, Iter& last, Ch* s,std::streamsize n)
{
std::streamsize result =
(std::min)(static_cast<std::streamsize>(last - cur), n);
if (result)
Reported by FlawFinder.
src/third_party/boost/boost/iostreams/detail/adapter/mode_adapter.hpp
5 issues
Line: 48
Column: 21
CWE codes:
120
20
// Device member functions.
std::streamsize read(char_type* s, std::streamsize n);
std::streamsize write(const char_type* s, std::streamsize n);
std::streampos seek( stream_offset off, BOOST_IOS::seekdir way,
BOOST_IOS::openmode which =
BOOST_IOS::in | BOOST_IOS::out );
void close();
Reported by FlawFinder.
Line: 59
Column: 21
CWE codes:
120
20
// Filter member functions.
template<typename Source>
std::streamsize read(Source& src, char_type* s, std::streamsize n)
{ return iostreams::read(t_, src, s, n); }
template<typename Sink>
std::streamsize write(Sink& snk, const char_type* s, std::streamsize n)
{ return iostreams::write(t_, snk, s, n); }
Reported by FlawFinder.
Line: 60
Column: 25
CWE codes:
120
20
template<typename Source>
std::streamsize read(Source& src, char_type* s, std::streamsize n)
{ return iostreams::read(t_, src, s, n); }
template<typename Sink>
std::streamsize write(Sink& snk, const char_type* s, std::streamsize n)
{ return iostreams::write(t_, snk, s, n); }
Reported by FlawFinder.
Line: 93
Column: 40
CWE codes:
120
20
//------------------Implementation of mode_adapter----------------------------//
template<typename Mode, typename T>
std::streamsize mode_adapter<Mode, T>::read
(char_type* s, std::streamsize n)
{ return boost::iostreams::read(t_, s, n); }
template<typename Mode, typename T>
std::streamsize mode_adapter<Mode, T>::write
Reported by FlawFinder.
Line: 95
Column: 28
CWE codes:
120
20
template<typename Mode, typename T>
std::streamsize mode_adapter<Mode, T>::read
(char_type* s, std::streamsize n)
{ return boost::iostreams::read(t_, s, n); }
template<typename Mode, typename T>
std::streamsize mode_adapter<Mode, T>::write
(const char_type* s, std::streamsize n)
{ return boost::iostreams::write(t_, s, n); }
Reported by FlawFinder.
src/third_party/boost/boost/iostreams/combine.hpp
5 issues
Line: 66
Column: 21
CWE codes:
120
20
BOOST_STATIC_ASSERT((is_convertible<out_category, output>::value));
BOOST_STATIC_ASSERT((is_same<char_type, sink_char_type>::value));
combined_device(const Source& src, const Sink& snk);
std::streamsize read(char_type* s, std::streamsize n);
std::streamsize write(const char_type* s, std::streamsize n);
void close(BOOST_IOS::openmode);
#ifndef BOOST_NO_STD_LOCALE
void imbue(const std::locale& loc);
#endif
Reported by FlawFinder.
Line: 107
Column: 21
CWE codes:
120
20
combined_filter(const InputFilter& in, const OutputFilter& out);
template<typename Source>
std::streamsize read(Source& src, char_type* s, std::streamsize n)
{ return boost::iostreams::read(in_, src, s, n); }
template<typename Sink>
std::streamsize write(Sink& snk, const char_type* s, std::streamsize n)
{ return boost::iostreams::write(out_, snk, s, n); }
Reported by FlawFinder.
Line: 108
Column: 32
CWE codes:
120
20
template<typename Source>
std::streamsize read(Source& src, char_type* s, std::streamsize n)
{ return boost::iostreams::read(in_, src, s, n); }
template<typename Sink>
std::streamsize write(Sink& snk, const char_type* s, std::streamsize n)
{ return boost::iostreams::write(out_, snk, s, n); }
Reported by FlawFinder.
Line: 209
Column: 32
CWE codes:
120
20
template<typename Source, typename Sink>
inline std::streamsize
combined_device<Source, Sink>::read(char_type* s, std::streamsize n)
{ return iostreams::read(src_, s, n); }
template<typename Source, typename Sink>
inline std::streamsize
combined_device<Source, Sink>::write(const char_type* s, std::streamsize n)
Reported by FlawFinder.
Line: 210
Column: 21
CWE codes:
120
20
template<typename Source, typename Sink>
inline std::streamsize
combined_device<Source, Sink>::read(char_type* s, std::streamsize n)
{ return iostreams::read(src_, s, n); }
template<typename Source, typename Sink>
inline std::streamsize
combined_device<Source, Sink>::write(const char_type* s, std::streamsize n)
{ return iostreams::write(sink_, s, n); }
Reported by FlawFinder.
src/third_party/boost/boost/iostreams/compose.hpp
5 issues
Line: 90
Column: 21
CWE codes:
120
20
optimally_buffered_tag
{ };
composite_device(const Filter& flt, param_type dev);
std::streamsize read(char_type* s, std::streamsize n);
std::streamsize write(const char_type* s, std::streamsize n);
std::streampos seek( stream_offset off, BOOST_IOS::seekdir way,
BOOST_IOS::openmode which =
BOOST_IOS::in | BOOST_IOS::out );
Reported by FlawFinder.
Line: 163
Column: 21
CWE codes:
120
20
{ }
template<typename Source>
std::streamsize read(Source& src, char_type* s, std::streamsize n)
{
composite_device<filter_ref, Source> cmp(boost::ref(filter2_), src);
return iostreams::read(filter1_, cmp, s, n);
}
Reported by FlawFinder.
Line: 166
Column: 27
CWE codes:
120
20
std::streamsize read(Source& src, char_type* s, std::streamsize n)
{
composite_device<filter_ref, Source> cmp(boost::ref(filter2_), src);
return iostreams::read(filter1_, cmp, s, n);
}
template<typename Sink>
std::streamsize write(Sink& snk, const char_type* s, std::streamsize n)
{
Reported by FlawFinder.
Line: 405
Column: 64
CWE codes:
120
20
{ }
template<typename Filter, typename Device, typename Mode>
inline std::streamsize composite_device<Filter, Device, Mode>::read
(char_type* s, std::streamsize n)
{ return iostreams::read(filter_, device_, s, n); }
template<typename Filter, typename Device, typename Mode>
inline std::streamsize composite_device<Filter, Device, Mode>::write
Reported by FlawFinder.
Line: 407
Column: 21
CWE codes:
120
20
template<typename Filter, typename Device, typename Mode>
inline std::streamsize composite_device<Filter, Device, Mode>::read
(char_type* s, std::streamsize n)
{ return iostreams::read(filter_, device_, s, n); }
template<typename Filter, typename Device, typename Mode>
inline std::streamsize composite_device<Filter, Device, Mode>::write
(const char_type* s, std::streamsize n)
{ return iostreams::write(filter_, device_, s, n); }
Reported by FlawFinder.
src/third_party/unwind/dist/tests/test-ptrace.c
5 issues
Line: 68
Column: 7
CWE codes:
134
Suggestion:
Use a constant for the format specification
trace_mode = SYSCALL;
#define panic(args...) \
do { fprintf (stderr, args); ++nerrors; } while (0)
static unw_addr_space_t as;
static struct UPT_info *ui;
static int killed;
Reported by FlawFinder.
Line: 82
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int n = 0, ret;
unw_proc_info_t pi;
unw_cursor_t c;
char buf[512];
size_t len;
ret = unw_init_remote (&c, as, ui);
if (ret < 0)
panic ("unw_init_remote() failed: ret=%d\n", ret);
Reported by FlawFinder.
Line: 109
Column: 8
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
len = strlen (buf);
if (len >= sizeof (buf) - 32)
len = sizeof (buf) - 32;
sprintf (buf + len, "+0x%lx", (unsigned long) off);
}
printf ("%016lx %-32s (sp=%016lx)\n", (long) ip, buf, (long) sp);
}
if ((ret = unw_get_proc_info (&c, &pi)) < 0)
Reported by FlawFinder.
Line: 222
Column: 8
CWE codes:
362
/* child */
if (!verbose)
dup2 (open ("/dev/null", O_WRONLY), 1);
#if HAVE_DECL_PTRACE_TRACEME
ptrace (PTRACE_TRACEME, 0, 0, 0);
#elif HAVE_DECL_PT_TRACE_ME
ptrace (PT_TRACE_ME, 0, 0, 0);
Reported by FlawFinder.
Line: 106
Column: 14
CWE codes:
126
{
if (off)
{
len = strlen (buf);
if (len >= sizeof (buf) - 32)
len = sizeof (buf) - 32;
sprintf (buf + len, "+0x%lx", (unsigned long) off);
}
printf ("%016lx %-32s (sp=%016lx)\n", (long) ip, buf, (long) sp);
Reported by FlawFinder.
src/third_party/boost/boost/asio/basic_socket_iostream.hpp
5 issues
Line: 51
Column: 13
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
{ \
this->setf(std::ios_base::unitbuf); \
if (rdbuf()->connect(BOOST_ASIO_VARIADIC_BYVAL_ARGS(n)) == 0) \
this->setstate(std::ios_base::failbit); \
} \
/**/
// A macro that should expand to:
// template <typename T1, ..., typename Tn>
Reported by FlawFinder.
Line: 69
Column: 13
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
void connect(BOOST_ASIO_VARIADIC_BYVAL_PARAMS(n)) \
{ \
if (rdbuf()->connect(BOOST_ASIO_VARIADIC_BYVAL_ARGS(n)) == 0) \
this->setstate(std::ios_base::failbit); \
} \
/**/
#endif // !defined(BOOST_ASIO_HAS_VARIADIC_TEMPLATES)
Reported by FlawFinder.
Line: 251
Column: 13
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
{
this->setf(std::ios_base::unitbuf);
if (rdbuf()->connect(x...) == 0)
this->setstate(std::ios_base::failbit);
}
#else
BOOST_ASIO_VARIADIC_GENERATE(BOOST_ASIO_PRIVATE_CTR_DEF)
#endif
Reported by FlawFinder.
Line: 271
Column: 13
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
void connect(T... x)
{
if (rdbuf()->connect(x...) == 0)
this->setstate(std::ios_base::failbit);
}
#else
BOOST_ASIO_VARIADIC_GENERATE(BOOST_ASIO_PRIVATE_CONNECT_DEF)
#endif
Reported by FlawFinder.
Line: 281
Column: 13
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
void close()
{
if (rdbuf()->close() == 0)
this->setstate(std::ios_base::failbit);
}
/// Return a pointer to the underlying streambuf.
basic_socket_streambuf<Protocol, Clock, WaitTraits>* rdbuf() const
{
Reported by FlawFinder.
buildscripts/libdeps/analyzer_unittests.py
5 issues
Line: 30
Column: 1
import sys
import unittest
import networkx
import libdeps.analyzer
from libdeps.graph import LibdepsGraph, EdgeProps, NodeProps, CountTypes
Reported by Pylint.
Line: 27
Column: 1
"""Unittests for the graph analyzer."""
import json
import sys
import unittest
import networkx
import libdeps.analyzer
Reported by Pylint.
Line: 30
Column: 1
import sys
import unittest
import networkx
import libdeps.analyzer
from libdeps.graph import LibdepsGraph, EdgeProps, NodeProps, CountTypes
Reported by Pylint.
Line: 200
Column: 9
"""Check results of analysis generically."""
analysis = [algo(graph, *args)]
ga = libdeps.analyzer.LibdepsGraphAnalysis(analysis)
printer = libdeps.analyzer.GaJsonPrinter(ga)
result = json.loads(printer.get_json())
self.assertEqual(result, expected)
def run_counts(self, expected, graph):
Reported by Pylint.
Line: 211
Column: 9
analysis = libdeps.analyzer.counter_factory(
graph,
[name[0] for name in CountTypes.__members__.items() if name[0] != CountTypes.ALL.name])
ga = libdeps.analyzer.LibdepsGraphAnalysis(analysis)
printer = libdeps.analyzer.GaJsonPrinter(ga)
result = json.loads(printer.get_json())
self.assertEqual(result, expected)
def test_graph_paths_basic(self):
Reported by Pylint.
src/third_party/boost/boost/algorithm/cxx11/is_permutation.hpp
5 issues
Line: 138
Column: 6
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/// \param first2 The start of the second sequence
/// \note This function is part of the C++2011 standard library.
template< class ForwardIterator1, class ForwardIterator2 >
bool is_permutation ( ForwardIterator1 first1, ForwardIterator1 last1, ForwardIterator2 first2 )
{
// How should I deal with the idea that ForwardIterator1::value_type
// and ForwardIterator2::value_type could be different? Define my own comparison predicate?
// Skip the common prefix (if any)
std::pair<ForwardIterator1, ForwardIterator2> eq = std::mismatch (first1, last1, first2 );
Reported by FlawFinder.
Line: 143
Column: 61
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
// How should I deal with the idea that ForwardIterator1::value_type
// and ForwardIterator2::value_type could be different? Define my own comparison predicate?
// Skip the common prefix (if any)
std::pair<ForwardIterator1, ForwardIterator2> eq = std::mismatch (first1, last1, first2 );
first1 = eq.first;
first2 = eq.second;
if ( first1 != last1 ) {
// Create last2
ForwardIterator2 last2 = first2;
Reported by FlawFinder.
Line: 163
Column: 6
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/// \param r The input range
/// \param first2 The start of the second sequence
template <typename Range, typename ForwardIterator>
bool is_permutation ( const Range &r, ForwardIterator first2 )
{
return boost::algorithm::is_permutation (boost::begin (r), boost::end (r), first2 );
}
/// \fn is_permutation ( const Range &r, ForwardIterator first2, BinaryPredicate pred )
Reported by FlawFinder.
Line: 165
Column: 30
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
template <typename Range, typename ForwardIterator>
bool is_permutation ( const Range &r, ForwardIterator first2 )
{
return boost::algorithm::is_permutation (boost::begin (r), boost::end (r), first2 );
}
/// \fn is_permutation ( const Range &r, ForwardIterator first2, BinaryPredicate pred )
/// \brief Tests to see if the sequence [first,last) is a permutation of the sequence starting at first2
///
Reported by FlawFinder.
Line: 179
Column: 1
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
// That way the non-range version will be chosen.
template <typename Range, typename ForwardIterator, typename BinaryPredicate>
typename boost::disable_if_c<boost::is_same<Range, ForwardIterator>::value, bool>::type
is_permutation ( const Range &r, ForwardIterator first2, BinaryPredicate pred )
{
return boost::algorithm::is_permutation (boost::begin (r), boost::end (r), first2, pred );
}
}}
Reported by FlawFinder.
src/third_party/benchmark/dist/src/colorprint.cc
5 issues
Line: 92
Column: 14
CWE codes:
134
Suggestion:
Use a constant for the format specification
std::size_t size = 256;
char local_buff[256];
auto ret = vsnprintf(local_buff, size, msg, args_cp);
va_end(args_cp);
// currently there is no error handling for failure, so this is hack.
CHECK(ret >= 0);
Reported by FlawFinder.
Line: 107
Column: 11
CWE codes:
134
Suggestion:
Use a constant for the format specification
// we did not provide a long enough buffer on our first attempt.
size = (size_t)ret + 1; // + 1 for the null byte
std::unique_ptr<char[]> buff(new char[size]);
ret = vsnprintf(buff.get(), size, msg, args);
CHECK(ret > 0 && ((size_t)ret) < size);
return buff.get();
}
}
Reported by FlawFinder.
Line: 146
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
fflush(stdout);
SetConsoleTextAttribute(stdout_handle,
GetPlatformColorCode(color) | FOREGROUND_INTENSITY);
vprintf(fmt, args);
fflush(stdout);
// Restores the text color.
SetConsoleTextAttribute(stdout_handle, old_color_attrs);
#else
Reported by FlawFinder.
Line: 174
Column: 28
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
"linux", "cygwin",
};
const char* const term = getenv("TERM");
bool term_supports_color = false;
for (const char* candidate : SUPPORTED_TERM_VALUES) {
if (term && 0 == strcmp(term, candidate)) {
term_supports_color = true;
Reported by FlawFinder.
Line: 91
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
va_copy(args_cp, args);
std::size_t size = 256;
char local_buff[256];
auto ret = vsnprintf(local_buff, size, msg, args_cp);
va_end(args_cp);
// currently there is no error handling for failure, so this is hack.
Reported by FlawFinder.
src/third_party/asio-master/asio/include/asio/basic_socket_iostream.hpp
5 issues
Line: 57
Column: 13
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
{ \
this->setf(std::ios_base::unitbuf); \
if (rdbuf()->connect(ASIO_VARIADIC_BYVAL_ARGS(n)) == 0) \
this->setstate(std::ios_base::failbit); \
} \
/**/
// A macro that should expand to:
// template <typename T1, ..., typename Tn>
Reported by FlawFinder.
Line: 75
Column: 13
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
void connect(ASIO_VARIADIC_BYVAL_PARAMS(n)) \
{ \
if (rdbuf()->connect(ASIO_VARIADIC_BYVAL_ARGS(n)) == 0) \
this->setstate(std::ios_base::failbit); \
} \
/**/
#endif // !defined(ASIO_HAS_VARIADIC_TEMPLATES)
Reported by FlawFinder.
Line: 270
Column: 13
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
{
this->setf(std::ios_base::unitbuf);
if (rdbuf()->connect(x...) == 0)
this->setstate(std::ios_base::failbit);
}
#else
ASIO_VARIADIC_GENERATE(ASIO_PRIVATE_CTR_DEF)
#endif
Reported by FlawFinder.
Line: 290
Column: 13
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
void connect(T... x)
{
if (rdbuf()->connect(x...) == 0)
this->setstate(std::ios_base::failbit);
}
#else
ASIO_VARIADIC_GENERATE(ASIO_PRIVATE_CONNECT_DEF)
#endif
Reported by FlawFinder.
Line: 300
Column: 13
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
void close()
{
if (rdbuf()->close() == 0)
this->setstate(std::ios_base::failbit);
}
/// Return a pointer to the underlying streambuf.
basic_socket_streambuf<Protocol ASIO_SVC_TARG,
Clock, WaitTraits ASIO_SVC_TARG1>* rdbuf() const
Reported by FlawFinder.