The following issues were found
src/third_party/boost/boost/range/as_literal.hpp
2 issues
Line: 39
Column: 20
CWE codes:
126
{
inline std::size_t length( const char* s )
{
return strlen( s );
}
#ifndef BOOST_NO_CXX11_CHAR16_T
inline std::size_t length( const char16_t* s )
{
Reported by FlawFinder.
Line: 59
Column: 20
CWE codes:
126
#ifndef BOOST_NO_CWCHAR
inline std::size_t length( const wchar_t* s )
{
return wcslen( s );
}
#endif
//
// Remark: the compiler cannot choose between T* and T[sz]
Reported by FlawFinder.
src/third_party/boost/boost/random/cauchy_distribution.hpp
2 issues
Line: 28
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/uniform_01.hpp>
namespace boost {
namespace random {
// Cauchy distribution:
/**
* The cauchy distribution is a continuous distribution with two
Reported by FlawFinder.
Line: 210
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::cauchy_distribution;
} // namespace boost
#endif // BOOST_RANDOM_CAUCHY_DISTRIBUTION_HPP
Reported by FlawFinder.
src/third_party/s2/s2loop.cc
2 issues
Line: 95
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
vertices_ = new S2Point[num_vertices_];
// mongodb: void* casts to silence a -Wclass-memaccess warning.
memcpy(static_cast<void*>(vertices_), static_cast<const void*>(&vertices[0]),
num_vertices_ * sizeof(vertices_[0]));
}
owns_vertices_ = true;
bound_ = S2LatLngRect::Full();
Reported by FlawFinder.
Line: 269
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
index_(this),
num_find_vertex_calls_(0) {
// mongodb: void* casts to silence a -Wclass-memaccess warning.
memcpy(static_cast<void*>(vertices_), static_cast<const void*>(src->vertices_),
num_vertices_ * sizeof(vertices_[0]));
}
S2Loop* S2Loop::Clone() const {
return new S2Loop(this);
Reported by FlawFinder.
src/third_party/gperftools/dist/src/windows/port.cc
2 issues
Line: 245
Column: 31
CWE codes:
126
WIN32_FIND_DATAA found; // that final A is for Ansi (as opposed to Unicode)
HANDLE hFind = FindFirstFileA(full_glob, &found); // A is for Ansi
if (hFind != INVALID_HANDLE_VALUE) {
const int prefix_length = strlen(prefix);
do {
const char *fname = found.cFileName;
if ((strlen(fname) >= prefix_length) &&
(memcmp(fname, prefix, prefix_length) == 0)) {
RAW_VLOG(0, "Removing old heap profile %s\n", fname);
Reported by FlawFinder.
Line: 248
Column: 12
CWE codes:
126
const int prefix_length = strlen(prefix);
do {
const char *fname = found.cFileName;
if ((strlen(fname) >= prefix_length) &&
(memcmp(fname, prefix, prefix_length) == 0)) {
RAW_VLOG(0, "Removing old heap profile %s\n", fname);
// TODO(csilvers): we really need to unlink dirname + fname
_unlink(fname);
}
Reported by FlawFinder.
src/third_party/s2/s2polygonbuilder_test.cc
2 issues
Line: 548
return true;
}
TEST(S2PolygonBuilder, AssembleLoops) {
for (int i = 0; i < arraysize(test_cases); ++i) {
SCOPED_TRACE(StringPrintf("Test case %d", i));
EXPECT_TRUE(TestBuilder(&test_cases[i]));
}
}
Reported by Cppcheck.
Line: 49
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
Chain chains_in[20];
// Each test case consists of a set of input loops and polylines.
char const* loops_out[10];
// The expected set of output loops, directed appropriately.
int num_unused_edges;
// The expected number of unused edges.
};
Reported by FlawFinder.
src/third_party/s2/s2polyline.cc
2 issues
Line: 55
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// Check (num_vertices_ > 0) to avoid invalid reference to vertices[0].
if (num_vertices_ > 0) {
// mongodb: void* casts to silence a -Wclass-memaccess warning.
memcpy(static_cast<void*>(vertices_), static_cast<const void*>(&vertices[0]),
num_vertices_ * sizeof(vertices_[0]));
}
}
void S2Polyline::Init(vector<S2LatLng> const& vertices) {
Reported by FlawFinder.
Line: 106
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
: num_vertices_(src->num_vertices_),
vertices_(new S2Point[num_vertices_]) {
// mongodb: void* casts to silence a -Wclass-memaccess warning.
memcpy(static_cast<void*>(vertices_), static_cast<const void*>(src->vertices_),
num_vertices_ * sizeof(vertices_[0]));
}
S2Polyline* S2Polyline::Clone() const {
return new S2Polyline(this);
Reported by FlawFinder.
src/third_party/wiredtiger/test/thread/file.c
2 issues
Line: 36
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
WT_SESSION *session;
int ret;
char config[128];
testutil_check(conn->open_session(conn, NULL, NULL, &session));
testutil_check(__wt_snprintf(config, sizeof(config),
"key_format=%s,internal_page_max=%d,leaf_page_max=%d,%s", ftype == ROW ? "u" : "r", 16 * 1024,
Reported by FlawFinder.
Line: 59
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
WT_SESSION *session;
size_t len;
uint64_t keyno;
char keybuf[64], valuebuf[64];
file_create(name);
testutil_check(conn->open_session(conn, NULL, NULL, &session));
Reported by FlawFinder.
src/third_party/zstandard-1.4.4/zstd/lib/common/debug.h
2 issues
Line: 117
Column: 21
CWE codes:
134
Suggestion:
Use a constant for the format specification
# define RAWLOG(l, ...) { \
if (l<=g_debuglevel) { \
fprintf(stderr, __VA_ARGS__); \
} }
# define DEBUGLOG(l, ...) { \
if (l<=g_debuglevel) { \
fprintf(stderr, __FILE__ ": " __VA_ARGS__); \
fprintf(stderr, " \n"); \
Reported by FlawFinder.
Line: 121
Column: 21
CWE codes:
134
Suggestion:
Use a constant for the format specification
} }
# define DEBUGLOG(l, ...) { \
if (l<=g_debuglevel) { \
fprintf(stderr, __FILE__ ": " __VA_ARGS__); \
fprintf(stderr, " \n"); \
} }
#else
# define RAWLOG(l, ...) {} /* disabled */
# define DEBUGLOG(l, ...) {} /* disabled */
Reported by FlawFinder.
src/third_party/zstandard-1.4.4/zstd/lib/common/entropy_common.c
2 issues
Line: 77
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (hbSize < 4) {
/* This function only works when hbSize >= 4 */
char buffer[4];
memset(buffer, 0, sizeof(buffer));
memcpy(buffer, headerBuffer, hbSize);
{ size_t const countSize = FSE_readNCount(normalizedCounter, maxSVPtr, tableLogPtr,
buffer, sizeof(buffer));
if (FSE_isError(countSize)) return countSize;
Reported by FlawFinder.
Line: 79
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* This function only works when hbSize >= 4 */
char buffer[4];
memset(buffer, 0, sizeof(buffer));
memcpy(buffer, headerBuffer, hbSize);
{ size_t const countSize = FSE_readNCount(normalizedCounter, maxSVPtr, tableLogPtr,
buffer, sizeof(buffer));
if (FSE_isError(countSize)) return countSize;
if (countSize > hbSize) return ERROR(corruption_detected);
return countSize;
Reported by FlawFinder.
src/third_party/zstandard-1.4.4/zstd/lib/common/xxhash.h
2 issues
Line: 246
Column: 27
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* These functions allow transformation of hash result into and from its canonical format.
* This way, hash values can be written into a file / memory, and remain comparable on different systems and programs.
*/
typedef struct { unsigned char digest[4]; } XXH32_canonical_t;
typedef struct { unsigned char digest[8]; } XXH64_canonical_t;
XXH_PUBLIC_API void XXH32_canonicalFromHash(XXH32_canonical_t* dst, XXH32_hash_t hash);
XXH_PUBLIC_API void XXH64_canonicalFromHash(XXH64_canonical_t* dst, XXH64_hash_t hash);
Reported by FlawFinder.
Line: 247
Column: 27
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* This way, hash values can be written into a file / memory, and remain comparable on different systems and programs.
*/
typedef struct { unsigned char digest[4]; } XXH32_canonical_t;
typedef struct { unsigned char digest[8]; } XXH64_canonical_t;
XXH_PUBLIC_API void XXH32_canonicalFromHash(XXH32_canonical_t* dst, XXH32_hash_t hash);
XXH_PUBLIC_API void XXH64_canonicalFromHash(XXH64_canonical_t* dst, XXH64_hash_t hash);
XXH_PUBLIC_API XXH32_hash_t XXH32_hashFromCanonical(const XXH32_canonical_t* src);
Reported by FlawFinder.