The following issues were found
src/mongo/idl/idl_parser.h
4 issues
Line: 148
Column: 35
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
template <typename T>
struct Ordering {
friend bool operator==(const Ordering& a, const Ordering& b) {
return BasicOrderOps<T>{}.equal(a._v, b._v);
}
friend bool operator<(const Ordering& a, const Ordering& b) {
return BasicOrderOps<T>{}.less(a._v, b._v);
}
friend bool operator!=(const Ordering& a, const Ordering& b) {
Reported by FlawFinder.
Line: 174
Column: 10
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/** fallback case */
template <typename T>
struct BasicOrderOps {
bool equal(const T& a, const T& b) const {
return a == b;
}
bool less(const T& a, const T& b) const {
return a < b;
}
Reported by FlawFinder.
Line: 184
Column: 10
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
template <>
struct BasicOrderOps<BSONObj> {
bool equal(const BSONObj& a, const BSONObj& b) const {
return _cmp(a, b) == 0;
}
bool less(const BSONObj& a, const BSONObj& b) const {
return _cmp(a, b) < 0;
Reported by FlawFinder.
Line: 201
Column: 10
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/** Disengaged optionals precede engaged optionals. */
template <typename T>
struct BasicOrderOps<boost::optional<T>> {
bool equal(const boost::optional<T>& a, const boost::optional<T>& b) const {
return (!a || !b) ? (!!a == !!b) : (Ordering{*a} == Ordering{*b});
}
bool less(const boost::optional<T>& a, const boost::optional<T>& b) const {
return (!a || !b) ? (!!a < !!b) : (Ordering{*a} < Ordering{*b});
Reported by FlawFinder.
src/third_party/wiredtiger/src/os_common/os_alloc.c
4 issues
Line: 122
CWE codes:
401
WT_STAT_CONN_INCR(session, memory_grow);
}
if ((p = realloc(p, bytes_to_allocate)) == NULL)
WT_RET_MSG(session, __wt_errno(), "memory allocation of %" WT_SIZET_FMT " bytes failed",
bytes_to_allocate);
/*
* Clear the allocated memory, parts of WiredTiger depend on allocated memory being cleared.
Reported by Cppcheck.
Line: 209
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bytes_to_allocate);
if (p != NULL)
memcpy(newp, p, bytes_allocated);
__wt_free(session, p);
p = newp;
/* Update caller's bytes allocated value. */
if (bytes_allocated_ret != NULL)
Reported by FlawFinder.
Line: 243
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
WT_ASSERT(session, p != NULL); /* quiet clang scan-build */
memcpy(p, str, len);
*(void **)retp = p;
return (0);
}
Reported by FlawFinder.
Line: 268
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
WT_ASSERT(session, p != NULL); /* quiet clang scan-build */
memcpy(p, str, len);
p[len] = '\0';
*(void **)retp = p;
return (0);
}
Reported by FlawFinder.
src/third_party/benchmark/dist/src/commandlineflags.cc
4 issues
Line: 98
Column: 33
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
bool BoolFromEnv(const char* flag, bool default_val) {
const std::string env_var = FlagToEnvVar(flag);
const char* const value_str = getenv(env_var.c_str());
return value_str == nullptr ? default_val : IsTruthyFlagValue(value_str);
}
int32_t Int32FromEnv(const char* flag, int32_t default_val) {
const std::string env_var = FlagToEnvVar(flag);
Reported by FlawFinder.
Line: 104
Column: 33
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
int32_t Int32FromEnv(const char* flag, int32_t default_val) {
const std::string env_var = FlagToEnvVar(flag);
const char* const value_str = getenv(env_var.c_str());
int32_t value = default_val;
if (value_str == nullptr ||
!ParseInt32(std::string("Environment variable ") + env_var, value_str,
&value)) {
return default_val;
Reported by FlawFinder.
Line: 116
Column: 33
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
double DoubleFromEnv(const char* flag, double default_val) {
const std::string env_var = FlagToEnvVar(flag);
const char* const value_str = getenv(env_var.c_str());
double value = default_val;
if (value_str == nullptr ||
!ParseDouble(std::string("Environment variable ") + env_var, value_str,
&value)) {
return default_val;
Reported by FlawFinder.
Line: 128
Column: 29
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
const char* StringFromEnv(const char* flag, const char* default_val) {
const std::string env_var = FlagToEnvVar(flag);
const char* const value = getenv(env_var.c_str());
return value == nullptr ? default_val : value;
}
// Parses a string as a command line flag. The string should have
// the format "--flag=value". When def_optional is true, the "=value"
Reported by FlawFinder.
src/mongo/embedded/mongoc_embedded/mongoc_embedded.cpp
4 issues
Line: 84
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(_current, source, size);
_current += size;
}
// Read memory from current position and advance internal pointer
size_t read(void* destination, size_t size) {
Reported by FlawFinder.
Line: 91
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// Read memory from current position and advance internal pointer
size_t read(void* destination, size_t size) {
size_t bytes_to_read = std::min(remaining(), size);
memcpy(destination, current(), bytes_to_read);
_current += bytes_to_read;
return bytes_to_read;
}
// Size that have currently been read or written
Reported by FlawFinder.
Line: 89
Column: 12
CWE codes:
120
20
}
// Read memory from current position and advance internal pointer
size_t read(void* destination, size_t size) {
size_t bytes_to_read = std::min(remaining(), size);
memcpy(destination, current(), bytes_to_read);
_current += bytes_to_read;
return bytes_to_read;
}
Reported by FlawFinder.
Line: 237
Column: 41
CWE codes:
120
20
for (size_t i = 0; i < iovcnt && stream->outputBuf.remaining() > 0; ++i) {
// for each vector, fill the vector if we are able
bytes_read += stream->outputBuf.read(iov[i].iov_base, iov[i].iov_len);
}
stream->state = stream->outputBuf.remaining() == 0 ? RPCState::kWaitingForMessageLength
: RPCState::kHaveOutput;
return bytes_read;
} catch (...) {
Reported by FlawFinder.
src/third_party/wiredtiger/src/include/misc_inline.h
4 issues
Line: 72
Column: 33
CWE codes:
134
Suggestion:
Use a constant for the format specification
*/
static inline int
__wt_snprintf(char *buf, size_t size, const char *fmt, ...)
WT_GCC_FUNC_ATTRIBUTE((format(printf, 3, 4)))
{
WT_DECL_RET;
size_t len;
va_list ap;
Reported by FlawFinder.
Line: 112
Column: 33
CWE codes:
134
Suggestion:
Use a constant for the format specification
*/
static inline int
__wt_snprintf_len_set(char *buf, size_t size, size_t *retsizep, const char *fmt, ...)
WT_GCC_FUNC_ATTRIBUTE((format(printf, 4, 5)))
{
WT_DECL_RET;
va_list ap;
*retsizep = 0;
Reported by FlawFinder.
Line: 143
Column: 33
CWE codes:
134
Suggestion:
Use a constant for the format specification
*/
static inline int
__wt_snprintf_len_incr(char *buf, size_t size, size_t *retsizep, const char *fmt, ...)
WT_GCC_FUNC_ATTRIBUTE((format(printf, 4, 5)))
{
WT_DECL_RET;
va_list ap;
va_start(ap, fmt);
Reported by FlawFinder.
Line: 49
Column: 60
CWE codes:
126
static inline int
__wt_strdup(WT_SESSION_IMPL *session, const char *str, void *retp)
{
return (__wt_strndup(session, str, (str == NULL) ? 0 : strlen(str), retp));
}
/*
* __wt_strnlen --
* Determine the length of a fixed-size string
Reported by FlawFinder.
src/third_party/wiredtiger/src/include/btree_inline.h
4 issues
Line: 1194
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__wt_row_leaf_key_info(page, copy, NULL, NULL, &group_key, &group_size, &group_prefix);
if (group_key != NULL) {
WT_RET(__wt_buf_init(session, key, key_prefix + key_size));
memcpy(key->mem, group_key, key_prefix);
memcpy((uint8_t *)key->mem + key_prefix, key_data, key_size);
key->size = key_prefix + key_size;
return (0);
}
}
Reported by FlawFinder.
Line: 1195
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (group_key != NULL) {
WT_RET(__wt_buf_init(session, key, key_prefix + key_size));
memcpy(key->mem, group_key, key_prefix);
memcpy((uint8_t *)key->mem + key_prefix, key_data, key_size);
key->size = key_prefix + key_size;
return (0);
}
}
Reported by FlawFinder.
Line: 1422
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (__wt_off_page(page, addr)) {
WT_TIME_AGGREGATE_COPY(©->ta, &addr->ta);
copy->type = addr->type;
memcpy(copy->addr, addr->addr, copy->size = addr->size);
return (true);
}
/* If on-page, the pointer references a cell. */
__wt_cell_unpack_addr(session, page->dsk, (WT_CELL *)addr, unpack);
Reported by FlawFinder.
Line: 1441
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy->type = WT_ADDR_LEAF_NO;
break;
}
memcpy(copy->addr, unpack->data, copy->size = (uint8_t)unpack->size);
return (true);
}
/*
* __wt_ref_block_free --
Reported by FlawFinder.
src/mongo/embedded/mongo_embedded/java/src/com/mongodb/embedded/capi/internal/CAPI.java
4 issues
Line: 47
import java.util.List;
//CHECKSTYLE:OFF
public class CAPI {
public static class cstring extends PointerType {
public cstring() {
super();
}
Reported by PMD.
Line: 47
import java.util.List;
//CHECKSTYLE:OFF
public class CAPI {
public static class cstring extends PointerType {
public cstring() {
super();
}
Reported by PMD.
Line: 65
}
public String toString() {
return getPointer().getString(0);
}
}
public static class mongo_embedded_v1_status extends PointerType {
Reported by PMD.
Line: 110
}
}
public static class mongo_embedded_v1_init_params extends Structure {
public cstring yaml_config;
public long log_flags;
public mongo_embedded_v1_log_callback log_callback;
public Pointer log_user_data;
Reported by PMD.
src/mongo/embedded/mongo_embedded/java/src/com/mongodb/embedded/capi/MongoEmbeddedInstanceImpl.java
4 issues
Line: 36
import com.mongodb.embedded.capi.internal.CAPI;
class MongoEmbeddedInstanceImpl implements MongoEmbeddedInstance {
private final CAPI.mongo_embedded_v1_status status;
private final CAPI.mongo_embedded_v1_instance instance;
MongoEmbeddedInstanceImpl(final CAPI.mongo_embedded_v1_lib libraryPointer, final String yamlConfig) {
status = CAPIHelper.createStatusPointer();
Reported by PMD.
Line: 37
class MongoEmbeddedInstanceImpl implements MongoEmbeddedInstance {
private final CAPI.mongo_embedded_v1_status status;
private final CAPI.mongo_embedded_v1_instance instance;
MongoEmbeddedInstanceImpl(final CAPI.mongo_embedded_v1_lib libraryPointer, final String yamlConfig) {
status = CAPIHelper.createStatusPointer();
try {
Reported by PMD.
Line: 45
try {
instance = CAPI.mongo_embedded_v1_instance_create(libraryPointer,
new CAPI.cstring(yamlConfig != null ? yamlConfig : ""), status);
} catch (Throwable t) {
throw CAPIHelper.createError("instance_create", t);
}
if (instance == null) {
CAPIHelper.createErrorFromStatus(status);
Reported by PMD.
Line: 64
try {
CAPIHelper.validateErrorCode(status,
CAPI.mongo_embedded_v1_instance_destroy(instance, status));
} catch (Throwable t) {
throw CAPIHelper.createError("instance_destroy", t);
}
}
}
Reported by PMD.
src/third_party/wiredtiger/src/log/log.c
4 issues
Line: 525
Column: 7
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
WT_RET_MSG(session, EINVAL, "unexpected usage: no id or no name");
if ((p = strrchr(name, '.')) == NULL ||
/* NOLINTNEXTLINE(cert-err34-c) */
sscanf(++p, "%" SCNu32, id) != 1)
WT_RET_MSG(session, WT_ERROR, "Bad log file name '%s'", name);
return (0);
}
/*
Reported by FlawFinder.
Line: 647
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
WT_RET_MSG(session, WT_ERROR, "Compressed record with no configured compressor");
uncompressed_size = logrec->mem_len;
WT_RET(__wt_buf_initsize(session, out, uncompressed_size));
memcpy(out->mem, in->mem, skip);
WT_RET(compressor->decompress(compressor, &session->iface, (uint8_t *)in->mem + skip,
in->size - skip, (uint8_t *)out->mem + skip, uncompressed_size - skip, &result_len));
/*
* If checksums were turned off because we're depending on the decompression to fail on any
Reported by FlawFinder.
Line: 698
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* real file byte offset for write().
*/
if (!force && !F_ISSET(myslot, WT_MYSLOT_UNBUFFERED))
memcpy((char *)myslot->slot->slot_buf.mem + myslot->offset, record->mem, record->size);
else
/*
* If this is a force or unbuffered write, write it now.
*/
WT_ERR(__log_fs_write(session, myslot->slot,
Reported by FlawFinder.
Line: 2521
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/*
* Copy in the skipped header bytes, set the final data size.
*/
memcpy(citem->mem, record->mem, WT_LOG_COMPRESS_SKIP);
citem->size = result_len;
ip = citem;
newlrp = (WT_LOG_RECORD *)citem->mem;
F_SET(newlrp, WT_LOG_RECORD_COMPRESSED);
WT_ASSERT(session, result_len < UINT32_MAX && record->size < UINT32_MAX);
Reported by FlawFinder.
src/third_party/wiredtiger/src/cursor/cur_table.c
4 issues
Line: 64
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
key = &cextract->idxc->key;
WT_ERR(__wt_buf_grow(session, key, ikey.size + pkey.size));
memcpy((uint8_t *)key->mem, ikey.data, ikey.size);
memcpy((uint8_t *)key->mem + ikey.size, pkey.data, pkey.size);
key->size = ikey.size + pkey.size;
/*
* The index key is now set and the value is empty (it starts clear and is never set).
Reported by FlawFinder.
Line: 65
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
key = &cextract->idxc->key;
WT_ERR(__wt_buf_grow(session, key, ikey.size + pkey.size));
memcpy((uint8_t *)key->mem, ikey.data, ikey.size);
memcpy((uint8_t *)key->mem + ikey.size, pkey.data, pkey.size);
key->size = ikey.size + pkey.size;
/*
* The index key is now set and the value is empty (it starts clear and is never set).
*/
Reported by FlawFinder.
Line: 1026
Column: 62
CWE codes:
126
/* Handle projections. */
WT_ERR(__wt_scr_alloc(session, 0, &tmp));
if (columns != NULL) {
WT_ERR(__wt_struct_reformat(session, table, columns, strlen(columns), NULL, false, tmp));
WT_ERR(__wt_strndup(session, tmp->data, tmp->size, &cursor->value_format));
WT_ERR(__wt_buf_init(session, tmp, 0));
WT_ERR(__wt_struct_plan(session, table, columns, strlen(columns), false, tmp));
WT_ERR(__wt_strndup(session, tmp->data, tmp->size, &ctable->plan));
Reported by FlawFinder.
Line: 1030
Column: 58
CWE codes:
126
WT_ERR(__wt_strndup(session, tmp->data, tmp->size, &cursor->value_format));
WT_ERR(__wt_buf_init(session, tmp, 0));
WT_ERR(__wt_struct_plan(session, table, columns, strlen(columns), false, tmp));
WT_ERR(__wt_strndup(session, tmp->data, tmp->size, &ctable->plan));
}
/*
* random_retrieval Random retrieval cursors only support next, reset and close.
Reported by FlawFinder.