The following issues were found
src/third_party/kms-message/src/kms_gcp_request.c
4 issues
Line: 96
Column: 11
CWE codes:
126
private_key_data,
private_key_len,
jwt_header_and_claims_b64url,
strlen (jwt_header_and_claims_b64url),
jwt_signature)) {
KMS_ERROR (req, "Failed to create GCP oauth request signature");
goto done;
}
Reported by FlawFinder.
Line: 134
Column: 51
CWE codes:
126
goto done;
}
if (!kms_request_append_payload (req, payload, strlen (payload))) {
goto done;
}
done:
free (jwt_signature);
Reported by FlawFinder.
Line: 178
Column: 23
CWE codes:
126
location,
key_ring_name,
key_name);
if (key_version && strlen (key_version) > 0) {
kms_request_str_appendf (str, "/cryptoKeyVersions/%s", key_version);
}
kms_request_str_appendf (str, ":%s", encrypt_decrypt);
path_and_query = kms_request_str_detach (str);
Reported by FlawFinder.
Line: 227
Column: 51
CWE codes:
126
goto done;
}
if (!kms_request_append_payload (req, payload, strlen (payload))) {
goto done;
}
done:
kms_request_free_string (path_and_query);
Reported by FlawFinder.
src/mongo/util/str.h
4 issues
Line: 123
Column: 18
CWE codes:
126
return strncmp(s.c_str() + x - l, p.c_str(), l) == 0;
}
inline bool endsWith(const char* s, char p) {
size_t len = strlen(s);
return len && s[len - 1] == p;
}
inline bool endsWith(const char* p, const char* suffix) {
size_t a = strlen(p);
size_t b = strlen(suffix);
Reported by FlawFinder.
Line: 127
Column: 16
CWE codes:
126
return len && s[len - 1] == p;
}
inline bool endsWith(const char* p, const char* suffix) {
size_t a = strlen(p);
size_t b = strlen(suffix);
if (b > a)
return false;
return strcmp(p + a - b, suffix) == 0;
}
Reported by FlawFinder.
Line: 128
Column: 16
CWE codes:
126
}
inline bool endsWith(const char* p, const char* suffix) {
size_t a = strlen(p);
size_t b = strlen(suffix);
if (b > a)
return false;
return strcmp(p + a - b, suffix) == 0;
}
Reported by FlawFinder.
Line: 147
Column: 33
CWE codes:
126
/** find string x, and return rest of the string thereafter, or an empty string if not found */
inline const char* after(const char* s, const char* x) {
const char* p = strstr(s, x);
return (p != nullptr) ? p + strlen(x) : "";
}
inline mongo::StringData after(mongo::StringData s, mongo::StringData x) {
auto pos = s.find(x);
return s.substr(pos == std::string::npos ? s.size() : pos + x.size());
}
Reported by FlawFinder.
src/mongo/base/simple_string_data_comparator.cpp
4 issues
Line: 48
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
template <>
size_t murmur3<4>(StringData str, size_t seed) {
char hash[4];
MurmurHash3_x86_32(str.rawData(), str.size(), seed, &hash);
return ConstDataView(hash).read<LittleEndian<std::uint32_t>>();
}
template <>
Reported by FlawFinder.
Line: 55
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
template <>
size_t murmur3<8>(StringData str, size_t seed) {
char hash[16];
MurmurHash3_x64_128(str.rawData(), str.size(), seed, hash);
return static_cast<size_t>(ConstDataView(hash).read<LittleEndian<std::uint64_t>>());
}
} // namespace
Reported by FlawFinder.
Line: 50
Column: 32
CWE codes:
120
20
size_t murmur3<4>(StringData str, size_t seed) {
char hash[4];
MurmurHash3_x86_32(str.rawData(), str.size(), seed, &hash);
return ConstDataView(hash).read<LittleEndian<std::uint32_t>>();
}
template <>
size_t murmur3<8>(StringData str, size_t seed) {
char hash[16];
Reported by FlawFinder.
Line: 57
Column: 52
CWE codes:
120
20
size_t murmur3<8>(StringData str, size_t seed) {
char hash[16];
MurmurHash3_x64_128(str.rawData(), str.size(), seed, hash);
return static_cast<size_t>(ConstDataView(hash).read<LittleEndian<std::uint64_t>>());
}
} // namespace
const SimpleStringDataComparator SimpleStringDataComparator::kInstance{};
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/i18n/zonemeta.cpp
4 issues
Line: 269
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// If not, resolve CLDR canonical ID with resource data
UBool isInputCanonical = FALSE;
char id[ZID_KEY_MAX + 1];
tzid.extract(0, 0x7fffffff, id, UPRV_LENGTHOF(id), US_INV);
// replace '/' with ':'
char *p = id;
while (*p++) {
Reported by FlawFinder.
Line: 628
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
getCanonicalCLDRID(tzid, canonicalID, status);
if (U_SUCCESS(status)) {
char tzKey[ZID_KEY_MAX + 1];
int32_t tzKeyLen = canonicalID.extract(0, canonicalID.length(), tzKey, sizeof(tzKey), US_INV);
tzKey[tzKeyLen] = 0;
// tzid keys are using ':' as separators
char *p = tzKey;
Reported by FlawFinder.
Line: 713
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
UErrorCode status = U_ZERO_ERROR;
const UChar *tzid = NULL;
int32_t tzidLen = 0;
char keyBuf[ZID_KEY_MAX + 1];
int32_t keyLen = 0;
if (mzid.isBogus() || mzid.length() > ZID_KEY_MAX) {
result.setToBogus();
return result;
Reported by FlawFinder.
Line: 910
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ZoneMeta::getShortIDFromCanonical(const UChar* canonicalID) {
const UChar* shortID = NULL;
int32_t len = u_strlen(canonicalID);
char tzidKey[ZID_KEY_MAX + 1];
u_UCharsToChars(canonicalID, tzidKey, len);
tzidKey[len] = (char) 0; // Make sure it is null terminated.
// replace '/' with ':'
Reported by FlawFinder.
src/mongo/util/stacktrace_threads.cpp
4 issues
Line: 361
Column: 22
CWE codes:
362
};
struct AbstractEmitter {
virtual void open() = 0;
virtual void prologue(const BSONObj& obj) = 0;
virtual void threadRecordsOpen() = 0;
virtual void threadRecord(const BSONObj& obj) = 0;
virtual void threadRecordsClose() = 0;
virtual void close() = 0;
Reported by FlawFinder.
Line: 477
Column: 14
CWE codes:
362
void State::printStacks(StackTraceSink& sink) {
struct SinkEmitter : public AbstractEmitter {
explicit SinkEmitter(StackTraceSink& s) : _sink{s} {}
void open() override {}
void prologue(const BSONObj& obj) override {
for (auto& e : obj)
_bob.append(e);
}
void threadRecordsOpen() override {
Reported by FlawFinder.
Line: 505
Column: 14
CWE codes:
362
void State::printStacks() {
struct LogEmitter : public AbstractEmitter {
void open() override {
LOGV2(31423, "===== multithread stacktrace session begin =====");
}
void prologue(const BSONObj& obj) override {
LOGV2(31424,
"Stacktrace Prologue: {prologue}",
Reported by FlawFinder.
Line: 545
Column: 13
CWE codes:
362
for (auto&& addrPtr : msg->addrRange())
metaGen.load(addrPtr);
emitter.open();
{
BSONObjBuilder prologue;
if (!missedTids.empty()) {
BSONArrayBuilder tidArray(prologue.subarrayStart("missedThreadIds"_sd));
for (int tid : missedTids)
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/i18n/vtzone.cpp
4 issues
Line: 954
}
UOBJECT_DEFINE_RTTI_IMPLEMENTATION(VTimeZone)
VTimeZone::VTimeZone()
: BasicTimeZone(), tz(NULL), vtzlines(NULL),
lastmod(MAX_MILLIS) {
}
Reported by Cppcheck.
Line: 1261
Column: 27
CWE codes:
120
20
UnicodeString line;
while (TRUE) {
UChar ch = reader.read();
if (ch == 0xFFFF) {
// end of file
if (start && line.startsWith(ICAL_END_VTIMEZONE, -1)) {
vtzlines->addElement(new UnicodeString(line), status);
if (U_FAILURE(status)) {
Reported by FlawFinder.
src/third_party/wiredtiger/test/csuite/random_directio/util.c
4 issues
Line: 57
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uintptr_t bufptr;
int openflags, rfd, wfd;
u_char *buf, *orig_buf;
char fromfile[4096], tofile[4096];
#ifdef O_DIRECT
openflags = directio ? O_DIRECT : 0;
#else
testutil_assert(!directio);
Reported by FlawFinder.
Line: 97
Column: 15
CWE codes:
362
testutil_check(__wt_snprintf(fromfile, sizeof(fromfile), "%s/%s", fromdir, dp->d_name));
testutil_check(__wt_snprintf(tofile, sizeof(tofile), "%s/%s", todir, dp->d_name));
rfd = open(fromfile, O_RDONLY | openflags, 0);
/*
* The child process may have been stopped during a drop and WiredTiger drop will do an
* unlink call followed by syncing the directory. It is possible for the signal to have been
* delivered in between those calls so the file may no longer exist but reading the
* directory will still return its entry. Handle that case and skip the file if it happens.
Reported by FlawFinder.
Line: 109
Column: 15
CWE codes:
362
continue;
}
testutil_assertfmt(rfd >= 0, "Open of source %s failed with %d\n", fromfile, errno);
wfd = open(tofile, O_WRONLY | O_CREAT, 0666);
testutil_assertfmt(wfd >= 0, "Open of dest %s failed with %d\n", tofile, errno);
testutil_check(fstat(rfd, &sb));
/*
* Do any alignment on the buffer required for direct IO.
Reported by FlawFinder.
Line: 146
Column: 21
CWE codes:
120
20
*/
if (directio)
readbytes = ALIGN_UP(n, blksize);
ioret = read(rfd, buf, readbytes);
testutil_assert(ioret >= 0 && (size_t)ioret == n);
ioret = write(wfd, buf, n);
testutil_assert(ioret >= 0 && (size_t)ioret == n);
remaining -= n;
}
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/i18n/vzone.cpp
4 issues
Line: 59
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
UBool b = ((VTimeZone*)zone)->VTimeZone::getTZURL(s);
urlLength = s.length();
memcpy(url,s.getBuffer(),urlLength);
return b;
}
U_CAPI void U_EXPORT2
Reported by FlawFinder.
Line: 87
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
resultLength = s.length();
result = (UChar*)uprv_malloc(resultLength);
memcpy(result,s.getBuffer(),resultLength);
return;
}
U_CAPI void U_EXPORT2
Reported by FlawFinder.
Line: 99
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
resultLength = s.length();
result = (UChar*)uprv_malloc(resultLength);
memcpy(result,s.getBuffer(),resultLength);
return;
}
U_CAPI void U_EXPORT2
Reported by FlawFinder.
Line: 111
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
resultLength = s.length();
result = (UChar*)uprv_malloc(resultLength);
memcpy(result,s.getBuffer(),resultLength);
return;
}
U_CAPI int32_t U_EXPORT2
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/ds/LifoAlloc.h
4 issues
Line: 919
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (MOZ_UNLIKELY(!n))
return nullptr;
MOZ_ASSERT(!(oldSize & mozilla::tl::MulOverflowMask<sizeof(T)>::value));
memcpy(n, p, Min(oldSize * sizeof(T), newSize * sizeof(T)));
return n;
}
template <typename T>
T* pod_malloc(size_t numElems) {
return maybe_pod_malloc<T>(numElems);
Reported by FlawFinder.
Line: 835
Column: 12
CWE codes:
120
20
// Move the read position forward by the size of one T.
template <typename T>
T* read(size_t size = sizeof(T)) {
return reinterpret_cast<T*>(read(size));
}
// Return a pointer to the item at the current position. This returns a
// pointer to the inline storage, not a copy, and moves the read-head by
Reported by FlawFinder.
Line: 836
Column: 41
CWE codes:
120
20
// Move the read position forward by the size of one T.
template <typename T>
T* read(size_t size = sizeof(T)) {
return reinterpret_cast<T*>(read(size));
}
// Return a pointer to the item at the current position. This returns a
// pointer to the inline storage, not a copy, and moves the read-head by
// the requested |size|.
Reported by FlawFinder.
Line: 842
Column: 15
CWE codes:
120
20
// Return a pointer to the item at the current position. This returns a
// pointer to the inline storage, not a copy, and moves the read-head by
// the requested |size|.
void* read(size_t size) {
return seekBaseAndAdvanceBy(size);
}
};
};
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/i18n/tzgnames.cpp
4 issues
Line: 299
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TextTrieMap fGNamesTrie;
UBool fGNamesTrieFullyLoaded;
char fTargetRegion[ULOC_COUNTRY_CAPACITY];
void initialize(const Locale& locale, UErrorCode& status);
void cleanup();
void loadStrings(const UnicodeString& tzCanonicalID);
Reported by FlawFinder.
Line: 409
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char* region = fLocale.getCountry();
int32_t regionLen = uprv_strlen(region);
if (regionLen == 0) {
char loc[ULOC_FULLNAME_CAPACITY];
uloc_addLikelySubtags(fLocale.getName(), loc, sizeof(loc), &status);
regionLen = uloc_getCountry(loc, fTargetRegion, sizeof(fTargetRegion), &status);
if (U_SUCCESS(status)) {
fTargetRegion[regionLen] = 0;
Reported by FlawFinder.
Line: 536
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!usCountryCode.isEmpty()) {
if (isPrimary) {
// If this is the primary zone in the country, use the country name.
char countryCode[ULOC_COUNTRY_CAPACITY];
U_ASSERT(usCountryCode.length() < ULOC_COUNTRY_CAPACITY);
int32_t ccLen = usCountryCode.extract(0, usCountryCode.length(), countryCode, sizeof(countryCode), US_INV);
countryCode[ccLen] = 0;
UnicodeString country;
Reported by FlawFinder.
Line: 779
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
UnicodeString usCountryCode;
ZoneMeta::getCanonicalCountry(tzCanonicalID, usCountryCode);
if (!usCountryCode.isEmpty()) {
char countryCode[ULOC_COUNTRY_CAPACITY];
U_ASSERT(usCountryCode.length() < ULOC_COUNTRY_CAPACITY);
int32_t ccLen = usCountryCode.extract(0, usCountryCode.length(), countryCode, sizeof(countryCode), US_INV);
countryCode[ccLen] = 0;
UnicodeString regionalGolden;
Reported by FlawFinder.