The following issues were found
src/third_party/boost/libs/log/src/thread_specific.cpp
4 issues
Line: 189
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BOOST_LOG_THROW_DESCR_PARAMS(system_error, "TLS capacity depleted", (res));
}
std::memset(&stg, 0, sizeof(stg));
std::memcpy(&stg, &key, sizeof(pthread_key_type));
}
static void deallocate(void* stg)
{
pthread_key_type key;
Reported by FlawFinder.
Line: 195
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void deallocate(void* stg)
{
pthread_key_type key;
std::memcpy(&key, &stg, sizeof(pthread_key_type));
pthread_key_delete(key);
}
static void set_value(void* stg, void* value)
{
Reported by FlawFinder.
Line: 202
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void set_value(void* stg, void* value)
{
pthread_key_type key;
std::memcpy(&key, &stg, sizeof(pthread_key_type));
const int res = pthread_setspecific(key, value);
if (BOOST_UNLIKELY(res != 0))
{
BOOST_LOG_THROW_DESCR_PARAMS(system_error, "Failed to set TLS value", (res));
}
Reported by FlawFinder.
Line: 213
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static void* get_value(void* stg)
{
pthread_key_type key;
std::memcpy(&key, &stg, sizeof(pthread_key_type));
return pthread_getspecific(key);
}
};
template< typename KeyT >
Reported by FlawFinder.
src/third_party/boost/libs/log/src/setup/default_formatter_factory.cpp
4 issues
Line: 102
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void operator() (std::tm const& value) const
{
char buf[32];
std::size_t len = std::strftime(buf, sizeof(buf), "%Y-%m-%d %H:%M:%S", &value);
m_strm.write(buf, len);
}
void operator() (boost::posix_time::ptime const& value) const
Reported by FlawFinder.
Line: 112
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!value.is_special())
{
std::tm t = boost::posix_time::to_tm(value);
char buf[32];
std::size_t len = std::strftime(buf, sizeof(buf), "%Y-%m-%d %H:%M:%S", &t);
std::size_t size = sizeof(buf) - len;
int res = boost::log::aux::snprintf(buf + len, size, ".%.6u", static_cast< unsigned int >(value.time_of_day().total_microseconds() % 1000000));
if (res < 0)
buf[len] = '\0';
Reported by FlawFinder.
Line: 149
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!value.is_special())
{
std::tm t = boost::gregorian::to_tm(value);
char buf[32];
std::size_t len = std::strftime(buf, sizeof(buf), "%Y-%m-%d", &t);
m_strm.write(buf, len);
}
else
{
Reported by FlawFinder.
Line: 174
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int minutes = static_cast< unsigned int >(total_useconds / (60ull * 1000000ull) % 60ull);
unsigned int seconds = static_cast< unsigned int >(total_useconds / 1000000ull % 60ull);
unsigned int useconds = static_cast< unsigned int >(total_useconds % 1000000ull);
char buf[64];
int len = boost::log::aux::snprintf(buf, sizeof(buf), "%.2llu:%.2u:%.2u.%.6u", hours, minutes, seconds, useconds);
if (len > 0)
{
unsigned int size = static_cast< unsigned int >(len) >= sizeof(buf) ? static_cast< unsigned int >(sizeof(buf)) : static_cast< unsigned int >(len);
m_strm.write(buf, size);
Reported by FlawFinder.
src/third_party/boost/libs/locale/src/std/std_backend.cpp
4 issues
Line: 130
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
std::pair<std::string,int> res("C",0);
unsigned lcid = impl_win::locale_to_lcid(l);
char win_lang[256] = {0};
char win_country[256] = {0};
char win_codepage[10] = {0};
if(GetLocaleInfoA(lcid,LOCALE_SENGLANGUAGE,win_lang,sizeof(win_lang))==0)
return res;
std::string lc_name = win_lang;
Reported by FlawFinder.
Line: 131
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
std::pair<std::string,int> res("C",0);
unsigned lcid = impl_win::locale_to_lcid(l);
char win_lang[256] = {0};
char win_country[256] = {0};
char win_codepage[10] = {0};
if(GetLocaleInfoA(lcid,LOCALE_SENGLANGUAGE,win_lang,sizeof(win_lang))==0)
return res;
std::string lc_name = win_lang;
if(GetLocaleInfoA(lcid,LOCALE_SENGCOUNTRY,win_country,sizeof(win_country))!=0) {
Reported by FlawFinder.
Line: 132
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned lcid = impl_win::locale_to_lcid(l);
char win_lang[256] = {0};
char win_country[256] = {0};
char win_codepage[10] = {0};
if(GetLocaleInfoA(lcid,LOCALE_SENGLANGUAGE,win_lang,sizeof(win_lang))==0)
return res;
std::string lc_name = win_lang;
if(GetLocaleInfoA(lcid,LOCALE_SENGCOUNTRY,win_country,sizeof(win_country))!=0) {
lc_name += "_";
Reported by FlawFinder.
Line: 144
Column: 30
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
res.first = lc_name;
if(GetLocaleInfoA(lcid,LOCALE_IDEFAULTANSICODEPAGE,win_codepage,sizeof(win_codepage))!=0)
res.second = atoi(win_codepage);
return res;
}
#endif
bool loadable(std::string name)
Reported by FlawFinder.
src/third_party/boost/libs/log/src/code_conversion.cpp
4 issues
Line: 240
Column: 30
CWE codes:
120
else if (BOOST_UNLIKELY(utf8_len > static_cast< std::size_t >((std::numeric_limits< int >::max)())))
BOOST_LOG_THROW_DESCR(bad_alloc, "UTF-8 string too long");
int len = boost::winapi::MultiByteToWideChar(boost::winapi::CP_UTF8_, boost::winapi::MB_ERR_INVALID_CHARS_, str, static_cast< int >(utf8_len), NULL, 0);
if (BOOST_LIKELY(len > 0))
{
std::wstring wstr;
wstr.resize(len);
Reported by FlawFinder.
Line: 246
Column: 30
CWE codes:
120
std::wstring wstr;
wstr.resize(len);
len = boost::winapi::MultiByteToWideChar(boost::winapi::CP_UTF8_, boost::winapi::MB_ERR_INVALID_CHARS_, str, static_cast< int >(utf8_len), &wstr[0], len);
if (BOOST_LIKELY(len > 0))
{
return wstr;
}
}
Reported by FlawFinder.
Line: 234
Column: 33
CWE codes:
126
//! Converts UTF-8 to UTF-16
std::wstring utf8_to_utf16(const char* str)
{
std::size_t utf8_len = std::strlen(str);
if (utf8_len == 0)
return std::wstring();
else if (BOOST_UNLIKELY(utf8_len > static_cast< std::size_t >((std::numeric_limits< int >::max)())))
BOOST_LOG_THROW_DESCR(bad_alloc, "UTF-8 string too long");
Reported by FlawFinder.
Line: 261
Column: 34
CWE codes:
126
//! Converts UTF-16 to UTF-8
std::string utf16_to_utf8(const wchar_t* wstr)
{
std::size_t utf16_len = std::wcslen(wstr);
if (utf16_len == 0)
return std::string();
else if (BOOST_UNLIKELY(utf16_len > static_cast< std::size_t >((std::numeric_limits< int >::max)())))
BOOST_LOG_THROW_DESCR(bad_alloc, "UTF-16 string too long");
Reported by FlawFinder.
src/mongo/shell/shell_utils_launcher.cpp
4 issues
Line: 1155
CWE codes:
587
uassert(ErrorCodes::FailedToParse, "wrong number of arguments", nFields >= 1 && nFields <= 4);
uassert(ErrorCodes::BadValue, "stopMongoProgram needs a number", a.firstElement().isNumber());
int port = int(a.firstElement().number());
LOGV2_INFO(22820, "shell: Stopping mongo program", "waitpid"_attr = getWaitPid(a));
int code =
killDb(port, ProcessId::fromNative(0), getSignal(a), getStopMongodOpts(a), getWaitPid(a));
LOGV2_INFO(22821, "shell: Stopped mongo program on port", "port"_attr = port);
return BSON("" << (double)code);
}
Reported by Cppcheck.
Line: 635
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
boost::filesystem::path potentialBinary = boost::filesystem::path(pathEntry) / p;
if (boost::filesystem::exists(potentialBinary) &&
boost::filesystem::is_regular_file(potentialBinary) &&
access(potentialBinary.c_str(), X_OK) == 0) {
return potentialBinary;
}
}
#endif
Reported by FlawFinder.
Line: 618
Column: 25
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
#ifndef _WIN32
// On POSIX, we need to manually resolve the $PATH variable, to try and find the binary in the
// filesystem.
const char* cpath = getenv("PATH");
if (!cpath) {
// PATH was unset, so path search is implementation defined
return t;
}
Reported by FlawFinder.
Line: 100
Column: 12
CWE codes:
120
20
inline int close(int fd) {
return _close(fd);
}
inline int read(int fd, void* buf, size_t size) {
return _read(fd, buf, size);
}
inline int pipe(int fds[2]) {
return _pipe(fds, 4096, _O_TEXT | _O_NOINHERIT);
}
Reported by FlawFinder.
src/third_party/boost/libs/locale/src/posix/numeric.cpp
4 issues
Line: 64
if(n >= 0)
return write_it(out,buf,n);
for(std::vector<char> tmp(sizeof(buf)*2);tmp.size() <= 4098;tmp.resize(tmp.size()*2)) {
n = strfmon_l(&tmp.front(),tmp.size(),*lc_,format,static_cast<double>(val));
if(n >= 0)
return write_it(out,&tmp.front(),n);
}
return out;
Reported by Cppcheck.
Line: 57
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
virtual iter_type do_format_currency(bool intl,iter_type out,std::ios_base &/*ios*/,char_type /*fill*/,long double val) const
{
char buf[4]={};
char const *format = intl ? "%i" : "%n";
errno=0;
ssize_t n = strfmon_l(buf,sizeof(buf),*lc_,format,static_cast<double>(val));
if(n >= 0)
return write_it(out,buf,n);
Reported by FlawFinder.
Line: 100
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ftime_traits<char> {
static std::string ftime(char const *format,const struct tm *t,locale_t lc)
{
char buf[16];
size_t n=strftime_l(buf,sizeof(buf),format,t,lc);
if(n == 0) {
// should be big enough
//
// Note standard specifies that in case of the error
Reported by FlawFinder.
Line: 124
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static std::wstring ftime(wchar_t const *format,const struct tm *t,locale_t lc)
{
#ifdef HAVE_WCSFTIME_L
wchar_t buf[16];
size_t n=wcsftime_l(buf,sizeof(buf)/sizeof(buf[0]),format,t,lc);
if(n == 0) {
// should be big enough
//
// Note standard specifies that in case of the error
Reported by FlawFinder.
src/mongo/shell/linenoise_utf8.h
4 issues
Line: 145
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
UtfStringMixin(const UtfStringMixin& other) // copies like std::string
: _len(other._len), _cap(other._len + 1), _chars(other._chars), _str(new char_t[_cap]) {
memcpy(_str.get(), other._str.get(), _cap * sizeof(char_t));
}
UtfStringMixin& operator=(UtfStringMixin copy) {
this->swap(copy);
return *this;
Reported by FlawFinder.
Line: 215
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
_chars = _len = strlen32(s);
_cap = _len + 1;
_str.reset(new UChar32[_cap]);
memcpy(_str.get(), s, _cap * sizeof(UChar32));
}
explicit Utf32String(const UChar32* s, int textLen) {
_chars = _len = textLen;
_cap = _len + 1;
_str.reset(new UChar32[_cap]);
Reported by FlawFinder.
Line: 221
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
_chars = _len = textLen;
_cap = _len + 1;
_str.reset(new UChar32[_cap]);
memcpy(_str.get(), s, _len * sizeof(UChar32));
_str[_len] = 0;
}
explicit Utf32String(const UChar8* s, int chars = -1) {
initFrom8(s, chars);
}
Reported by FlawFinder.
Line: 245
Column: 25
CWE codes:
126
void initFrom8(const UChar8* s, int chars) {
Utf32String temp;
if (chars == -1) {
temp._cap = strlen(reinterpret_cast<const char*>(s)) + 1; // worst case ASCII
} else {
temp._cap = chars + 1;
}
temp._str.reset(new char_t[temp._cap]);
int error;
Reported by FlawFinder.
src/third_party/boost/boost/xpressive/regex_iterator.hpp
4 issues
Line: 35
Column: 43
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct regex_iterator_impl
: counted_base<regex_iterator_impl<BidiIter> >
{
typedef detail::core_access<BidiIter> access;
regex_iterator_impl
(
BidiIter begin
, BidiIter cur
Reported by FlawFinder.
Line: 49
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
)
: rex_(rex)
, what_()
, state_(begin, end, what_, *access::get_regex_impl(rex_), flags)
, flags_(flags)
, not_null_(not_null)
{
this->state_.cur_ = cur;
this->state_.next_search_ = next_search;
Reported by FlawFinder.
Line: 59
Column: 42
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
bool next()
{
this->state_.reset(this->what_, *access::get_regex_impl(this->rex_));
if(!regex_search_impl(this->state_, this->rex_, this->not_null_))
{
return false;
}
Reported by FlawFinder.
Line: 66
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
// Report position() correctly by setting the base different from prefix().first
access::set_base(this->what_, this->state_.begin_);
this->state_.cur_ = this->state_.next_search_ = this->what_[0].second;
this->not_null_ = (0 == this->what_.length());
return true;
Reported by FlawFinder.
src/third_party/boost/boost/xpressive/detail/core/results_cache.hpp
4 issues
Line: 69
Column: 39
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
template<typename BidiIter>
struct results_cache
{
typedef core_access<BidiIter> access;
match_results<BidiIter> &append_new(nested_results<BidiIter> &out)
{
if(this->cache_.empty())
{
Reported by FlawFinder.
Line: 79
Column: 30
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
else
{
BOOST_ASSERT(access::get_nested_results(this->cache_.back()).empty());
out.splice(out.end(), this->cache_, --this->cache_.end());
}
return out.back();
}
Reported by FlawFinder.
Line: 90
Column: 48
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
BOOST_ASSERT(!out.empty());
// first, reclaim any nested results
nested_results<BidiIter> &nested = access::get_nested_results(out.back());
if(!nested.empty())
{
this->reclaim_all(nested);
}
// then, reclaim the last match_results
Reported by FlawFinder.
Line: 115
Column: 52
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
// first, recursively reclaim all the nested results
for(iter_type begin = out.begin(); begin != out.end(); ++begin)
{
nested_results<BidiIter> &nested = access::get_nested_results(*begin);
if(!nested.empty())
{
this->reclaim_all(nested);
}
Reported by FlawFinder.
src/third_party/boost/boost/winapi/critical_section.hpp
4 issues
Line: 63
Column: 1
CWE codes:
Suggestion:
Use InitializeCriticalSectionAndSpinCount instead
#if BOOST_WINAPI_PARTITION_APP_SYSTEM
BOOST_WINAPI_IMPORT_EXCEPT_WM boost::winapi::VOID_ BOOST_WINAPI_WINAPI_CC
InitializeCriticalSection(boost::winapi::detail::winsdk_critical_section* lpCriticalSection);
#endif
BOOST_WINAPI_IMPORT_EXCEPT_WM boost::winapi::VOID_ BOOST_WINAPI_WINAPI_CC
EnterCriticalSection(boost::winapi::detail::winsdk_critical_section* lpCriticalSection);
Reported by FlawFinder.
Line: 105
Column: 1
CWE codes:
Suggestion:
Use InitializeCriticalSectionAndSpinCount instead
#else // defined( BOOST_WINAPI_IS_MINGW )
BOOST_WINAPI_IMPORT_EXCEPT_WM boost::winapi::VOID_ BOOST_WINAPI_WINAPI_CC
InitializeCriticalSection(boost::winapi::detail::winapi_critical_section* lpCriticalSection);
BOOST_WINAPI_IMPORT_EXCEPT_WM boost::winapi::VOID_ BOOST_WINAPI_WINAPI_CC
EnterCriticalSection(boost::winapi::detail::winapi_critical_section* lpCriticalSection);
BOOST_WINAPI_IMPORT_EXCEPT_WM boost::winapi::VOID_ BOOST_WINAPI_WINAPI_CC
Reported by FlawFinder.
Line: 180
Column: 25
CWE codes:
Suggestion:
Use InitializeCriticalSectionAndSpinCount instead
#pragma pack(pop)
#if BOOST_WINAPI_PARTITION_APP_SYSTEM
BOOST_FORCEINLINE VOID_ InitializeCriticalSection(CRITICAL_SECTION_* lpCriticalSection)
{
::InitializeCriticalSection(winapi::detail::cast_ptr(lpCriticalSection));
}
#endif
Reported by FlawFinder.
Line: 182
Column: 7
CWE codes:
Suggestion:
Use InitializeCriticalSectionAndSpinCount instead
#if BOOST_WINAPI_PARTITION_APP_SYSTEM
BOOST_FORCEINLINE VOID_ InitializeCriticalSection(CRITICAL_SECTION_* lpCriticalSection)
{
::InitializeCriticalSection(winapi::detail::cast_ptr(lpCriticalSection));
}
#endif
BOOST_FORCEINLINE VOID_ EnterCriticalSection(CRITICAL_SECTION_* lpCriticalSection)
{
Reported by FlawFinder.