The following issues were found
src/third_party/boost/boost/test/utils/setcolor.hpp
3 issues
Line: 92
Column: 31
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
state* /* unused */= NULL)
: m_is_color_output(is_color_output)
{
m_command_size = std::sprintf( m_control_command, "%c[%c;3%c;4%cm",
0x1B,
static_cast<char>(attr + '0'),
static_cast<char>(fg + '0'),
static_cast<char>(bg + '0'));
}
Reported by FlawFinder.
Line: 103
Column: 31
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
state* /* unused */)
: m_is_color_output(is_color_output)
{
m_command_size = std::sprintf(m_control_command, "%c[%c;3%c;4%cm",
0x1B,
static_cast<char>(term_attr::NORMAL + '0'),
static_cast<char>(term_color::ORIGINAL + '0'),
static_cast<char>(term_color::ORIGINAL + '0'));
}
Reported by FlawFinder.
Line: 122
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
private:
// Data members
bool m_is_color_output;
char m_control_command[13];
int m_command_size;
};
#else
Reported by FlawFinder.
src/third_party/boost/boost/system/detail/generic_category_message.hpp
3 issues
Line: 20
Column: 11
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
namespace boost
{
namespace system
{
namespace detail
{
Reported by FlawFinder.
Line: 47
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
inline std::string generic_error_category_message( int ev )
{
char buffer[ 128 ];
return generic_error_category_message( ev, buffer, sizeof( buffer ) );
}
#else // #if defined(__GLIBC__)
Reported by FlawFinder.
Line: 88
Column: 10
CWE codes:
120
if( m == 0 ) return "Unknown error";
std::strncpy( buffer, m, len - 1 );
buffer[ len-1 ] = 0;
return buffer;
}
Reported by FlawFinder.
src/third_party/boost/libs/locale/src/win32/api.hpp
3 issues
Line: 113
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const int de_size = 4;
static const int gr_size = 10;
wchar_t th[th_size]={0};
wchar_t de[de_size]={0};
wchar_t gr[gr_size]={0};
if( GetLocaleInfoW(lcid,LOCALE_STHOUSAND,th,th_size)==0
|| GetLocaleInfoW(lcid,LOCALE_SDECIMAL ,de,de_size)==0
Reported by FlawFinder.
Line: 114
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const int gr_size = 10;
wchar_t th[th_size]={0};
wchar_t de[de_size]={0};
wchar_t gr[gr_size]={0};
if( GetLocaleInfoW(lcid,LOCALE_STHOUSAND,th,th_size)==0
|| GetLocaleInfoW(lcid,LOCALE_SDECIMAL ,de,de_size)==0
|| GetLocaleInfoW(lcid,LOCALE_SGROUPING,gr,gr_size)==0)
Reported by FlawFinder.
Line: 115
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wchar_t th[th_size]={0};
wchar_t de[de_size]={0};
wchar_t gr[gr_size]={0};
if( GetLocaleInfoW(lcid,LOCALE_STHOUSAND,th,th_size)==0
|| GetLocaleInfoW(lcid,LOCALE_SDECIMAL ,de,de_size)==0
|| GetLocaleInfoW(lcid,LOCALE_SGROUPING,gr,gr_size)==0)
{
Reported by FlawFinder.
src/third_party/boost/boost/regex/v5/regex_traits_defaults.hpp
3 issues
Line: 761
Column: 51
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
return true;
#else
return ((p2 - p1) == (r.p2 - r.p1)) && std::equal(p1, p2, r.p1);
#endif
}
};
template <class charT>
int get_default_class_id(const charT* p1, const charT* p2)
Reported by FlawFinder.
Line: 837
Column: 17
CWE codes:
126
template<>
inline std::ptrdiff_t global_length<char>(const char* p)
{
return (std::strlen)(p);
}
#ifndef BOOST_NO_WREGEX
template<>
inline std::ptrdiff_t global_length<wchar_t>(const wchar_t* p)
{
Reported by FlawFinder.
Line: 843
Column: 33
CWE codes:
126
template<>
inline std::ptrdiff_t global_length<wchar_t>(const wchar_t* p)
{
return (std::ptrdiff_t)(std::wcslen)(p);
}
#endif
template <class charT>
inline charT global_lower(charT c)
{
Reported by FlawFinder.
src/mongo/platform/atomic_word_test.cpp
3 issues
Line: 111
enum TestEnum { E0, E1, E2, E3 };
TEST(AtomicWordTests, BasicOperationsEnum) {
MONGO_STATIC_ASSERT(sizeof(AtomicWord<TestEnum>) == sizeof(TestEnum));
AtomicWord<TestEnum> w;
ASSERT_EQUALS(E0, w.load());
ASSERT_EQUALS(E0, testAtomicWordCompareAndSwap(w, E0, E1));
ASSERT_EQUALS(E1, w.load());
Reported by Cppcheck.
Line: 204
Column: 24
CWE codes:
126
static constexpr size_t kLength = 6;
Chars(const char* chars = "") {
invariant(std::strlen(chars) < kLength);
std::strncpy(_storage.data(), chars, sizeof(_storage));
}
std::array<char, 6> _storage = {};
Reported by FlawFinder.
Line: 205
Column: 14
CWE codes:
120
Chars(const char* chars = "") {
invariant(std::strlen(chars) < kLength);
std::strncpy(_storage.data(), chars, sizeof(_storage));
}
std::array<char, 6> _storage = {};
friend bool operator==(const Chars& lhs, const Chars& rhs) {
Reported by FlawFinder.
src/third_party/boost/boost/regex/v5/cpp_regex_traits.hpp
3 issues
Line: 254
Column: 32
CWE codes:
362
std::string cat_name(cpp_regex_traits<charT>::get_catalog_name());
if((!cat_name.empty()) && (this->m_pmessages != 0))
{
cat = this->m_pmessages->open(
cat_name,
this->m_locale);
if((int)cat < 0)
{
std::string m("Unable to open message catalog: ");
Reported by FlawFinder.
Line: 611
Column: 32
CWE codes:
362
std::string cat_name(cpp_regex_traits<charT>::get_catalog_name());
if((!cat_name.empty()) && (this->m_pmessages != 0))
{
cat = this->m_pmessages->open(
cat_name,
this->m_locale);
if((int)cat < 0)
{
std::string m("Unable to open message catalog: ");
Reported by FlawFinder.
Line: 966
Column: 35
CWE codes:
362
std::string cat_name(cpp_regex_traits<char>::get_catalog_name());
if ((!cat_name.empty()) && (m_pmessages != 0))
{
cat = this->m_pmessages->open(
cat_name,
this->m_locale);
if ((int)cat < 0)
{
std::string m("Unable to open message catalog: ");
Reported by FlawFinder.
src/mongo/logv2/console.cpp
3 issues
Line: 164
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// convert multi-byte buffer to wide characters and output using WriteConsoleW
wchar_t bufferWide[_bufferSize];
int length = MultiByteToWideChar(CP_UTF8, 0, _buffer, n, bufferWide, _bufferSize);
const wchar_t* unwrittenBegin = bufferWide;
int unwrittenCount = length; // m holds number of unwritten wide characters in buffer
while (unwrittenCount > 0) {
Reported by FlawFinder.
Line: 165
Column: 22
CWE codes:
120
// convert multi-byte buffer to wide characters and output using WriteConsoleW
wchar_t bufferWide[_bufferSize];
int length = MultiByteToWideChar(CP_UTF8, 0, _buffer, n, bufferWide, _bufferSize);
const wchar_t* unwrittenBegin = bufferWide;
int unwrittenCount = length; // m holds number of unwritten wide characters in buffer
while (unwrittenCount > 0) {
DWORD written;
Reported by FlawFinder.
Line: 191
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
HANDLE _consoleHandle;
char _buffer[_bufferSize];
};
// 0x0 - 0xb - invalid start of multi-byte sequence`
const int ConsoleStreamBuffer::_bitsToSequenceLength[] = {
Reported by FlawFinder.
src/third_party/boost/boost/regex/v4/cpp_regex_traits.hpp
3 issues
Line: 286
Column: 32
CWE codes:
362
std::string cat_name(cpp_regex_traits<charT>::get_catalog_name());
if((!cat_name.empty()) && (this->m_pmessages != 0))
{
cat = this->m_pmessages->open(
cat_name,
this->m_locale);
if((int)cat < 0)
{
std::string m("Unable to open message catalog: ");
Reported by FlawFinder.
Line: 714
Column: 32
CWE codes:
362
std::string cat_name(cpp_regex_traits<charT>::get_catalog_name());
if((!cat_name.empty()) && (this->m_pmessages != 0))
{
cat = this->m_pmessages->open(
cat_name,
this->m_locale);
if((int)cat < 0)
{
std::string m("Unable to open message catalog: ");
Reported by FlawFinder.
Line: 1148
Column: 35
CWE codes:
362
std::string cat_name(cpp_regex_traits<char>::get_catalog_name());
if ((!cat_name.empty()) && (m_pmessages != 0))
{
cat = this->m_pmessages->open(
cat_name,
this->m_locale);
if ((int)cat < 0)
{
std::string m("Unable to open message catalog: ");
Reported by FlawFinder.
src/third_party/boost/boost/random/variate_generator.hpp
3 issues
Line: 26
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
/// \cond hide_private_members
namespace random {
///\endcond
/**
* A random variate generator is used to join a random number
Reported by FlawFinder.
Line: 54
Column: 20
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
class variate_generator
{
private:
typedef boost::random::detail::ptr_helper<Engine> helper_type;
public:
typedef typename helper_type::value_type engine_value_type;
typedef Engine engine_type;
typedef Distribution distribution_type;
typedef typename Distribution::result_type result_type;
Reported by FlawFinder.
Line: 116
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::variate_generator;
} // namespace boost
#include <boost/random/detail/enable_warnings.hpp>
Reported by FlawFinder.
src/third_party/boost/boost/random/triangle_distribution.hpp
3 issues
Line: 30
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/uniform_01.hpp>
namespace boost {
namespace random {
/**
* Instantiations of @c triangle_distribution model a \random_distribution.
* A @c triangle_distribution has three parameters, @c a, @c b, and @c c,
* which are the smallest, the most probable and the largest values of
Reported by FlawFinder.
Line: 84
Column: 24
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
parm._b = b_in;
parm._c = c_in;
} else {
is.setstate(std::ios_base::failbit);
}
}
return is;
}
Reported by FlawFinder.
Line: 228
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::triangle_distribution;
} // namespace boost
#endif // BOOST_RANDOM_TRIANGLE_DISTRIBUTION_HPP
Reported by FlawFinder.