The following issues were found
src/third_party/abseil-cpp-master/abseil-cpp/absl/strings/internal/str_format/convert_test.cc
5 issues
Line: 227
}
}
TEST_F(FormatConvertTest, BasicString) {
TestStringConvert("hello"); // As char array.
TestStringConvert(static_cast<const char*>("hello"));
TestStringConvert(std::string("hello"));
TestStringConvert(string_view("hello"));
}
Reported by Cppcheck.
Line: 96
Column: 16
CWE codes:
134
Suggestion:
Use a constant for the format specification
// of the structure before using it and use that copy instead.
va_list backup_ap;
va_copy(backup_ap, ap);
int result = vsnprintf(space, kSpaceLength, format, backup_ap);
va_end(backup_ap);
if (result < kSpaceLength) {
if (result >= 0) {
// Normal case -- everything fit.
dst->append(space, result);
Reported by FlawFinder.
Line: 117
Column: 12
CWE codes:
134
Suggestion:
Use a constant for the format specification
// Restore the va_list before we use it again
va_copy(backup_ap, ap);
result = vsnprintf(buf, length, format, backup_ap);
va_end(backup_ap);
if (result >= 0 && result < length) {
// It fit
dst->append(buf, result);
Reported by FlawFinder.
Line: 68
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (std::isprint(static_cast<unsigned char>(v))) {
return std::string(1, static_cast<char>(v));
}
char buf[64];
int n = snprintf(buf, sizeof(buf), "\\%#.2x",
static_cast<unsigned>(v & 0xff));
assert(n > 0 && n < sizeof(buf));
return std::string(buf, n);
}
Reported by FlawFinder.
Line: 89
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void StrAppendV(std::string *dst, const char *format, va_list ap) {
// First try with a small fixed size buffer
static const int kSpaceLength = 1024;
char space[kSpaceLength];
// It's possible for methods that use a va_list to invalidate
// the data in it upon use. The fix is to make a copy
// of the structure before using it and use that copy instead.
va_list backup_ap;
Reported by FlawFinder.
src/third_party/scons-3.1.2/scons-local-3.1.2/SCons/Tool/wix.py
5 issues
Line: 33
Column: 1
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
__revision__ = "src/engine/SCons/Tool/wix.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"
import SCons.Builder
import SCons.Action
import os
Reported by Pylint.
Line: 37
Column: 1
import SCons.Builder
import SCons.Action
import os
def generate(env):
"""Add Builders and construction variables for WiX to an Environment."""
if not exists(env):
return
Reported by Pylint.
Line: 42
Column: 1
def generate(env):
"""Add Builders and construction variables for WiX to an Environment."""
if not exists(env):
return
env['WIXCANDLEFLAGS'] = ['-nologo']
env['WIXCANDLEINCLUDE'] = []
env['WIXCANDLECOM'] = '$WIXCANDLE $WIXCANDLEFLAGS -I $WIXCANDLEINCLUDE -o ${TARGET} ${SOURCE}'
Reported by Pylint.
Line: 65
Column: 1
env['BUILDERS']['WiX'] = linker_builder
def exists(env):
env['WIXCANDLE'] = 'candle.exe'
env['WIXLIGHT'] = 'light.exe'
# try to find the candle.exe and light.exe tools and
# add the install directory to light libpath.
Reported by Pylint.
Line: 69
Column: 57
env['WIXCANDLE'] = 'candle.exe'
env['WIXLIGHT'] = 'light.exe'
# try to find the candle.exe and light.exe tools and
# add the install directory to light libpath.
for path in os.environ['PATH'].split(os.pathsep):
if not path:
continue
Reported by Pylint.
src/third_party/abseil-cpp-master/abseil-cpp/absl/random/internal/pcg_engine.h
5 issues
Line: 149
Column: 10
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (mult != pcg_engine::params_type::multiplier() ||
inc != pcg_engine::params_type::increment()) {
// signal failure by setting the failbit.
is.setstate(is.rdstate() | std::ios_base::failbit);
}
if (!is.fail()) {
engine.state_ = tmp;
}
return is;
Reported by FlawFinder.
Line: 168
Column: 10
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
if (mult != pcg_engine::params_type::multiplier() ||
inc != pcg_engine::params_type::increment()) {
// signal failure by setting the failbit.
is.setstate(is.rdstate() | std::ios_base::failbit);
}
if (!is.fail()) {
engine.state_ = tmp;
}
return is;
Reported by FlawFinder.
Line: 143
Column: 24
CWE codes:
120
20
std::basic_istream<CharT, Traits>& is, // NOLINT(runtime/references)
pcg_engine& engine) { // NOLINT(runtime/references)
random_internal::stream_u128_helper<state_type> helper;
auto mult = helper.read(is);
auto inc = helper.read(is);
auto tmp = helper.read(is);
if (mult != pcg_engine::params_type::multiplier() ||
inc != pcg_engine::params_type::increment()) {
// signal failure by setting the failbit.
Reported by FlawFinder.
Line: 144
Column: 23
CWE codes:
120
20
pcg_engine& engine) { // NOLINT(runtime/references)
random_internal::stream_u128_helper<state_type> helper;
auto mult = helper.read(is);
auto inc = helper.read(is);
auto tmp = helper.read(is);
if (mult != pcg_engine::params_type::multiplier() ||
inc != pcg_engine::params_type::increment()) {
// signal failure by setting the failbit.
is.setstate(is.rdstate() | std::ios_base::failbit);
Reported by FlawFinder.
Line: 145
Column: 23
CWE codes:
120
20
random_internal::stream_u128_helper<state_type> helper;
auto mult = helper.read(is);
auto inc = helper.read(is);
auto tmp = helper.read(is);
if (mult != pcg_engine::params_type::multiplier() ||
inc != pcg_engine::params_type::increment()) {
// signal failure by setting the failbit.
is.setstate(is.rdstate() | std::ios_base::failbit);
}
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/flags/parse_test.cc
5 issues
Line: 244
// --------------------------------------------------------------------
TEST_F(ParseTest, TestEmptyArgv) {
const char* in_argv[] = {"testbin"};
auto out_args = InvokeParse(in_argv);
EXPECT_EQ(out_args.size(), 1);
Reported by Cppcheck.
Line: 180
Column: 15
CWE codes:
120
absl::string_view separator;
for (const auto& flagfile_data : ffd) {
std::string flagfile_name =
absl::StrCat(GetTestTempDir(), flagfile_data.file_name);
std::ofstream flagfile_out(flagfile_name);
for (auto line : flagfile_data.file_lines) {
flagfile_out << absl::Substitute(line, GetTestTempDir()) << "\n";
}
Reported by FlawFinder.
Line: 81
Column: 23
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
return std::string(buf, get_res);
#else
const char* val = ::getenv(env_var_name);
if (val == nullptr) {
return "";
}
return val;
Reported by FlawFinder.
Line: 73
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
std::string GetTestTmpDirEnvVar(const char* const env_var_name) {
#ifdef _WIN32
char buf[MAX_PATH];
auto get_res = GetEnvironmentVariableA(env_var_name, buf, sizeof(buf));
if (get_res >= sizeof(buf) || get_res == 0) {
return "";
}
Reported by FlawFinder.
Line: 100
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (res->empty()) {
#ifdef _WIN32
char temp_path_buffer[MAX_PATH];
auto len = GetTempPathA(MAX_PATH, temp_path_buffer);
if (len < MAX_PATH && len != 0) {
std::string temp_dir_name = temp_path_buffer;
if (!absl::EndsWith(temp_dir_name, "\\")) {
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/debugging/internal/demangle_test.cc
5 issues
Line: 42
}
// Test corner cases of bounary conditions.
TEST(Demangle, CornerCases) {
char tmp[10];
EXPECT_TRUE(Demangle("_Z6foobarv", tmp, sizeof(tmp)));
// sizeof("foobar()") == 9
EXPECT_STREQ("foobar()", tmp);
EXPECT_TRUE(Demangle("_Z6foobarv", tmp, 9));
Reported by Cppcheck.
Line: 33
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// A wrapper function for Demangle() to make the unit test simple.
static const char *DemangleIt(const char * const mangled) {
static char demangled[4096];
if (Demangle(mangled, demangled, sizeof(demangled))) {
return demangled;
} else {
return mangled;
}
Reported by FlawFinder.
Line: 43
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Test corner cases of bounary conditions.
TEST(Demangle, CornerCases) {
char tmp[10];
EXPECT_TRUE(Demangle("_Z6foobarv", tmp, sizeof(tmp)));
// sizeof("foobar()") == 9
EXPECT_STREQ("foobar()", tmp);
EXPECT_TRUE(Demangle("_Z6foobarv", tmp, 9));
EXPECT_STREQ("foobar()", tmp);
Reported by FlawFinder.
Line: 62
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// suffixes are used to indicate functions which have been cloned
// during optimization. We ignore these suffixes.
TEST(Demangle, Clones) {
char tmp[20];
EXPECT_TRUE(Demangle("_ZL3Foov", tmp, sizeof(tmp)));
EXPECT_STREQ("Foo()", tmp);
EXPECT_TRUE(Demangle("_ZL3Foov.clone.3", tmp, sizeof(tmp)));
EXPECT_STREQ("Foo()", tmp);
EXPECT_TRUE(Demangle("_ZL3Foov.constprop.80", tmp, sizeof(tmp)));
Reported by FlawFinder.
Line: 114
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
!defined(ABSL_HAVE_THREAD_SANITIZER)
static const char *g_mangled;
static char g_demangle_buffer[4096];
static char *g_demangle_result;
static void DemangleSignalHandler(int signo) {
if (Demangle(g_mangled, g_demangle_buffer, sizeof(g_demangle_buffer))) {
g_demangle_result = g_demangle_buffer;
Reported by FlawFinder.
site_scons/site_tools/libtool.py
5 issues
Line: 23
Column: 1
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
import SCons
def generate(env):
env["AR"] = "libtool"
Reported by Pylint.
Line: 23
Column: 1
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
import SCons
def generate(env):
env["AR"] = "libtool"
Reported by Pylint.
Line: 1
Column: 1
# Copyright 2020 MongoDB Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
Reported by Pylint.
Line: 26
Column: 1
import SCons
def generate(env):
env["AR"] = "libtool"
env["ARCOM"] = "$AR -static -o $TARGET $ARFLAGS $SOURCES"
env["ARFLAGS"] = ["-s", "-no_warning_for_no_symbols"]
Reported by Pylint.
Line: 37
Column: 1
env["RANLIBCOMSTR"] = "Skipping ranlib for libtool generated target $TARGET"
def exists(env):
return env.detect("libtool")
Reported by Pylint.
src/third_party/abseil-cpp-master/abseil-cpp/absl/base/exception_safety_testing_test.cc
5 issues
Line: 48
}
}
TEST(ThrowingValueTest, Throws) {
SetCountdown();
EXPECT_THROW(ThrowingValue<> bomb, TestException);
// It's not guaranteed that every operator only throws *once*. The default
// ctor only throws once, though, so use it to make sure we only throw when
Reported by Cppcheck.
Line: 337
Column: 37
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// new[].
constexpr int kStorageLen = 4;
alignas(ThrowingValue<>) unsigned char buf[sizeof(ThrowingValue<>)];
alignas(ThrowingValue<>) unsigned char
array_buf[sizeof(ThrowingValue<>[kStorageLen])];
auto* placed = new (&buf) ThrowingValue<>(1);
auto placed_array = new (&array_buf) ThrowingValue<>[kArrayLen];
Reported by FlawFinder.
Line: 338
Column: 37
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
constexpr int kStorageLen = 4;
alignas(ThrowingValue<>) unsigned char buf[sizeof(ThrowingValue<>)];
alignas(ThrowingValue<>) unsigned char
array_buf[sizeof(ThrowingValue<>[kStorageLen])];
auto* placed = new (&buf) ThrowingValue<>(1);
auto placed_array = new (&array_buf) ThrowingValue<>[kArrayLen];
SetCountdown();
Reported by FlawFinder.
Line: 903
Column: 29
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
TEST(ConstructorTrackerTest, NotDestroyedAfter) {
alignas(Tracked) unsigned char storage[sizeof(Tracked)];
EXPECT_NONFATAL_FAILURE(
{
exceptions_internal::ConstructorTracker ct(
exceptions_internal::countdown);
new (&storage) Tracked();
Reported by FlawFinder.
Line: 925
Column: 29
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TEST(ConstructorTrackerTest, ConstructedTwice) {
exceptions_internal::ConstructorTracker ct(exceptions_internal::countdown);
alignas(Tracked) unsigned char storage[sizeof(Tracked)];
EXPECT_NONFATAL_FAILURE(
{
new (&storage) Tracked();
new (&storage) Tracked();
reinterpret_cast<Tracked*>(&storage)->~Tracked();
Reported by FlawFinder.
src/third_party/scons-3.1.2/scons-local-3.1.2/SCons/Tool/packaging/targz.py
5 issues
Line: 33
Column: 1
from SCons.Tool.packaging import stripinstallbuilder, putintopackageroot
def package(env, target, source, PACKAGEROOT, **kw):
bld = env['BUILDERS']['Tar']
bld.set_suffix('.tar.gz')
target, source = stripinstallbuilder(target, source, env)
target, source = putintopackageroot(target, source, env, PACKAGEROOT)
return bld(env, target, source, TARFLAGS='-zc')
Reported by Pylint.
Line: 8
Column: 2
#
# Copyright (c) 2001 - 2019 The SCons Foundation
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
Reported by Pylint.
Line: 29
Column: 1
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
__revision__ = "src/engine/SCons/Tool/packaging/targz.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"
from SCons.Tool.packaging import stripinstallbuilder, putintopackageroot
def package(env, target, source, PACKAGEROOT, **kw):
bld = env['BUILDERS']['Tar']
Reported by Pylint.
Line: 33
Column: 1
from SCons.Tool.packaging import stripinstallbuilder, putintopackageroot
def package(env, target, source, PACKAGEROOT, **kw):
bld = env['BUILDERS']['Tar']
bld.set_suffix('.tar.gz')
target, source = stripinstallbuilder(target, source, env)
target, source = putintopackageroot(target, source, env, PACKAGEROOT)
return bld(env, target, source, TARFLAGS='-zc')
Reported by Pylint.
Line: 33
Column: 1
from SCons.Tool.packaging import stripinstallbuilder, putintopackageroot
def package(env, target, source, PACKAGEROOT, **kw):
bld = env['BUILDERS']['Tar']
bld.set_suffix('.tar.gz')
target, source = stripinstallbuilder(target, source, env)
target, source = putintopackageroot(target, source, env, PACKAGEROOT)
return bld(env, target, source, TARFLAGS='-zc')
Reported by Pylint.
src/third_party/scons-3.1.2/scons-local-3.1.2/SCons/Tool/packaging/zip.py
5 issues
Line: 33
Column: 1
from SCons.Tool.packaging import stripinstallbuilder, putintopackageroot
def package(env, target, source, PACKAGEROOT, **kw):
bld = env['BUILDERS']['Zip']
bld.set_suffix('.zip')
target, source = stripinstallbuilder(target, source, env)
target, source = putintopackageroot(target, source, env, PACKAGEROOT)
return bld(env, target, source)
Reported by Pylint.
Line: 8
Column: 2
#
# Copyright (c) 2001 - 2019 The SCons Foundation
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
Reported by Pylint.
Line: 29
Column: 1
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
__revision__ = "src/engine/SCons/Tool/packaging/zip.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"
from SCons.Tool.packaging import stripinstallbuilder, putintopackageroot
def package(env, target, source, PACKAGEROOT, **kw):
bld = env['BUILDERS']['Zip']
Reported by Pylint.
Line: 33
Column: 1
from SCons.Tool.packaging import stripinstallbuilder, putintopackageroot
def package(env, target, source, PACKAGEROOT, **kw):
bld = env['BUILDERS']['Zip']
bld.set_suffix('.zip')
target, source = stripinstallbuilder(target, source, env)
target, source = putintopackageroot(target, source, env, PACKAGEROOT)
return bld(env, target, source)
Reported by Pylint.
Line: 33
Column: 1
from SCons.Tool.packaging import stripinstallbuilder, putintopackageroot
def package(env, target, source, PACKAGEROOT, **kw):
bld = env['BUILDERS']['Zip']
bld.set_suffix('.zip')
target, source = stripinstallbuilder(target, source, env)
target, source = putintopackageroot(target, source, env, PACKAGEROOT)
return bld(env, target, source)
Reported by Pylint.
src/third_party/scons-3.1.2/scons-local-3.1.2/SCons/Tool/packaging/src_zip.py
5 issues
Line: 33
Column: 1
from SCons.Tool.packaging import putintopackageroot
def package(env, target, source, PACKAGEROOT, **kw):
bld = env['BUILDERS']['Zip']
bld.set_suffix('.zip')
target, source = putintopackageroot(target, source, env, PACKAGEROOT, honor_install_location=0)
return bld(env, target, source)
Reported by Pylint.
Line: 8
Column: 2
#
# Copyright (c) 2001 - 2019 The SCons Foundation
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
Reported by Pylint.
Line: 29
Column: 1
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
__revision__ = "src/engine/SCons/Tool/packaging/src_zip.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"
from SCons.Tool.packaging import putintopackageroot
def package(env, target, source, PACKAGEROOT, **kw):
bld = env['BUILDERS']['Zip']
Reported by Pylint.
Line: 33
Column: 1
from SCons.Tool.packaging import putintopackageroot
def package(env, target, source, PACKAGEROOT, **kw):
bld = env['BUILDERS']['Zip']
bld.set_suffix('.zip')
target, source = putintopackageroot(target, source, env, PACKAGEROOT, honor_install_location=0)
return bld(env, target, source)
Reported by Pylint.
Line: 33
Column: 1
from SCons.Tool.packaging import putintopackageroot
def package(env, target, source, PACKAGEROOT, **kw):
bld = env['BUILDERS']['Zip']
bld.set_suffix('.zip')
target, source = putintopackageroot(target, source, env, PACKAGEROOT, honor_install_location=0)
return bld(env, target, source)
Reported by Pylint.