The following issues were found
src/third_party/boost/boost/type_index/stl_type_index.hpp
4 issues
Line: 104
Column: 25
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
inline std::string pretty_name() const;
inline std::size_t hash_code() const BOOST_NOEXCEPT;
inline bool equal(const stl_type_index& rhs) const BOOST_NOEXCEPT;
inline bool before(const stl_type_index& rhs) const BOOST_NOEXCEPT;
template <class T>
inline static stl_type_index type_id() BOOST_NOEXCEPT;
Reported by FlawFinder.
Line: 147
Column: 45
CWE codes:
126
boost::throw_exception(std::runtime_error("Type name demangling failed"));
}
const std::string::size_type len = std::strlen(begin);
const char* end = begin + len;
if (len > cvr_saver_name_len) {
const char* b = std::strstr(begin, cvr_saver_name);
if (b) {
Reported by FlawFinder.
Line: 187
Column: 60
CWE codes:
126
#ifdef BOOST_TYPE_INDEX_STD_TYPE_INDEX_HAS_HASH_CODE
return data_->hash_code();
#else
return boost::hash_range(raw_name(), raw_name() + std::strlen(raw_name()));
#endif
}
/// @cond
Reported by FlawFinder.
Line: 206
Column: 29
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/// @endcond
inline bool stl_type_index::equal(const stl_type_index& rhs) const BOOST_NOEXCEPT {
#ifdef BOOST_TYPE_INDEX_CLASSINFO_COMPARE_BY_NAMES
return raw_name() == rhs.raw_name() || !std::strcmp(raw_name(), rhs.raw_name());
#else
return !!(*data_ == *rhs.data_);
#endif
Reported by FlawFinder.
src/third_party/boost/libs/log/src/setup/default_formatter_factory.cpp
4 issues
Line: 102
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void operator() (std::tm const& value) const
{
char buf[32];
std::size_t len = std::strftime(buf, sizeof(buf), "%Y-%m-%d %H:%M:%S", &value);
m_strm.write(buf, len);
}
void operator() (boost::posix_time::ptime const& value) const
Reported by FlawFinder.
Line: 112
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!value.is_special())
{
std::tm t = boost::posix_time::to_tm(value);
char buf[32];
std::size_t len = std::strftime(buf, sizeof(buf), "%Y-%m-%d %H:%M:%S", &t);
std::size_t size = sizeof(buf) - len;
int res = boost::log::aux::snprintf(buf + len, size, ".%.6u", static_cast< unsigned int >(value.time_of_day().total_microseconds() % 1000000));
if (res < 0)
buf[len] = '\0';
Reported by FlawFinder.
Line: 149
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!value.is_special())
{
std::tm t = boost::gregorian::to_tm(value);
char buf[32];
std::size_t len = std::strftime(buf, sizeof(buf), "%Y-%m-%d", &t);
m_strm.write(buf, len);
}
else
{
Reported by FlawFinder.
Line: 174
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int minutes = static_cast< unsigned int >(total_useconds / (60ull * 1000000ull) % 60ull);
unsigned int seconds = static_cast< unsigned int >(total_useconds / 1000000ull % 60ull);
unsigned int useconds = static_cast< unsigned int >(total_useconds % 1000000ull);
char buf[64];
int len = boost::log::aux::snprintf(buf, sizeof(buf), "%.2llu:%.2u:%.2u.%.6u", hours, minutes, seconds, useconds);
if (len > 0)
{
unsigned int size = static_cast< unsigned int >(len) >= sizeof(buf) ? static_cast< unsigned int >(sizeof(buf)) : static_cast< unsigned int >(len);
m_strm.write(buf, size);
Reported by FlawFinder.
src/third_party/boost/boost/spirit/home/support/string_traits.hpp
4 issues
Line: 72
Column: 22
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct is_string<wchar_t[N]> : mpl::true_ {};
template <std::size_t N>
struct is_string<char const[N]> : mpl::true_ {};
template <std::size_t N>
struct is_string<wchar_t const[N]> : mpl::true_ {};
template <std::size_t N>
Reported by FlawFinder.
Line: 75
Column: 22
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct is_string<char const[N]> : mpl::true_ {};
template <std::size_t N>
struct is_string<wchar_t const[N]> : mpl::true_ {};
template <std::size_t N>
struct is_string<char(&)[N]> : mpl::true_ {};
template <std::size_t N>
Reported by FlawFinder.
Line: 126
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct char_type_of<wchar_t[N]> : mpl::identity<wchar_t> {};
template <std::size_t N>
struct char_type_of<char const[N]> : mpl::identity<char const> {};
template <std::size_t N>
struct char_type_of<wchar_t const[N]> : mpl::identity<wchar_t const> {};
template <std::size_t N>
Reported by FlawFinder.
Line: 129
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct char_type_of<char const[N]> : mpl::identity<char const> {};
template <std::size_t N>
struct char_type_of<wchar_t const[N]> : mpl::identity<wchar_t const> {};
template <std::size_t N>
struct char_type_of<char(&)[N]> : mpl::identity<char> {};
template <std::size_t N>
Reported by FlawFinder.
src/third_party/boost/boost/regex/v4/unicode_iterator.hpp
4 issues
Line: 167
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
extract_current();
return m_values[m_current];
}
bool equal(const u32_to_u16_iterator& that)const
{
if(m_position == that.m_position)
{
// Both m_currents must be equal, or both even
// this is the same as saying their sum must be even:
Reported by FlawFinder.
Line: 282
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
extract_current();
return m_value;
}
bool equal(const u16_to_u32_iterator& that)const
{
return m_position == that.m_position;
}
void increment()
{
Reported by FlawFinder.
Line: 397
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
extract_current();
return m_values[m_current];
}
bool equal(const u32_to_u8_iterator& that)const
{
if(m_position == that.m_position)
{
// either the m_current's must be equal, or one must be 0 and
// the other 4: which means neither must have bits 1 or 2 set:
Reported by FlawFinder.
Line: 525
Column: 9
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
extract_current();
return m_value;
}
bool equal(const u8_to_u32_iterator& that)const
{
return m_position == that.m_position;
}
void increment()
{
Reported by FlawFinder.
src/third_party/boost/boost/regex/v5/c_regex_traits.hpp
4 issues
Line: 292
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
inline int c_regex_traits<char>::value(char c, int radix)
{
char b[2] = { c, '\0', };
char* ep;
int result = std::strtol(b, &ep, radix);
if (ep == b)
return -1;
return result;
Reported by FlawFinder.
Line: 459
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if ((std::iswxdigit)(c) == 0)
return -1;
#endif
wchar_t b[2] = { c, '\0', };
wchar_t* ep;
int result = std::wcstol(b, &ep, radix);
if (ep == b)
return -1;
return result;
Reported by FlawFinder.
Line: 67
Column: 20
CWE codes:
126
static size_type length(const char_type* p)
{
return (std::strlen)(p);
}
char translate(char c) const
{
return c;
Reported by FlawFinder.
Line: 112
Column: 20
CWE codes:
126
static size_type length(const char_type* p)
{
return (std::wcslen)(p);
}
wchar_t translate(wchar_t c) const
{
return c;
Reported by FlawFinder.
src/third_party/boost/boost/regex/v4/regex_traits_defaults.hpp
4 issues
Line: 52
Column: 12
CWE codes:
126
#ifdef BOOST_NO_STDC_NAMESPACE
namespace std{
using ::strlen;
}
#endif
namespace boost{ namespace BOOST_REGEX_DETAIL_NS{
Reported by FlawFinder.
Line: 773
Column: 69
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
// calling std::equal, but there is no other algorithm available:
// not even a non-standard MS one. So forward to unchecked_equal
// in the MS case.
return ((p2 - p1) == (r.p2 - r.p1)) && BOOST_REGEX_DETAIL_NS::equal(p1, p2, r.p1);
}
};
template <class charT>
int get_default_class_id(const charT* p1, const charT* p2)
{
Reported by FlawFinder.
Line: 848
Column: 17
CWE codes:
126
template<>
inline std::ptrdiff_t global_length<char>(const char* p)
{
return (std::strlen)(p);
}
#ifndef BOOST_NO_WREGEX
template<>
inline std::ptrdiff_t global_length<wchar_t>(const wchar_t* p)
{
Reported by FlawFinder.
Line: 854
Column: 33
CWE codes:
126
template<>
inline std::ptrdiff_t global_length<wchar_t>(const wchar_t* p)
{
return (std::ptrdiff_t)(std::wcslen)(p);
}
#endif
template <class charT>
inline charT BOOST_REGEX_CALL global_lower(charT c)
{
Reported by FlawFinder.
src/third_party/boost/boost/range/detail/sfinae.hpp
4 issues
Line: 36
Column: 38
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
no_type is_string_impl( ... );
template< std::size_t sz >
yes_type is_char_array_impl( char BOOST_RANGE_ARRAY_REF()[sz] );
template< std::size_t sz >
yes_type is_char_array_impl( const char BOOST_RANGE_ARRAY_REF()[sz] );
no_type is_char_array_impl( ... );
template< std::size_t sz >
Reported by FlawFinder.
Line: 38
Column: 44
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
template< std::size_t sz >
yes_type is_char_array_impl( char BOOST_RANGE_ARRAY_REF()[sz] );
template< std::size_t sz >
yes_type is_char_array_impl( const char BOOST_RANGE_ARRAY_REF()[sz] );
no_type is_char_array_impl( ... );
template< std::size_t sz >
yes_type is_wchar_t_array_impl( wchar_t BOOST_RANGE_ARRAY_REF()[sz] );
template< std::size_t sz >
Reported by FlawFinder.
Line: 42
Column: 41
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
no_type is_char_array_impl( ... );
template< std::size_t sz >
yes_type is_wchar_t_array_impl( wchar_t BOOST_RANGE_ARRAY_REF()[sz] );
template< std::size_t sz >
yes_type is_wchar_t_array_impl( const wchar_t BOOST_RANGE_ARRAY_REF()[sz] );
no_type is_wchar_t_array_impl( ... );
yes_type is_char_ptr_impl( char* const );
Reported by FlawFinder.
Line: 44
Column: 47
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
template< std::size_t sz >
yes_type is_wchar_t_array_impl( wchar_t BOOST_RANGE_ARRAY_REF()[sz] );
template< std::size_t sz >
yes_type is_wchar_t_array_impl( const wchar_t BOOST_RANGE_ARRAY_REF()[sz] );
no_type is_wchar_t_array_impl( ... );
yes_type is_char_ptr_impl( char* const );
no_type is_char_ptr_impl( ... );
Reported by FlawFinder.
src/third_party/boost/boost/range/algorithm/equal.hpp
4 issues
Line: 113
Column: 25
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
std::random_access_iterator_tag )
{
return ((last1 - first1) == (last2 - first2))
&& std::equal(first1, last1, first2);
}
template< class RandomAccessTraversalReadableIterator1,
class RandomAccessTraversalReadableIterator2,
class BinaryPredicate >
Reported by FlawFinder.
Line: 172
Column: 21
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/// \pre SinglePassRange2 is a model of the SinglePassRangeConcept
/// \pre BinaryPredicate is a model of the BinaryPredicateConcept
template< class SinglePassRange1, class SinglePassRange2 >
inline bool equal( const SinglePassRange1& rng1, const SinglePassRange2& rng2 )
{
BOOST_RANGE_CONCEPT_ASSERT(( SinglePassRangeConcept<const SinglePassRange1> ));
BOOST_RANGE_CONCEPT_ASSERT(( SinglePassRangeConcept<const SinglePassRange2> ));
return ::boost::range_detail::equal(
Reported by FlawFinder.
Line: 184
Column: 21
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/// \overload
template< class SinglePassRange1, class SinglePassRange2, class BinaryPredicate >
inline bool equal( const SinglePassRange1& rng1, const SinglePassRange2& rng2,
BinaryPredicate pred )
{
BOOST_RANGE_CONCEPT_ASSERT(( SinglePassRangeConcept<const SinglePassRange1> ));
BOOST_RANGE_CONCEPT_ASSERT(( SinglePassRangeConcept<const SinglePassRange2> ));
Reported by FlawFinder.
Line: 197
Column: 27
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
}
} // namespace range
using ::boost::range::equal;
} // namespace boost
#endif // include guard
Reported by FlawFinder.
src/third_party/boost/boost/random/uniform_01.hpp
4 issues
Line: 29
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/detail/disable_warnings.hpp>
namespace boost {
namespace random {
#ifdef BOOST_RANDOM_DOXYGEN
/**
* The distribution function uniform_01 models a \random_distribution.
Reported by FlawFinder.
Line: 124
Column: 18
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
template<class UniformRandomNumberGenerator, class RealType>
class backward_compatible_uniform_01
{
typedef boost::random::detail::ptr_helper<UniformRandomNumberGenerator> traits;
public:
typedef UniformRandomNumberGenerator base_type;
typedef RealType result_type;
BOOST_STATIC_CONSTANT(bool, has_fixed_range = false);
Reported by FlawFinder.
Line: 218
Column: 18
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
: public detail::select_uniform_01<UniformRandomNumberGenerator>::BOOST_NESTED_TEMPLATE apply<RealType>::type
{
typedef typename detail::select_uniform_01<UniformRandomNumberGenerator>::BOOST_NESTED_TEMPLATE apply<RealType>::type impl_type;
typedef boost::random::detail::ptr_helper<UniformRandomNumberGenerator> traits;
public:
uniform_01() {}
explicit uniform_01(typename traits::rvalue_type rng)
Reported by FlawFinder.
Line: 251
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::uniform_01;
} // namespace boost
#include <boost/random/detail/enable_warnings.hpp>
Reported by FlawFinder.
src/third_party/boost/boost/random/shuffle_order.hpp
4 issues
Line: 33
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/detail/disable_warnings.hpp>
namespace boost {
namespace random {
/**
* Instatiations of class template @c shuffle_order_engine model a
* \pseudo_random_number_generator. It mixes the output
* of some (usually \linear_congruential_engine)
Reported by FlawFinder.
Line: 133
Column: 33
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
result_type operator()() {
// calculating the range every time may seem wasteful. However, this
// makes the information locally available for the optimizer.
typedef typename boost::random::traits::make_unsigned<result_type>::type base_unsigned;
const base_unsigned brange =
detail::subtract<result_type>()((max)(), (min)());
const base_unsigned off =
detail::subtract<result_type>()(y, (min)());
Reported by FlawFinder.
Line: 263
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::kreutzer1986;
} // namespace boost
#include <boost/random/detail/enable_warnings.hpp>
Reported by FlawFinder.
Line: 204
Column: 53
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/** Returns true if the two generators will produce identical sequences. */
BOOST_RANDOM_DETAIL_EQUALITY_OPERATOR(shuffle_order_engine, x, y)
{ return x._rng == y._rng && x.y == y.y && std::equal(x.v, x.v+k, y.v); }
/** Returns true if the two generators will produce different sequences. */
BOOST_RANDOM_DETAIL_INEQUALITY_OPERATOR(shuffle_order_engine)
private:
Reported by FlawFinder.