The following issues were found
src/third_party/icu4c-57.1/source/common/udata.cpp
3 issues
Line: 1410
Column: 59
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
U_CAPI void U_EXPORT2 udata_setFileAccess(UDataFileAccess access, UErrorCode * /*status*/)
{
// Note: this function is documented as not thread safe.
gDataFileAccess = access;
}
Reported by FlawFinder.
Line: 1413
Column: 23
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
U_CAPI void U_EXPORT2 udata_setFileAccess(UDataFileAccess access, UErrorCode * /*status*/)
{
// Note: this function is documented as not thread safe.
gDataFileAccess = access;
}
Reported by FlawFinder.
Line: 753
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if defined(OS390_STUBDATA) && defined(OS390BATCH)
if (!UDataMemory_isLoaded(&tData)) {
char ourPathBuffer[1024];
/* One more chance, for extendCommonData() */
uprv_strncpy(ourPathBuffer, path, 1019);
ourPathBuffer[1019]=0;
uprv_strcat(ourPathBuffer, ".dat");
uprv_mapFile(&tData, ourPathBuffer);
Reported by FlawFinder.
src/mongo/base/data_range_cursor_test.cpp
3 issues
Line: 60
ASSERT_NOT_OK(cdrc.readAndAdvanceNoThrow<char>());
}
TEST(DataRangeCursor, ConstDataRangeCursorType) {
char buf[] = "foo";
ConstDataRangeCursor cdrc(buf, buf + sizeof(buf));
ConstDataRangeCursor out(nullptr, nullptr);
Reported by Cppcheck.
Line: 39
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
namespace mongo {
TEST(DataRangeCursor, ConstDataRangeCursor) {
char buf[14];
DataView(buf).write<uint16_t>(1);
DataView(buf).write<LittleEndian<uint32_t>>(2, sizeof(uint16_t));
DataView(buf).write<BigEndian<uint64_t>>(3, sizeof(uint16_t) + sizeof(uint32_t));
Reported by FlawFinder.
Line: 72
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
TEST(DataRangeCursor, DataRangeCursor) {
char buf[100] = {0};
DataRangeCursor dc(buf, buf + 14);
ASSERT_OK(dc.writeAndAdvanceNoThrow<uint16_t>(1));
ASSERT_OK(dc.writeAndAdvanceNoThrow<LittleEndian<uint32_t>>(2));
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/common/cwchar.h
3 issues
Line: 39
Column: 24
CWE codes:
120
Suggestion:
Consider using a function version that stops copying at the end of the buffer
/* The following are not available on all systems, defined in wchar.h or string.h. */
#if U_HAVE_WCSCPY
# define uprv_wcscpy wcscpy
# define uprv_wcscat wcscat
# define uprv_wcslen wcslen
#else
U_CAPI wchar_t* U_EXPORT2
uprv_wcscpy(wchar_t *dst, const wchar_t *src);
Reported by FlawFinder.
Line: 40
Column: 24
CWE codes:
120
/* The following are not available on all systems, defined in wchar.h or string.h. */
#if U_HAVE_WCSCPY
# define uprv_wcscpy wcscpy
# define uprv_wcscat wcscat
# define uprv_wcslen wcslen
#else
U_CAPI wchar_t* U_EXPORT2
uprv_wcscpy(wchar_t *dst, const wchar_t *src);
U_CAPI wchar_t* U_EXPORT2
Reported by FlawFinder.
Line: 41
Column: 24
CWE codes:
126
#if U_HAVE_WCSCPY
# define uprv_wcscpy wcscpy
# define uprv_wcscat wcscat
# define uprv_wcslen wcslen
#else
U_CAPI wchar_t* U_EXPORT2
uprv_wcscpy(wchar_t *dst, const wchar_t *src);
U_CAPI wchar_t* U_EXPORT2
uprv_wcscat(wchar_t *dst, const wchar_t *src);
Reported by FlawFinder.
buildscripts/idl/idl/bson.py
3 issues
Line: 87
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def is_scalar_bson_type(name):
# type: (str) -> bool
"""Return True if this bson type is a scalar."""
assert is_valid_bson_type(name)
return _BSON_TYPE_INFORMATION[name]['scalar'] # type: ignore
def cpp_bson_type_name(name):
# type: (str) -> str
Reported by Bandit.
Line: 94
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def cpp_bson_type_name(name):
# type: (str) -> str
"""Return the C++ type name for a bson type."""
assert is_valid_bson_type(name)
return _BSON_TYPE_INFORMATION[name]['bson_type_enum'] # type: ignore
def list_valid_types():
# type: () -> List[str]
Reported by Bandit.
Line: 113
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def cpp_bindata_subtype_type_name(name):
# type: (str) -> str
"""Return the C++ type name for a bindata subtype."""
assert is_valid_bindata_subtype(name)
return _BINDATA_SUBTYPE[name]['bindata_enum'] # type: ignore
Reported by Bandit.
src/third_party/gperftools/dist/src/profiledata.cc
3 issues
Line: 76
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
evict_[num_evicted_++] = entry.count;
evict_[num_evicted_++] = d;
memcpy(&evict_[num_evicted_], entry.stack, d * sizeof(Slot));
num_evicted_ += d;
}
ProfileData::ProfileData()
: hash_(0),
Reported by FlawFinder.
Line: 99
Column: 12
CWE codes:
362
}
// Open output file and initialize various data structures
int fd = open(fname, O_CREAT | O_WRONLY | O_TRUNC, 0666);
if (fd < 0) {
// Can't open outfile for write
return false;
}
Reported by FlawFinder.
Line: 228
Column: 5
CWE codes:
120
state->start_time = start_time_;
state->samples_gathered = count_;
int buf_size = sizeof(state->profile_name);
strncpy(state->profile_name, fname_, buf_size);
state->profile_name[buf_size-1] = '\0';
} else {
state->enabled = false;
state->start_time = 0;
state->samples_gathered = 0;
Reported by FlawFinder.
src/mongo/base/data_cursor_test.cpp
3 issues
Line: 92
ASSERT_EQUALS(buf, cdc.view());
}
TEST(DataCursor, DataCursor) {
char buf[100];
DataCursor dc(buf);
dc.writeAndAdvance<uint16_t>(1);
Reported by Cppcheck.
Line: 39
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
namespace mongo {
TEST(DataCursor, ConstDataCursor) {
char buf[100];
DataView(buf).write<uint16_t>(1);
DataView(buf).write<LittleEndian<uint32_t>>(2, sizeof(uint16_t));
DataView(buf).write<BigEndian<uint64_t>>(3, sizeof(uint16_t) + sizeof(uint32_t));
Reported by FlawFinder.
Line: 93
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
TEST(DataCursor, DataCursor) {
char buf[100];
DataCursor dc(buf);
dc.writeAndAdvance<uint16_t>(1);
dc.writeAndAdvance<LittleEndian<uint32_t>>(2);
Reported by FlawFinder.
src/third_party/gperftools/dist/src/memory_region_map.cc
3 issues
Line: 180
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Constructor-less place-holder to store a RegionSet in.
union MemoryRegionMap::RegionSetRep {
char rep[sizeof(RegionSet)];
void* align_it; // do not need a better alignment for 'rep' than this
RegionSet* region_set() { return reinterpret_cast<RegionSet*>(rep); }
};
// The bytes where MemoryRegionMap::regions_ will point to.
Reported by FlawFinder.
Line: 399
Column: 14
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
bucket != 0;
bucket = bucket->next) {
if ((bucket->hash == hash) && (bucket->depth == depth) &&
std::equal(key, key + depth, bucket->stack)) {
return bucket;
}
}
// Create new bucket
Reported by FlawFinder.
Line: 515
Column: 16
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
curr != 0;
curr = curr->next) {
if ((curr->hash == bucket.hash) && (curr->depth == bucket.depth) &&
std::equal(bucket.stack, bucket.stack + bucket.depth, curr->stack)) {
curr->allocs += bucket.allocs;
curr->alloc_size += bucket.alloc_size;
curr->frees += bucket.frees;
curr->free_size += bucket.free_size;
is_found = true;
Reported by FlawFinder.
src/third_party/gperftools/dist/src/stacktrace_powerpc-linux-inl.h
3 issues
Line: 185
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef __PPC64__
if (sigtramp64_vdso && (sigtramp64_vdso == current->return_addr)) {
struct signal_frame_64 {
char dummy[128];
ucontext_t uc;
// We don't care about the rest, since the IP value is at 'uc' field.
} *sigframe = reinterpret_cast<signal_frame_64*>(current);
result[n] = (void*) sigframe->uc.uc_mcontext.gp_regs[PT_NIP];
}
Reported by FlawFinder.
Line: 194
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#else
if (sigtramp32_vdso && (sigtramp32_vdso == current->return_addr)) {
struct signal_frame_32 {
char dummy[64];
struct sigcontext sctx;
mcontext_t mctx;
// We don't care about the rest, since IP value is at 'mctx' field.
} *sigframe = reinterpret_cast<signal_frame_32*>(current);
result[n] = (void*) sigframe->mctx.gregs[PT_NIP];
Reported by FlawFinder.
Line: 202
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
result[n] = (void*) sigframe->mctx.gregs[PT_NIP];
} else if (sigtramp32_rt_vdso && (sigtramp32_rt_vdso == current->return_addr)) {
struct rt_signal_frame_32 {
char dummy[64 + 16];
siginfo_t info;
ucontext_t uc;
// We don't care about the rest, since IP value is at 'uc' field.A
} *sigframe = reinterpret_cast<rt_signal_frame_32*>(current);
result[n] = (void*) sigframe->uc.uc_mcontext.uc_regs->gregs[PT_NIP];
Reported by FlawFinder.
src/third_party/gperftools/dist/src/base/sysinfo.h
3 issues
Line: 106
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#else // a one-line buffer is good enough
static const size_t kBufSize = PATH_MAX + 1024;
#endif
char buf_[kBufSize];
};
// Create a new iterator for the specified pid. pid can be 0 for "self".
explicit ProcMapsIterator(pid_t pid);
Reported by FlawFinder.
Line: 211
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int current_load_cmd_; // the segment of this dll we're examining
#elif defined(__sun__) // Solaris
int fd_;
char current_filename_[PATH_MAX];
#else
int fd_; // filehandle on /proc/*/maps
#endif
pid_t pid_;
char flags_[10];
Reported by FlawFinder.
Line: 216
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int fd_; // filehandle on /proc/*/maps
#endif
pid_t pid_;
char flags_[10];
Buffer* dynamic_buffer_; // dynamically-allocated Buffer
bool using_maps_backing_; // true if we are looking at maps_backing instead of maps.
};
#endif /* #ifndef SWIG */
Reported by FlawFinder.
src/third_party/gperftools/dist/src/tests/profile-handler_unittest.cc
3 issues
Line: 145
Column: 20
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
// Determines the timer type.
static void SetUpTestCase() {
timer_type_ = (getenv("CPUPROFILE_REALTIME") ? ITIMER_REAL : ITIMER_PROF);
#if HAVE_LINUX_SIGEV_THREAD_ID
linux_per_thread_timers_mode_ = (getenv("CPUPROFILE_PER_THREAD_TIMERS") != NULL);
const char *signal_number = getenv("CPUPROFILE_TIMER_SIGNAL");
if (signal_number) {
Reported by FlawFinder.
Line: 148
Column: 38
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
timer_type_ = (getenv("CPUPROFILE_REALTIME") ? ITIMER_REAL : ITIMER_PROF);
#if HAVE_LINUX_SIGEV_THREAD_ID
linux_per_thread_timers_mode_ = (getenv("CPUPROFILE_PER_THREAD_TIMERS") != NULL);
const char *signal_number = getenv("CPUPROFILE_TIMER_SIGNAL");
if (signal_number) {
//signal_number_ = strtol(signal_number, NULL, 0);
linux_per_thread_timers_mode_ = true;
Delay(kTimerResetInterval);
Reported by FlawFinder.
Line: 149
Column: 33
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
#if HAVE_LINUX_SIGEV_THREAD_ID
linux_per_thread_timers_mode_ = (getenv("CPUPROFILE_PER_THREAD_TIMERS") != NULL);
const char *signal_number = getenv("CPUPROFILE_TIMER_SIGNAL");
if (signal_number) {
//signal_number_ = strtol(signal_number, NULL, 0);
linux_per_thread_timers_mode_ = true;
Delay(kTimerResetInterval);
}
Reported by FlawFinder.