The following issues were found
src/third_party/boost/boost/range/algorithm/equal.hpp
4 issues
Line: 113
Column: 25
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
std::random_access_iterator_tag )
{
return ((last1 - first1) == (last2 - first2))
&& std::equal(first1, last1, first2);
}
template< class RandomAccessTraversalReadableIterator1,
class RandomAccessTraversalReadableIterator2,
class BinaryPredicate >
Reported by FlawFinder.
Line: 172
Column: 21
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/// \pre SinglePassRange2 is a model of the SinglePassRangeConcept
/// \pre BinaryPredicate is a model of the BinaryPredicateConcept
template< class SinglePassRange1, class SinglePassRange2 >
inline bool equal( const SinglePassRange1& rng1, const SinglePassRange2& rng2 )
{
BOOST_RANGE_CONCEPT_ASSERT(( SinglePassRangeConcept<const SinglePassRange1> ));
BOOST_RANGE_CONCEPT_ASSERT(( SinglePassRangeConcept<const SinglePassRange2> ));
return ::boost::range_detail::equal(
Reported by FlawFinder.
Line: 184
Column: 21
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/// \overload
template< class SinglePassRange1, class SinglePassRange2, class BinaryPredicate >
inline bool equal( const SinglePassRange1& rng1, const SinglePassRange2& rng2,
BinaryPredicate pred )
{
BOOST_RANGE_CONCEPT_ASSERT(( SinglePassRangeConcept<const SinglePassRange1> ));
BOOST_RANGE_CONCEPT_ASSERT(( SinglePassRangeConcept<const SinglePassRange2> ));
Reported by FlawFinder.
Line: 197
Column: 27
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
}
} // namespace range
using ::boost::range::equal;
} // namespace boost
#endif // include guard
Reported by FlawFinder.
src/third_party/boost/libs/log/src/windows/event_log_registry.hpp
4 issues
Line: 67
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static std::string make_default_source_name()
{
char buf[MAX_PATH];
DWORD size = GetModuleFileNameA(NULL, buf, sizeof(buf) / sizeof(*buf));
std::string source_name(buf, buf + size);
if (source_name.empty())
{
Reported by FlawFinder.
Line: 183
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static std::wstring make_default_source_name()
{
wchar_t buf[MAX_PATH];
DWORD size = GetModuleFileNameW(NULL, buf, sizeof(buf) / sizeof(*buf));
std::wstring source_name(buf, buf + size);
if (source_name.empty())
{
Reported by FlawFinder.
Line: 155
Column: 27
CWE codes:
126
value.resize(size);
res = RegQueryValueExA(hKey, lpValueName, NULL, &type, reinterpret_cast< LPBYTE >(&value[0]), &size);
value.resize(std::strlen(value.c_str())); // remove extra terminating zero
return res;
}
static const char* get_event_message_file_param_name() { return "EventMessageFile"; }
Reported by FlawFinder.
Line: 272
Column: 27
CWE codes:
126
value.resize(size);
res = RegQueryValueExW(hKey, lpValueName, NULL, &type, reinterpret_cast< LPBYTE >(&value[0]), &size);
value.resize(std::wcslen(value.c_str())); // remove extra terminating zero
return res;
}
static const wchar_t* get_event_message_file_param_name() { return L"EventMessageFile"; }
Reported by FlawFinder.
src/mongo/db/commands/validate.cpp
4 issues
Line: 174
CWE codes:
587
LOGV2(20514,
"CMD: validate",
"namespace"_attr = nss,
"background"_attr = background,
"full"_attr = fullValidate,
"enforceFastCount"_attr = enforceFastCount,
"repair"_attr = repair);
}
Reported by Cppcheck.
Line: 175
CWE codes:
587
"CMD: validate",
"namespace"_attr = nss,
"background"_attr = background,
"full"_attr = fullValidate,
"enforceFastCount"_attr = enforceFastCount,
"repair"_attr = repair);
}
// Only one validation per collection can be in progress, the rest wait.
Reported by Cppcheck.
Line: 176
CWE codes:
587
"namespace"_attr = nss,
"background"_attr = background,
"full"_attr = fullValidate,
"enforceFastCount"_attr = enforceFastCount,
"repair"_attr = repair);
}
// Only one validation per collection can be in progress, the rest wait.
{
Reported by Cppcheck.
Line: 177
CWE codes:
587
"background"_attr = background,
"full"_attr = fullValidate,
"enforceFastCount"_attr = enforceFastCount,
"repair"_attr = repair);
}
// Only one validation per collection can be in progress, the rest wait.
{
stdx::unique_lock<Latch> lock(_validationMutex);
Reported by Cppcheck.
src/third_party/boost/boost/random/uniform_01.hpp
4 issues
Line: 29
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/detail/disable_warnings.hpp>
namespace boost {
namespace random {
#ifdef BOOST_RANDOM_DOXYGEN
/**
* The distribution function uniform_01 models a \random_distribution.
Reported by FlawFinder.
Line: 124
Column: 18
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
template<class UniformRandomNumberGenerator, class RealType>
class backward_compatible_uniform_01
{
typedef boost::random::detail::ptr_helper<UniformRandomNumberGenerator> traits;
public:
typedef UniformRandomNumberGenerator base_type;
typedef RealType result_type;
BOOST_STATIC_CONSTANT(bool, has_fixed_range = false);
Reported by FlawFinder.
Line: 218
Column: 18
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
: public detail::select_uniform_01<UniformRandomNumberGenerator>::BOOST_NESTED_TEMPLATE apply<RealType>::type
{
typedef typename detail::select_uniform_01<UniformRandomNumberGenerator>::BOOST_NESTED_TEMPLATE apply<RealType>::type impl_type;
typedef boost::random::detail::ptr_helper<UniformRandomNumberGenerator> traits;
public:
uniform_01() {}
explicit uniform_01(typename traits::rvalue_type rng)
Reported by FlawFinder.
Line: 251
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::uniform_01;
} // namespace boost
#include <boost/random/detail/enable_warnings.hpp>
Reported by FlawFinder.
src/third_party/boost/boost/random/shuffle_order.hpp
4 issues
Line: 33
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/detail/disable_warnings.hpp>
namespace boost {
namespace random {
/**
* Instatiations of class template @c shuffle_order_engine model a
* \pseudo_random_number_generator. It mixes the output
* of some (usually \linear_congruential_engine)
Reported by FlawFinder.
Line: 133
Column: 33
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
result_type operator()() {
// calculating the range every time may seem wasteful. However, this
// makes the information locally available for the optimizer.
typedef typename boost::random::traits::make_unsigned<result_type>::type base_unsigned;
const base_unsigned brange =
detail::subtract<result_type>()((max)(), (min)());
const base_unsigned off =
detail::subtract<result_type>()(y, (min)());
Reported by FlawFinder.
Line: 263
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::kreutzer1986;
} // namespace boost
#include <boost/random/detail/enable_warnings.hpp>
Reported by FlawFinder.
Line: 204
Column: 53
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/** Returns true if the two generators will produce identical sequences. */
BOOST_RANDOM_DETAIL_EQUALITY_OPERATOR(shuffle_order_engine, x, y)
{ return x._rng == y._rng && x.y == y.y && std::equal(x.v, x.v+k, y.v); }
/** Returns true if the two generators will produce different sequences. */
BOOST_RANDOM_DETAIL_INEQUALITY_OPERATOR(shuffle_order_engine)
private:
Reported by FlawFinder.
src/third_party/boost/boost/random/mersenne_twister.hpp
4 issues
Line: 37
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/detail/disable_warnings.hpp>
namespace boost {
namespace random {
/**
* Instantiations of class template mersenne_twister_engine model a
* \pseudo_random_number_generator. It uses the algorithm described in
*
Reported by FlawFinder.
Line: 670
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::mt11213b;
using random::mt19937;
using random::mt19937_64;
} // namespace boost
Reported by FlawFinder.
Line: 671
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::mt11213b;
using random::mt19937;
using random::mt19937_64;
} // namespace boost
BOOST_RANDOM_PTR_HELPER_SPEC(boost::mt11213b)
Reported by FlawFinder.
Line: 672
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
using random::mt11213b;
using random::mt19937;
using random::mt19937_64;
} // namespace boost
BOOST_RANDOM_PTR_HELPER_SPEC(boost::mt11213b)
BOOST_RANDOM_PTR_HELPER_SPEC(boost::mt19937)
Reported by FlawFinder.
src/third_party/boost/boost/random/hyperexponential_distribution.hpp
4 issues
Line: 44
Column: 29
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <vector>
namespace boost { namespace random {
namespace hyperexp_detail {
template <typename T>
std::vector<T>& normalize(std::vector<T>& v)
Reported by FlawFinder.
Line: 755
Column: 23
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
{
const int i = dd_(urng);
return boost::random::exponential_distribution<RealT>(rates_[i])(urng);
}
/**
* Gets a random variate distributed according to the hyperexponential
* distribution with parameters specified by \c param.
Reported by FlawFinder.
Line: 817
Column: 35
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
/** Sets the parameters of the distribution. */
public: void param(param_type const& param)
{
dd_.param(typename boost::random::discrete_distribution<int,RealT>::param_type(param.probabilities()));
rates_ = param.rates();
}
/**
* Effects: Subsequent uses of the distribution do not depend
Reported by FlawFinder.
Line: 865
Column: 21
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
public: BOOST_RANDOM_DETAIL_INEQUALITY_OPERATOR(hyperexponential_distribution)
private: boost::random::discrete_distribution<int,RealT> dd_; ///< The \c discrete_distribution used to sample the phase probability and choose the rate
private: std::vector<RealT> rates_; ///< The <em>rate vector</em> parameter of the distribution
}; // hyperexponential_distribution
}} // namespace boost::random
Reported by FlawFinder.
src/third_party/boost/boost/random/normal_distribution.hpp
4 issues
Line: 33
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/exponential_distribution.hpp>
namespace boost {
namespace random {
namespace detail {
// tables for the ziggurat algorithm
template<class RealType>
Reported by FlawFinder.
Line: 191
Column: 16
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
template<class Engine>
RealType generate_tail(Engine& eng) {
const RealType tail_start = RealType(normal_table<double>::table_x[1]);
boost::random::exponential_distribution<RealType> exp_x(tail_start);
boost::random::exponential_distribution<RealType> exp_y;
for(;;) {
RealType x = exp_x(eng);
RealType y = exp_y(eng);
// If we were doing non-transformed rejection sampling, this condition would be:
Reported by FlawFinder.
Line: 192
Column: 16
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
RealType generate_tail(Engine& eng) {
const RealType tail_start = RealType(normal_table<double>::table_x[1]);
boost::random::exponential_distribution<RealType> exp_x(tail_start);
boost::random::exponential_distribution<RealType> exp_y;
for(;;) {
RealType x = exp_x(eng);
RealType y = exp_y(eng);
// If we were doing non-transformed rejection sampling, this condition would be:
// if (unif01 < exp(-.5*x*x)) return x + tail_start;
Reported by FlawFinder.
Line: 370
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::normal_distribution;
} // namespace boost
#endif // BOOST_RANDOM_NORMAL_DISTRIBUTION_HPP
Reported by FlawFinder.
src/third_party/boost/boost/random/gamma_distribution.hpp
4 issues
Line: 28
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/exponential_distribution.hpp>
namespace boost {
namespace random {
// The algorithm is taken from Knuth
/**
* The gamma distribution is a continuous distribution with two
Reported by FlawFinder.
Line: 288
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::gamma_distribution;
} // namespace boost
#endif // BOOST_RANDOM_GAMMA_DISTRIBUTION_HPP
Reported by FlawFinder.
Line: 260
Column: 10
CWE codes:
120
20
/// \cond hide_private_members
template<class CharT, class Traits>
void read(std::basic_istream<CharT, Traits>& is)
{
param_type parm;
if(is >> parm) {
param(parm);
}
Reported by FlawFinder.
src/third_party/boost/boost/random/binomial_distribution.hpp
4 issues
Line: 26
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/detail/disable_warnings.hpp>
namespace boost {
namespace random {
namespace detail {
template<class RealType>
struct binomial_table {
Reported by FlawFinder.
Line: 428
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
// backwards compatibility
using random::binomial_distribution;
}
#include <boost/random/detail/enable_warnings.hpp>
Reported by FlawFinder.
Line: 219
Column: 12
CWE codes:
120
20
friend std::basic_istream<CharT,Traits>&
operator>>(std::basic_istream<CharT,Traits>& is, binomial_distribution& bd)
{
bd.read(is);
return is;
}
#endif
/** Returns true if the two distributions will produce the same
Reported by FlawFinder.
Line: 244
Column: 10
CWE codes:
120
20
/// @cond show_private
template<class CharT, class Traits>
void read(std::basic_istream<CharT, Traits>& is) {
param_type parm;
if(is >> parm) {
param(parm);
}
}
Reported by FlawFinder.