The following issues were found
src/third_party/abseil-cpp-master/abseil-cpp/absl/base/internal/scoped_set_env_test.cc
3 issues
Line: 49
#endif
}
TEST(ScopedSetEnvTest, SetNonExistingVarToString) {
EXPECT_EQ(GetEnvVar("SCOPED_SET_ENV_TEST_VAR"), "UNSET");
{
ScopedSetEnv scoped_set("SCOPED_SET_ENV_TEST_VAR", "value");
Reported by Cppcheck.
Line: 40
Column: 23
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
return std::string(buf, get_res);
#else
const char* val = ::getenv(name);
if (val == nullptr) {
return "UNSET";
}
return val;
Reported by FlawFinder.
Line: 28
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
std::string GetEnvVar(const char* name) {
#ifdef _WIN32
char buf[1024];
auto get_res = GetEnvironmentVariableA(name, buf, sizeof(buf));
if (get_res >= sizeof(buf)) {
return "TOO_BIG";
}
Reported by FlawFinder.
src/mongo/db/exec/sbe/sbe_test.cpp
3 issues
Line: 83
}
}
TEST(SBEValues, Hash) {
auto tagInt32 = value::TypeTags::NumberInt32;
auto valInt32 = value::bitcastFrom<int32_t>(-5);
auto tagInt64 = value::TypeTags::NumberInt64;
auto valInt64 = value::bitcastFrom<int64_t>(-5);
Reported by Cppcheck.
Line: 133
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const auto secondNan = std::numeric_limits<double>::signaling_NaN();
auto getDoubleBits = [](double value) {
uint64_t bits = 0;
memcpy(&bits, &value, sizeof(value));
return bits;
};
ASSERT_NOT_EQUALS(getDoubleBits(firstNan), getDoubleBits(secondNan));
testDoubleVsDecimal(firstNan, secondNan);
}
Reported by FlawFinder.
Line: 433
Column: 24
CWE codes:
126
*/
void fillSmallStringTail(value::Value val, char pattern) {
char* rawView = value::getRawStringView(value::TypeTags::StringSmall, val);
for (auto i = std::strlen(rawView) + 1; i <= value::kSmallStringMaxLength; i++) {
rawView[i] = pattern;
}
}
} // namespace
Reported by FlawFinder.
src/third_party/scons-3.1.2/scons-local-3.1.2/SCons/Platform/sunos.py
3 issues
Line: 35
Column: 1
__revision__ = "src/engine/SCons/Platform/sunos.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"
from . import posix
def generate(env):
posix.generate(env)
# Based on sunSparc 8:32bit
# ARG_MAX=1048320 - 3000 for environment expansion
Reported by Pylint.
Line: 33
Column: 1
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
__revision__ = "src/engine/SCons/Platform/sunos.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"
from . import posix
def generate(env):
posix.generate(env)
Reported by Pylint.
Line: 37
Column: 1
from . import posix
def generate(env):
posix.generate(env)
# Based on sunSparc 8:32bit
# ARG_MAX=1048320 - 3000 for environment expansion
env['MAXLINELENGTH'] = 1045320
env['PKGINFO'] = 'pkginfo'
Reported by Pylint.
src/third_party/scons-3.1.2/scons-local-3.1.2/SCons/Platform/hpux.py
3 issues
Line: 35
Column: 1
__revision__ = "src/engine/SCons/Platform/hpux.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"
from . import posix
def generate(env):
posix.generate(env)
#Based on HP-UX11i: ARG_MAX=2048000 - 3000 for environment expansion
env['MAXLINELENGTH'] = 2045000
Reported by Pylint.
Line: 33
Column: 1
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
__revision__ = "src/engine/SCons/Platform/hpux.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"
from . import posix
def generate(env):
posix.generate(env)
Reported by Pylint.
Line: 37
Column: 1
from . import posix
def generate(env):
posix.generate(env)
#Based on HP-UX11i: ARG_MAX=2048000 - 3000 for environment expansion
env['MAXLINELENGTH'] = 2045000
# Local Variables:
Reported by Pylint.
src/third_party/scons-3.1.2/scons-local-3.1.2/SCons/Platform/irix.py
3 issues
Line: 35
Column: 1
__revision__ = "src/engine/SCons/Platform/irix.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"
from . import posix
def generate(env):
posix.generate(env)
# Local Variables:
Reported by Pylint.
Line: 33
Column: 1
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
__revision__ = "src/engine/SCons/Platform/irix.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"
from . import posix
def generate(env):
posix.generate(env)
Reported by Pylint.
Line: 37
Column: 1
from . import posix
def generate(env):
posix.generate(env)
# Local Variables:
# tab-width:4
# indent-tabs-mode:nil
Reported by Pylint.
src/mongo/db/exec/sbe/sbe_plan_stage_test.cpp
3 issues
Line: 71
Column: 11
CWE codes:
362
void PlanStageTestFixture::prepareTree(CompileCtx* ctx, PlanStage* root) {
root->prepare(*ctx);
root->attachToOperationContext(opCtx());
root->open(false);
}
value::SlotAccessor* PlanStageTestFixture::prepareTree(CompileCtx* ctx,
PlanStage* root,
value::SlotId slot) {
Reported by FlawFinder.
Line: 49
Column: 10
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
value::TypeTags rhsTag,
value::Value rhsVal) {
const auto equal = valueEquals(lhsTag, lhsVal, rhsTag, rhsVal);
if (!equal) {
std::stringstream ss;
ss << std::make_pair(lhsTag, lhsVal) << " != " << std::make_pair(rhsTag, rhsVal);
LOGV2(5075401, "{msg}", "msg"_attr = ss.str());
}
ASSERT_TRUE(equal);
Reported by FlawFinder.
Line: 54
Column: 17
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
ss << std::make_pair(lhsTag, lhsVal) << " != " << std::make_pair(rhsTag, rhsVal);
LOGV2(5075401, "{msg}", "msg"_attr = ss.str());
}
ASSERT_TRUE(equal);
}
std::pair<value::SlotId, std::unique_ptr<PlanStage>> PlanStageTestFixture::generateVirtualScan(
const BSONArray& array) {
auto [arrTag, arrVal] = stage_builder::makeValue(array);
return generateVirtualScan(arrTag, arrVal);
Reported by FlawFinder.
src/mongo/bson/bsonelement_test.cpp
3 issues
Line: 48
using namespace fmt::literals;
TEST(BSONElement, BinDataToString) {
BSONObjBuilder builder;
unsigned char bintype0[] = {0xDE, 0xEA, 0xBE, 0xEF, 0x01}; // Random BinData shorter than UUID
const UUID validUUID = UUID::gen();
unsigned char zeroUUID[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
Reported by Cppcheck.
Line: 53
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char bintype0[] = {0xDE, 0xEA, 0xBE, 0xEF, 0x01}; // Random BinData shorter than UUID
const UUID validUUID = UUID::gen();
unsigned char zeroUUID[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
unsigned char overlongUUID[] = {0xBF,
0xF7,
0x1F,
0x75,
0x04,
Reported by FlawFinder.
Line: 71
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0x81,
0x64,
0xff}; // Valid RFC4122v4 UUID, but with extra byte added.
unsigned char zeroLength[1] = {0}; // Not truly zero because Windows doesn't support that.
StringData unknownType = "binary data\000with an unknown type"_sd; // No terminating zero
const BinDataType unknownBinDataType = BinDataType(42);
builder.appendBinData("bintype0", sizeof(bintype0), BinDataGeneral, bintype0);
validUUID.appendToBuilder(&builder, "validUUID");
builder.appendBinData("zeroUUID", sizeof(zeroUUID), newUUID, zeroUUID);
Reported by FlawFinder.
src/third_party/s2/base/stringprintf.cc
3 issues
Line: 20
Column: 16
CWE codes:
134
Suggestion:
Use a constant for the format specification
// of the structure before using it and use that copy instead.
va_list backup_ap;
va_copy(backup_ap, ap);
int result = vsnprintf(space, sizeof(space), format, backup_ap);
va_end(backup_ap);
if ((result >= 0) && ((size_t)result < sizeof(space))) {
// It fit
dst->append(space, result);
Reported by FlawFinder.
Line: 43
Column: 14
CWE codes:
134
Suggestion:
Use a constant for the format specification
// Restore the va_list before we use it again
va_copy(backup_ap, ap);
result = vsnprintf(buf, length, format, backup_ap);
va_end(backup_ap);
if ((result >= 0) && ((size_t)result < length)) {
// It fit
dst->append(buf, result);
Reported by FlawFinder.
Line: 13
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void StringAppendV(string* dst, const char* format, va_list ap) {
// First try with a small fixed size buffer
char space[1024];
// It's possible for methods that use a va_list to invalidate
// the data in it upon use. The fix is to make a copy
// of the structure before using it and use that copy instead.
va_list backup_ap;
Reported by FlawFinder.
src/mongo/db/record_id.h
3 issues
Line: 80
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* retrieved using getLong().
*/
explicit RecordId(int64_t s) {
memcpy(_buffer, &s, sizeof(s));
_buffer[kBufEnd] = Format::kLong;
}
/**
* Construct a RecordId that holds a small binary string. The raw value for RecordStore storage
Reported by FlawFinder.
Line: 95
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fmt::format("key size {} greater than maximum {}", size, kBufMaxSize - 2),
size + 2 <= kBufMaxSize);
_buffer[0] = static_cast<char>(size);
memcpy(_buffer + 1, str, size);
_buffer[kBufEnd] = Format::kSmallStr;
}
/**
* Construct a RecordId from two halves.
Reported by FlawFinder.
Line: 291
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// - For the kLong type, the first 8 bytes encode the value in machine-endian order.
// - For the kSmallStr type, the first byte encodes the length and the remaining bytes encode
// the string.
char _buffer[kBufMaxSize];
};
inline bool operator==(RecordId lhs, RecordId rhs) {
return lhs.compare(rhs) == 0;
}
Reported by FlawFinder.
src/mongo/db/exec/sbe/sbe_hash_agg_test.cpp
3 issues
Line: 108
runTest(inputTag, inputVal, expectedTag, expectedVal, makeStageFn);
}
TEST_F(HashAggStageTest, HashAggAddToSetTest) {
using namespace std::literals;
BSONArrayBuilder bab;
bab.append("cc").append("BB").append("Aa").append("Bb").append("dD").append("aA");
bab.append("CC").append("AA").append("Dd").append("cC").append("bb").append("DD");
Reported by Cppcheck.
Line: 340
Column: 12
CWE codes:
362
// Reposition to '6'.
seekAccessor.reset(value::TypeTags::NumberInt32, value::bitcastFrom<int>(6));
stage->open(true);
ASSERT_TRUE(stage->getNext() == PlanState::ADVANCED);
auto [res2Tag, res2Val] = resultAccessor->getViewOfValue();
// There are '3' occurences of '6' in the input.
assertValuesEqual(res2Tag, res2Val, value::TypeTags::NumberInt32, value::bitcastFrom<int>(3));
ASSERT_TRUE(stage->getNext() == PlanState::IS_EOF);
Reported by FlawFinder.
Line: 349
Column: 12
CWE codes:
362
// Reposition to '7'.
seekAccessor.reset(value::TypeTags::NumberInt32, value::bitcastFrom<int>(7));
stage->open(true);
ASSERT_TRUE(stage->getNext() == PlanState::ADVANCED);
auto [res3Tag, res3Val] = resultAccessor->getViewOfValue();
// There are '4' occurences of '7' in the input.
assertValuesEqual(res3Tag, res3Val, value::TypeTags::NumberInt32, value::bitcastFrom<int>(4));
ASSERT_TRUE(stage->getNext() == PlanState::IS_EOF);
Reported by FlawFinder.