The following issues were found
src/third_party/abseil-cpp-master/abseil-cpp/absl/strings/internal/utf8_test.cc
4 issues
Line: 37
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{0x0000FFFF, u8"\U0000FFFF"},
{0x0010FFFD, u8"\U0010FFFD"}};
for (auto &test : tests) {
char buf0[7] = {'\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00'};
char buf1[7] = {'\xFF', '\xFF', '\xFF', '\xFF', '\xFF', '\xFF', '\xFF'};
char *buf0_written =
&buf0[absl::strings_internal::EncodeUTF8Char(buf0, test.first)];
char *buf1_written =
&buf1[absl::strings_internal::EncodeUTF8Char(buf1, test.first)];
Reported by FlawFinder.
Line: 38
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{0x0010FFFD, u8"\U0010FFFD"}};
for (auto &test : tests) {
char buf0[7] = {'\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00'};
char buf1[7] = {'\xFF', '\xFF', '\xFF', '\xFF', '\xFF', '\xFF', '\xFF'};
char *buf0_written =
&buf0[absl::strings_internal::EncodeUTF8Char(buf0, test.first)];
char *buf1_written =
&buf1[absl::strings_internal::EncodeUTF8Char(buf1, test.first)];
int apparent_length = 7;
Reported by FlawFinder.
Line: 54
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
EXPECT_EQ(std::string(buf0, apparent_length), test.second);
EXPECT_EQ(std::string(buf1, apparent_length), test.second);
}
char buf[32] = "Don't Tread On Me";
EXPECT_LE(absl::strings_internal::EncodeUTF8Char(buf, 0x00110000),
absl::strings_internal::kMaxEncodedUTF8Size);
char buf2[32] = "Negative is invalid but sane";
EXPECT_LE(absl::strings_internal::EncodeUTF8Char(buf2, -1),
absl::strings_internal::kMaxEncodedUTF8Size);
Reported by FlawFinder.
Line: 57
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char buf[32] = "Don't Tread On Me";
EXPECT_LE(absl::strings_internal::EncodeUTF8Char(buf, 0x00110000),
absl::strings_internal::kMaxEncodedUTF8Size);
char buf2[32] = "Negative is invalid but sane";
EXPECT_LE(absl::strings_internal::EncodeUTF8Char(buf2, -1),
absl::strings_internal::kMaxEncodedUTF8Size);
}
#if defined(__clang__)
#pragma clang diagnostic pop
Reported by FlawFinder.
site_scons/site_tools/incremental_link.py
4 issues
Line: 23
Column: 1
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
import SCons
def _tag_as_precious(target, source, env):
env.Precious(target)
return target, source
Reported by Pylint.
Line: 1
Column: 1
# Copyright 2020 MongoDB Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
Reported by Pylint.
Line: 31
Column: 1
return target, source
def generate(env):
builders = env["BUILDERS"]
for builder in ("Program", "SharedLibrary", "LoadableModule"):
emitter = builders[builder].emitter
builders[builder].emitter = SCons.Builder.ListEmitter(
[emitter, _tag_as_precious,]
Reported by Pylint.
Line: 40
Column: 1
)
def exists(env):
# By default, the windows linker is incremental, so unless
# overridden in the environment with /INCREMENTAL:NO, the tool is
# in play.
if env.TargetOSIs("windows") and not "/INCREMENTAL:NO" in env["LINKFLAGS"]:
return True
Reported by Pylint.
src/third_party/abseil-cpp-master/abseil-cpp/absl/strings/internal/cord_rep_ring.cc
4 issues
Line: 76
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
assert(n <= kMaxFlatLength);
auto* rep = CordRepFlat::New(n + extra);
rep->length = n;
memcpy(rep->Data(), s, n);
return rep;
}
// Unrefs the provided `substring`, and returns `substring->child`
// Adds or assumes a reference on `substring->child`
Reported by FlawFinder.
Line: 632
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (rep->refcount.IsOne()) {
Span<char> avail = rep->GetAppendBuffer(data.length());
if (!avail.empty()) {
memcpy(avail.data(), data.data(), avail.length());
data.remove_prefix(avail.length());
}
}
if (data.empty()) return Validate(rep);
Reported by FlawFinder.
Line: 667
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
Span<char> avail = rep->GetPrependBuffer(data.length());
if (!avail.empty()) {
const char* tail = data.data() + data.length() - avail.length();
memcpy(avail.data(), tail, avail.length());
data.remove_suffix(avail.length());
}
}
if (data.empty()) return rep;
Reported by FlawFinder.
Line: 681
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t first_size = data.size() - (flats - 1) * kMaxFlatLength;
CordRepFlat* flat = CordRepFlat::New(first_size + extra);
flat->length = first_size + extra;
memcpy(flat->Data() + extra, data.data(), first_size);
data.remove_prefix(first_size);
filler.Add(flat, extra, pos);
pos -= first_size;
while (!data.empty()) {
Reported by FlawFinder.
src/third_party/wiredtiger/src/btree/row_key.c
4 issues
Line: 256
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
__wt_row_leaf_key_info(page, copy, NULL, NULL, &group_key, &group_size, &group_prefix);
if (group_key != NULL) {
WT_RET(__wt_buf_init(session, keyb, key_prefix + key_size));
memcpy(keyb->mem, group_key, key_prefix);
memcpy((uint8_t *)keyb->mem + key_prefix, key_data, key_size);
keyb->size = key_prefix + key_size;
/*
* If this is the key we originally wanted, we don't care if we're rolling forward
* or backward, it's what we want.
Reported by FlawFinder.
Line: 257
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (group_key != NULL) {
WT_RET(__wt_buf_init(session, keyb, key_prefix + key_size));
memcpy(keyb->mem, group_key, key_prefix);
memcpy((uint8_t *)keyb->mem + key_prefix, key_data, key_size);
keyb->size = key_prefix + key_size;
/*
* If this is the key we originally wanted, we don't care if we're rolling forward
* or backward, it's what we want.
*
Reported by FlawFinder.
Line: 307
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
WT_ASSERT(session, keyb->size >= key_prefix);
keyb->size = key_prefix;
WT_RET(__wt_buf_grow(session, keyb, key_prefix + key_size));
memcpy((uint8_t *)keyb->data + key_prefix, key_data, key_size);
keyb->size = key_prefix + key_size;
if (slot_offset == 0)
break;
}
Reported by FlawFinder.
Line: 378
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
WT_RET(__wt_calloc(session, 1, sizeof(WT_IKEY) + size, &ikey));
ikey->size = WT_STORE_SIZE(size);
ikey->cell_offset = cell_offset;
memcpy(WT_IKEY_DATA(ikey), key, size);
*ikeyp = ikey;
return (0);
}
/*
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/strings/cord_test.cc
4 issues
Line: 668
EXPECT_EQ("foo", std::string(cord));
}
TEST(Cord, RemoveSuffixMakesZeroLengthNode) {
absl::Cord c;
c.Append(absl::Cord(std::string(100, 'x')));
absl::Cord other_ref = c; // Prevent inplace appends
c.Append(absl::Cord(std::string(200, 'y')));
c.RemoveSuffix(200);
Reported by Cppcheck.
Line: 1581
Column: 35
CWE codes:
120
SCOPED_TRACE(num_elements);
std::vector<std::string> cord_chunks;
for (int i = 0; i < num_elements; ++i) {
cord_chunks.push_back(absl::StrCat("[", i, "]"));
}
absl::Cord c = absl::MakeFragmentedCord(cord_chunks);
std::vector<std::string> iterated_chunks;
absl::CordTestPeer::ForEachChunk(c,
Reported by FlawFinder.
Line: 149
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// Add an external memory that contains the specified std::string to cord
static void AddNewStringBlock(const std::string& str, absl::Cord* dst) {
char* data = new char[str.size()];
memcpy(data, str.data(), str.size());
dst->Append(absl::MakeCordFromExternal(
absl::string_view(data, str.size()),
[](absl::string_view s) { delete[] s.data(); }));
}
Reported by FlawFinder.
Line: 543
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Return a std::string of the specified length.
static std::string MakeString(int length) {
std::string result;
char buf[30];
snprintf(buf, sizeof(buf), "(%d)", length);
while (result.size() < length) {
result += buf;
}
result.resize(length);
Reported by FlawFinder.
src/third_party/wiredtiger/src/btree/bt_vrfy.c
4 issues
Line: 114
Column: 27
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
*/
*quitp = true;
/* NOLINTNEXTLINE(cert-err34-c) */
if (v.len != 0 || sscanf(k.str, "%" SCNu64, &offset) != 1)
WT_RET_MSG(session, EINVAL, "unexpected dump offset format");
#if !defined(HAVE_DIAGNOSTIC)
WT_RET_MSG(session, ENOTSUP, "the WiredTiger library was not built in diagnostic mode");
#else
WT_TRET(__wt_debug_offset_blind(session, (wt_off_t)offset, NULL));
Reported by FlawFinder.
Line: 369
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
WT_ADDR_COPY addr;
WT_DECL_ITEM(tmp);
WT_DECL_RET;
char time_string[WT_TIME_STRING_SIZE];
WT_ERR(__wt_scr_alloc(session, 0, &tmp));
if (__wt_ref_addr_copy(session, ref, &addr)) {
WT_ERR(
Reported by FlawFinder.
Line: 731
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
WT_BTREE *btree;
WT_DECL_RET;
char tp_string[2][WT_TS_INT_STRING_SIZE];
bool start;
btree = S2BT(session);
start = true;
Reported by FlawFinder.
Line: 780
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wt_timestamp_t older_start_ts, older_stop_ts;
uint64_t hs_counter;
uint32_t hs_btree_id;
char ts_string[2][WT_TS_INT_STRING_SIZE];
btree = S2BT(session);
hs_btree_id = btree->id;
WT_RET(__wt_curhs_open(session, NULL, &hs_cursor));
F_SET(hs_cursor, WT_CURSTD_HS_READ_COMMITTED);
Reported by FlawFinder.
src/third_party/wiredtiger/src/config/config.c
4 issues
Line: 46
Column: 31
CWE codes:
126
{
size_t len;
len = (str == NULL) ? 0 : strlen(str);
__wt_config_initn(session, conf, str, len);
}
/*
Reported by FlawFinder.
Line: 596
Column: 37
CWE codes:
126
int
__wt_config_gets(WT_SESSION_IMPL *session, const char **cfg, const char *key, WT_CONFIG_ITEM *value)
{
WT_CONFIG_ITEM key_item = {key, strlen(key), 0, WT_CONFIG_ITEM_STRING};
return (__wt_config_get(session, cfg, &key_item, value));
}
/*
Reported by FlawFinder.
Line: 639
Column: 37
CWE codes:
126
WT_SESSION_IMPL *session, const char *config, const char *key, WT_CONFIG_ITEM *value)
{
WT_CONFIG cparser;
WT_CONFIG_ITEM key_item = {key, strlen(key), 0, WT_CONFIG_ITEM_STRING};
__wt_config_init(session, &cparser, config);
return (__config_getraw(&cparser, &key_item, value, true));
}
Reported by FlawFinder.
Line: 727
Column: 37
CWE codes:
126
__wt_config_subgets(
WT_SESSION_IMPL *session, WT_CONFIG_ITEM *cfg, const char *key, WT_CONFIG_ITEM *value)
{
WT_CONFIG_ITEM key_item = {key, strlen(key), 0, WT_CONFIG_ITEM_STRING};
return (__wt_config_subgetraw(session, cfg, &key_item, value));
}
/*
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/strings/charconv_benchmark.cc
4 issues
Line: 36
Column: 29
CWE codes:
126
void BM_Absl_Pi(benchmark::State& state) {
const char* pi = "3.14159";
const char* pi_end = pi + strlen(pi);
for (auto s : state) {
benchmark::DoNotOptimize(pi);
double v;
absl::from_chars(pi, pi_end, v);
benchmark::DoNotOptimize(v);
Reported by FlawFinder.
Line: 57
Column: 29
CWE codes:
126
void BM_Absl_Pi_float(benchmark::State& state) {
const char* pi = "3.14159";
const char* pi_end = pi + strlen(pi);
for (auto s : state) {
benchmark::DoNotOptimize(pi);
float v;
absl::from_chars(pi, pi_end, v);
benchmark::DoNotOptimize(v);
Reported by FlawFinder.
Line: 78
Column: 37
CWE codes:
126
void BM_Absl_HardLarge(benchmark::State& state) {
const char* numstr = "272104041512242479.e200";
const char* numstr_end = numstr + strlen(numstr);
for (auto s : state) {
benchmark::DoNotOptimize(numstr);
double v;
absl::from_chars(numstr, numstr_end, v);
benchmark::DoNotOptimize(v);
Reported by FlawFinder.
Line: 99
Column: 37
CWE codes:
126
void BM_Absl_HardSmall(benchmark::State& state) {
const char* numstr = "94080055902682397.e-242";
const char* numstr_end = numstr + strlen(numstr);
for (auto s : state) {
benchmark::DoNotOptimize(numstr);
double v;
absl::from_chars(numstr, numstr_end, v);
benchmark::DoNotOptimize(v);
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/status/status_test.cc
4 issues
Line: 28
using ::testing::Optional;
using ::testing::UnorderedElementsAreArray;
TEST(StatusCode, InsertionOperator) {
const absl::StatusCode code = absl::StatusCode::kUnknown;
std::ostringstream oss;
oss << code;
EXPECT_EQ(oss.str(), absl::StatusCodeToString(code));
}
Reported by Cppcheck.
Line: 80
Column: 15
CWE codes:
120
// Ensure that the creator does, in fact, create status objects with the
// expected error code and message.
std::string message =
absl::StrCat("error code ", test.code, " test message");
absl::Status status = test.creator(message);
EXPECT_EQ(test.code, status.code());
EXPECT_EQ(message, status.message());
// Ensure that the classifier returns true for a status produced by the
Reported by FlawFinder.
Line: 168
Column: 31
CWE codes:
120
EXPECT_THAT(bad_status.GetPayload(kUrl1), Optional(Eq(kPayload3)));
// Testing dynamically generated type_url
bad_status.SetPayload(absl::StrCat(kUrl1, ".1"), absl::Cord(kPayload1));
EXPECT_THAT(bad_status.GetPayload(absl::StrCat(kUrl1, ".1")),
Optional(Eq(kPayload1)));
}
TEST(Status, TestErasePayload) {
Reported by FlawFinder.
Line: 169
Column: 43
CWE codes:
120
// Testing dynamically generated type_url
bad_status.SetPayload(absl::StrCat(kUrl1, ".1"), absl::Cord(kPayload1));
EXPECT_THAT(bad_status.GetPayload(absl::StrCat(kUrl1, ".1")),
Optional(Eq(kPayload1)));
}
TEST(Status, TestErasePayload) {
absl::Status bad_status(absl::StatusCode::kInternal, "fail");
Reported by FlawFinder.
src/third_party/wiredtiger/src/btree/bt_huffman.c
4 issues
Line: 289
Column: 13
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
if (tmp->size == 0)
break;
/* NOLINTNEXTLINE(cert-err34-c) */
n = sscanf(tmp->data, "%" SCNi64 " %" SCNi64, &symbol, &frequency);
/*
* Entries is 0-based, that is, there are (entries +1) possible values that can be
* configured. The line number is 1-based, so adjust the test for too many entries, and
* report (entries +1) in the error as the maximum possible number of entries.
*/
Reported by FlawFinder.
Line: 227
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (strncmp(value_conf.str, "english", value_conf.len) == 0) {
struct __wt_huffman_table copy[WT_ELEMENTS(__wt_huffman_nytenglish)];
memcpy(copy, __wt_huffman_nytenglish, sizeof(__wt_huffman_nytenglish));
WT_RET(__wt_huffman_open(
session, copy, WT_ELEMENTS(__wt_huffman_nytenglish), 1, &btree->huffman_value));
} else {
WT_RET(__wt_huffman_read(session, &value_conf, &table, &entries, &numbytes));
ret = __wt_huffman_open(session, table, entries, numbytes, &btree->huffman_value);
Reported by FlawFinder.
Line: 150
Column: 15
CWE codes:
126
if (WT_PREFIX_MATCH(v->str, "utf8")) {
if (is_utf8p != NULL)
*is_utf8p = 1;
len = strlen("utf8");
} else if (WT_PREFIX_MATCH(v->str, "utf16"))
len = strlen("utf16");
if (len == 0 || len >= v->len)
WT_RET_MSG(session, EINVAL, "illegal Huffman configuration: %.*s", (int)v->len, v->str);
Reported by FlawFinder.
Line: 152
Column: 15
CWE codes:
126
*is_utf8p = 1;
len = strlen("utf8");
} else if (WT_PREFIX_MATCH(v->str, "utf16"))
len = strlen("utf16");
if (len == 0 || len >= v->len)
WT_RET_MSG(session, EINVAL, "illegal Huffman configuration: %.*s", (int)v->len, v->str);
/* Check the file exists. */
WT_RET(__wt_strndup(session, v->str + len, v->len - len, &fname));
Reported by FlawFinder.