The following issues were found
src/third_party/wiredtiger/src/include/misc_inline.h
4 issues
Line: 72
Column: 33
CWE codes:
134
Suggestion:
Use a constant for the format specification
*/
static inline int
__wt_snprintf(char *buf, size_t size, const char *fmt, ...)
WT_GCC_FUNC_ATTRIBUTE((format(printf, 3, 4)))
{
WT_DECL_RET;
size_t len;
va_list ap;
Reported by FlawFinder.
Line: 112
Column: 33
CWE codes:
134
Suggestion:
Use a constant for the format specification
*/
static inline int
__wt_snprintf_len_set(char *buf, size_t size, size_t *retsizep, const char *fmt, ...)
WT_GCC_FUNC_ATTRIBUTE((format(printf, 4, 5)))
{
WT_DECL_RET;
va_list ap;
*retsizep = 0;
Reported by FlawFinder.
Line: 143
Column: 33
CWE codes:
134
Suggestion:
Use a constant for the format specification
*/
static inline int
__wt_snprintf_len_incr(char *buf, size_t size, size_t *retsizep, const char *fmt, ...)
WT_GCC_FUNC_ATTRIBUTE((format(printf, 4, 5)))
{
WT_DECL_RET;
va_list ap;
va_start(ap, fmt);
Reported by FlawFinder.
Line: 49
Column: 60
CWE codes:
126
static inline int
__wt_strdup(WT_SESSION_IMPL *session, const char *str, void *retp)
{
return (__wt_strndup(session, str, (str == NULL) ? 0 : strlen(str), retp));
}
/*
* __wt_strnlen --
* Determine the length of a fixed-size string
Reported by FlawFinder.
src/third_party/wiredtiger/src/include/btree_inline.h
4 issues
Line: 1194
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__wt_row_leaf_key_info(page, copy, NULL, NULL, &group_key, &group_size, &group_prefix);
if (group_key != NULL) {
WT_RET(__wt_buf_init(session, key, key_prefix + key_size));
memcpy(key->mem, group_key, key_prefix);
memcpy((uint8_t *)key->mem + key_prefix, key_data, key_size);
key->size = key_prefix + key_size;
return (0);
}
}
Reported by FlawFinder.
Line: 1195
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (group_key != NULL) {
WT_RET(__wt_buf_init(session, key, key_prefix + key_size));
memcpy(key->mem, group_key, key_prefix);
memcpy((uint8_t *)key->mem + key_prefix, key_data, key_size);
key->size = key_prefix + key_size;
return (0);
}
}
Reported by FlawFinder.
Line: 1422
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (__wt_off_page(page, addr)) {
WT_TIME_AGGREGATE_COPY(©->ta, &addr->ta);
copy->type = addr->type;
memcpy(copy->addr, addr->addr, copy->size = addr->size);
return (true);
}
/* If on-page, the pointer references a cell. */
__wt_cell_unpack_addr(session, page->dsk, (WT_CELL *)addr, unpack);
Reported by FlawFinder.
Line: 1441
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
copy->type = WT_ADDR_LEAF_NO;
break;
}
memcpy(copy->addr, unpack->data, copy->size = (uint8_t)unpack->size);
return (true);
}
/*
* __wt_ref_block_free --
Reported by FlawFinder.
src/third_party/wiredtiger/src/cursor/cur_table.c
4 issues
Line: 64
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
key = &cextract->idxc->key;
WT_ERR(__wt_buf_grow(session, key, ikey.size + pkey.size));
memcpy((uint8_t *)key->mem, ikey.data, ikey.size);
memcpy((uint8_t *)key->mem + ikey.size, pkey.data, pkey.size);
key->size = ikey.size + pkey.size;
/*
* The index key is now set and the value is empty (it starts clear and is never set).
Reported by FlawFinder.
Line: 65
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
key = &cextract->idxc->key;
WT_ERR(__wt_buf_grow(session, key, ikey.size + pkey.size));
memcpy((uint8_t *)key->mem, ikey.data, ikey.size);
memcpy((uint8_t *)key->mem + ikey.size, pkey.data, pkey.size);
key->size = ikey.size + pkey.size;
/*
* The index key is now set and the value is empty (it starts clear and is never set).
*/
Reported by FlawFinder.
Line: 1026
Column: 62
CWE codes:
126
/* Handle projections. */
WT_ERR(__wt_scr_alloc(session, 0, &tmp));
if (columns != NULL) {
WT_ERR(__wt_struct_reformat(session, table, columns, strlen(columns), NULL, false, tmp));
WT_ERR(__wt_strndup(session, tmp->data, tmp->size, &cursor->value_format));
WT_ERR(__wt_buf_init(session, tmp, 0));
WT_ERR(__wt_struct_plan(session, table, columns, strlen(columns), false, tmp));
WT_ERR(__wt_strndup(session, tmp->data, tmp->size, &ctable->plan));
Reported by FlawFinder.
Line: 1030
Column: 58
CWE codes:
126
WT_ERR(__wt_strndup(session, tmp->data, tmp->size, &cursor->value_format));
WT_ERR(__wt_buf_init(session, tmp, 0));
WT_ERR(__wt_struct_plan(session, table, columns, strlen(columns), false, tmp));
WT_ERR(__wt_strndup(session, tmp->data, tmp->size, &ctable->plan));
}
/*
* random_retrieval Random retrieval cursors only support next, reset and close.
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/utility/utility_test.cc
4 issues
Line: 47
using ::testing::Pointee;
using ::testing::StaticAssertTypeEq;
TEST(IntegerSequenceTest, ValueType) {
StaticAssertTypeEq<int, absl::integer_sequence<int>::value_type>();
StaticAssertTypeEq<char, absl::integer_sequence<char>::value_type>();
}
TEST(IntegerSequenceTest, Size) {
Reported by Cppcheck.
Line: 194
Column: 18
CWE codes:
120
OverloadedFunctor(OverloadedFunctor&&) {}
template <typename... Args>
std::string operator()(const Args&... args) & {
return absl::StrCat("&", args...);
}
template <typename... Args>
std::string operator()(const Args&... args) const& {
return absl::StrCat("const&", args...);
}
Reported by FlawFinder.
Line: 198
Column: 18
CWE codes:
120
}
template <typename... Args>
std::string operator()(const Args&... args) const& {
return absl::StrCat("const&", args...);
}
template <typename... Args>
std::string operator()(const Args&... args) && {
return absl::StrCat("&&", args...);
}
Reported by FlawFinder.
Line: 202
Column: 18
CWE codes:
120
}
template <typename... Args>
std::string operator()(const Args&... args) && {
return absl::StrCat("&&", args...);
}
};
struct Class {
int Method(int a, int b) { return a - b; }
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/time/internal/cctz/src/time_zone_info.cc
4 issues
Line: 635
Column: 22
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
#if defined(_MSC_VER)
_dupenv_s(&tzdir_env, nullptr, "TZDIR");
#else
tzdir_env = std::getenv("TZDIR");
#endif
if (tzdir_env && *tzdir_env) tzdir = tzdir_env;
path += tzdir;
path += '/';
#if defined(_MSC_VER)
Reported by FlawFinder.
Line: 586
Column: 10
CWE codes:
362
if (fopen_s(&fp, path, mode) != 0) fp = nullptr;
return fp;
#else
return fopen(path, mode); // TODO: Enable the close-on-exec flag.
#endif
}
// A stdio(3)-backed implementation of ZoneInfoSource.
class FileZoneInfoSource : public ZoneInfoSource {
Reported by FlawFinder.
Line: 682
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
std::unique_ptr<FILE, int (*)(FILE*)> fp(FOpen(tzdata, "rb"), fclose);
if (fp.get() == nullptr) continue;
char hbuf[24]; // covers header.zonetab_offset too
if (fread(hbuf, 1, sizeof(hbuf), fp.get()) != sizeof(hbuf)) continue;
if (strncmp(hbuf, "tzdata", 6) != 0) continue;
const char* vers = (hbuf[11] == '\0') ? hbuf + 6 : "";
const std::int_fast32_t index_offset = Decode32(hbuf + 12);
const std::int_fast32_t data_offset = Decode32(hbuf + 16);
Reported by FlawFinder.
Line: 692
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (fseek(fp.get(), static_cast<long>(index_offset), SEEK_SET) != 0)
continue;
char ebuf[52]; // covers entry.unused too
const std::size_t index_size =
static_cast<std::size_t>(data_offset - index_offset);
const std::size_t zonecnt = index_size / sizeof(ebuf);
if (zonecnt * sizeof(ebuf) != index_size) continue;
for (std::size_t i = 0; i != zonecnt; ++i) {
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/strings/str_replace_benchmark.cc
4 issues
Line: 60
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
"pack my box with the five dozen liquor jugs"}) {
for (int i = 0; i < 10 * 1000; ++i) {
r = r * 237 + 41; // not very random.
memcpy(&(*big_string)[r % (big_string->size() - phrase.size())],
phrase.data(), phrase.size());
}
}
// big_string->resize(50);
// OK, we've set up the string, now let's set up expectations - first by
Reported by FlawFinder.
Line: 70
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
after_replacing_the = new std::string(*big_string);
for (size_t pos = 0;
(pos = after_replacing_the->find("the", pos)) != std::string::npos;) {
memcpy(&(*after_replacing_the)[pos], "box", 3);
}
// And then with all the replacements.
after_replacing_many = new std::string(*big_string);
for (size_t pos = 0;;) {
size_t next_pos = static_cast<size_t>(-1);
Reported by FlawFinder.
Line: 87
Column: 47
CWE codes:
126
}
}
if (next_pos > after_replacing_many->size()) break;
after_replacing_many->replace(next_pos, strlen(needle_string),
replacement_string);
next_pos += strlen(replacement_string);
pos = next_pos;
}
}
Reported by FlawFinder.
Line: 89
Column: 19
CWE codes:
126
if (next_pos > after_replacing_many->size()) break;
after_replacing_many->replace(next_pos, strlen(needle_string),
replacement_string);
next_pos += strlen(replacement_string);
pos = next_pos;
}
}
}
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/strings/substitute_test.cc
4 issues
Line: 133
EXPECT_EQ("Text: ''", absl::Substitute("Text: '$0'", null_cstring));
}
TEST(SubstituteTest, SubstituteAndAppend) {
std::string str = "Hello";
absl::SubstituteAndAppend(&str, ", $0!", "world");
EXPECT_EQ("Hello, world!", str);
// Test all overloads.
Reported by Cppcheck.
Line: 68
Column: 19
CWE codes:
120
// Pointer.
const int* int_p = reinterpret_cast<const int*>(0x12345);
std::string str = absl::Substitute("$0", int_p);
EXPECT_EQ(absl::StrCat("0x", absl::Hex(int_p)), str);
// Volatile Pointer.
// Like C++ streamed I/O, such pointers implicitly become bool
volatile int vol = 237;
volatile int *volatile volptr = &vol;
Reported by FlawFinder.
Line: 87
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
str = absl::Substitute("$0", char_p);
EXPECT_EQ("print me", str);
char char_buf[16];
strncpy(char_buf, "print me too", sizeof(char_buf));
str = absl::Substitute("$0", char_buf);
EXPECT_EQ("print me too", str);
// null char* is "doubly" special. Represented as the empty string.
Reported by FlawFinder.
Line: 88
Column: 3
CWE codes:
120
EXPECT_EQ("print me", str);
char char_buf[16];
strncpy(char_buf, "print me too", sizeof(char_buf));
str = absl::Substitute("$0", char_buf);
EXPECT_EQ("print me too", str);
// null char* is "doubly" special. Represented as the empty string.
char_p = nullptr;
Reported by FlawFinder.
src/third_party/wiredtiger/src/config/config.c
4 issues
Line: 46
Column: 31
CWE codes:
126
{
size_t len;
len = (str == NULL) ? 0 : strlen(str);
__wt_config_initn(session, conf, str, len);
}
/*
Reported by FlawFinder.
Line: 596
Column: 37
CWE codes:
126
int
__wt_config_gets(WT_SESSION_IMPL *session, const char **cfg, const char *key, WT_CONFIG_ITEM *value)
{
WT_CONFIG_ITEM key_item = {key, strlen(key), 0, WT_CONFIG_ITEM_STRING};
return (__wt_config_get(session, cfg, &key_item, value));
}
/*
Reported by FlawFinder.
Line: 639
Column: 37
CWE codes:
126
WT_SESSION_IMPL *session, const char *config, const char *key, WT_CONFIG_ITEM *value)
{
WT_CONFIG cparser;
WT_CONFIG_ITEM key_item = {key, strlen(key), 0, WT_CONFIG_ITEM_STRING};
__wt_config_init(session, &cparser, config);
return (__config_getraw(&cparser, &key_item, value, true));
}
Reported by FlawFinder.
Line: 727
Column: 37
CWE codes:
126
__wt_config_subgets(
WT_SESSION_IMPL *session, WT_CONFIG_ITEM *cfg, const char *key, WT_CONFIG_ITEM *value)
{
WT_CONFIG_ITEM key_item = {key, strlen(key), 0, WT_CONFIG_ITEM_STRING};
return (__wt_config_subgetraw(session, cfg, &key_item, value));
}
/*
Reported by FlawFinder.
src/third_party/wiredtiger/src/config/config_api.c
4 issues
Line: 80
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Setup a WT_CONFIG_ITEM to be used for get calls and a WT_CONFIG structure for iterations
* through the configuration string.
*/
memcpy(&config_parser->config_item, &config_item, sizeof(config_item));
__wt_config_initn(session, &config_parser->config, config, len);
*config_parserp = (WT_CONFIG_PARSER *)config_parser;
return (0);
}
Reported by FlawFinder.
Line: 282
Column: 48
CWE codes:
126
*/
WT_ERR(__wt_calloc_one(session, &entry));
entry->method = (*epp)->method;
len = strlen((*epp)->base) + strlen(",") + strlen(config) + 1;
WT_ERR(__wt_calloc_def(session, len, &p));
entry->base = p;
WT_ERR(__wt_snprintf(p, len, "%s,%s", (*epp)->base, config));
/*
Reported by FlawFinder.
Line: 282
Column: 11
CWE codes:
126
*/
WT_ERR(__wt_calloc_one(session, &entry));
entry->method = (*epp)->method;
len = strlen((*epp)->base) + strlen(",") + strlen(config) + 1;
WT_ERR(__wt_calloc_def(session, len, &p));
entry->base = p;
WT_ERR(__wt_snprintf(p, len, "%s,%s", (*epp)->base, config));
/*
Reported by FlawFinder.
Line: 282
Column: 34
CWE codes:
126
*/
WT_ERR(__wt_calloc_one(session, &entry));
entry->method = (*epp)->method;
len = strlen((*epp)->base) + strlen(",") + strlen(config) + 1;
WT_ERR(__wt_calloc_def(session, len, &p));
entry->base = p;
WT_ERR(__wt_snprintf(p, len, "%s,%s", (*epp)->base, config));
/*
Reported by FlawFinder.
src/third_party/wiredtiger/src/btree/row_key.c
4 issues
Line: 256
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__wt_row_leaf_key_info(page, copy, NULL, NULL, &group_key, &group_size, &group_prefix);
if (group_key != NULL) {
WT_RET(__wt_buf_init(session, keyb, key_prefix + key_size));
memcpy(keyb->mem, group_key, key_prefix);
memcpy((uint8_t *)keyb->mem + key_prefix, key_data, key_size);
keyb->size = key_prefix + key_size;
/*
* If this is the key we originally wanted, we don't care if we're rolling forward
* or backward, it's what we want.
Reported by FlawFinder.
Line: 257
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (group_key != NULL) {
WT_RET(__wt_buf_init(session, keyb, key_prefix + key_size));
memcpy(keyb->mem, group_key, key_prefix);
memcpy((uint8_t *)keyb->mem + key_prefix, key_data, key_size);
keyb->size = key_prefix + key_size;
/*
* If this is the key we originally wanted, we don't care if we're rolling forward
* or backward, it's what we want.
*
Reported by FlawFinder.
Line: 307
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
WT_ASSERT(session, keyb->size >= key_prefix);
keyb->size = key_prefix;
WT_RET(__wt_buf_grow(session, keyb, key_prefix + key_size));
memcpy((uint8_t *)keyb->data + key_prefix, key_data, key_size);
keyb->size = key_prefix + key_size;
if (slot_offset == 0)
break;
}
Reported by FlawFinder.
Line: 378
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
WT_RET(__wt_calloc(session, 1, sizeof(WT_IKEY) + size, &ikey));
ikey->size = WT_STORE_SIZE(size);
ikey->cell_offset = cell_offset;
memcpy(WT_IKEY_DATA(ikey), key, size);
*ikeyp = ikey;
return (0);
}
/*
Reported by FlawFinder.