The following issues were found
src/mongo/platform/random.cpp
2 issues
Line: 167
Column: 25
CWE codes:
362
// http://lkml.iu.edu//hypermail/linux/kernel/0412.1/0181.html
static const int fd = [] {
int f;
while ((f = open(kFn, 0)) == -1) {
if (errno == EINTR) {
continue;
} else {
auto errSave = errno;
LOGV2_ERROR(23825,
Reported by FlawFinder.
Line: 142
Column: 25
CWE codes:
120
20
size_t i = 0;
while (i < n) {
ssize_t r;
while ((r = read(sharedFd(), buf + i, n - i)) == -1) {
if (errno == EINTR) {
continue;
} else {
auto errSave = errno;
LOGV2_ERROR(23824,
Reported by FlawFinder.
src/mongo/util/exception_filter_win32.cpp
2 issues
Line: 137
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
} // namespace
LONG WINAPI exceptionFilter(struct _EXCEPTION_POINTERS* excPointers) {
char exceptionString[128];
sprintf_s(exceptionString,
sizeof(exceptionString),
(excPointers->ExceptionRecord->ExceptionCode == EXCEPTION_ACCESS_VIOLATION)
? "(access violation)"
: "0x%08X",
Reported by FlawFinder.
Line: 144
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
? "(access violation)"
: "0x%08X",
excPointers->ExceptionRecord->ExceptionCode);
char addressString[32];
sprintf_s(addressString,
sizeof(addressString),
"0x%p",
excPointers->ExceptionRecord->ExceptionAddress);
LOGV2_FATAL_CONTINUE(
Reported by FlawFinder.
src/mongo/dbtests/shared_buffer_test.cpp
2 issues
Line: 54
ASSERT_EQ(buf.capacity(), 10u);
}
TEST_F(SharedBufferTest, ReallocOrCopyNullShared) {
// null SharedBuffers are never considered "shared", even when copied.
SharedBuffer buf;
const SharedBuffer sharer = buf;
ASSERT_EQ(buf.capacity(), 0u);
ASSERT(!buf);
Reported by Cppcheck.
Line: 70
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SharedBuffer makeBuffer() {
SharedBuffer buf = SharedBuffer::allocate(4);
memcpy(buf.get(), "foo", 4);
return buf;
}
TEST_F(SharedBufferTest, ReallocOrCopyGrow) {
SharedBuffer buf = makeBuffer();
Reported by FlawFinder.
src/mongo/util/ntservice.cpp
2 issues
Line: 327
CWE codes:
587
LOGV2(23300,
"There is already a service witht the same name, retrying",
"serviceName"_attr = toUtf8String(serviceName),
"retrying"_attr = (retryCount > 0 ? true : false));
::CloseServiceHandle(schService);
// If we are reinstalling the service, but SCM thinks it is installed, then wait
// and try again
if (--retryCount > 0 && reinstall) {
Reported by Cppcheck.
Line: 300
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
std::vector<std::string> serviceArgv = constructServiceArgv(argv);
char exePath[1024];
GetModuleFileNameA(nullptr, exePath, sizeof exePath);
serviceArgv.at(0) = exePath;
std::string commandLine = constructUtf8WindowsCommandLine(serviceArgv);
Reported by FlawFinder.
src/mongo/db/commands/http_client.cpp
2 issues
Line: 49
Column: 27
CWE codes:
126
StringData host;
if (uri.startsWith("http://")) {
host = uri.substr(strlen("http://"));
} else if (uri.startsWith("https://")) {
host = uri.substr(strlen("https://"));
} else {
// Anything not http(s) is fail-closed to non-localhost.
return false;
Reported by FlawFinder.
Line: 51
Column: 27
CWE codes:
126
if (uri.startsWith("http://")) {
host = uri.substr(strlen("http://"));
} else if (uri.startsWith("https://")) {
host = uri.substr(strlen("https://"));
} else {
// Anything not http(s) is fail-closed to non-localhost.
return false;
}
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/base/raw_logging_test.cc
2 issues
Line: 38
ABSL_RAW_LOG(ERROR, "RAW ERROR: %d", 1);
}
TEST(RawLoggingCompilationTest, PassingCheck) {
ABSL_RAW_CHECK(true, "RAW CHECK");
}
// Not all platforms support output from raw log, so we don't verify any
// particular output for RAW check failures (expecting the empty string
Reported by Cppcheck.
Line: 66
Column: 33
CWE codes:
120
ABSL_INTERNAL_LOG(INFO, log_msg + " 2");
float d = 1.1f;
ABSL_INTERNAL_LOG(INFO, absl::StrCat("Internal log ", 3, " + ", d));
}
TEST(InternalLogDeathTest, FailingCheck) {
EXPECT_DEATH_IF_SUPPORTED(ABSL_INTERNAL_CHECK(1 == 0, "explanation"),
kExpectedDeathOutput);
Reported by FlawFinder.
src/mongo/executor/executor_stress_test_fixture.cpp
2 issues
Line: 207
Column: 38
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
int32_t ThreadPoolExecutorStressTestEngine::nextRandomInt32(int32_t max) {
static thread_local PseudoRandom random(SecureRandom().nextInt64());
return random.nextInt32(max);
}
} // namespace executor
Reported by FlawFinder.
Line: 208
Column: 12
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
int32_t ThreadPoolExecutorStressTestEngine::nextRandomInt32(int32_t max) {
static thread_local PseudoRandom random(SecureRandom().nextInt64());
return random.nextInt32(max);
}
} // namespace executor
} // namespace mongo
Reported by FlawFinder.
src/mongo/scripting/engine.cpp
2 issues
Line: 171
Column: 7
CWE codes:
362
}
File f;
f.open(filename.c_str(), true);
if (!f.is_open() || f.bad())
return false;
fileofs fo = f.len();
Reported by FlawFinder.
Line: 184
Column: 7
CWE codes:
120
20
unsigned len = static_cast<unsigned>(fo);
std::unique_ptr<char[]> data(new char[len + 1]);
data[len] = 0;
f.read(0, data.get(), len);
int offset = 0;
if (data[0] == '#' && data[1] == '!') {
const char* newline = strchr(data.get(), '\n');
if (!newline)
Reported by FlawFinder.
src/mongo/db/exec/sample_from_timeseries_bucket.h
2 issues
Line: 104
Column: 61
CWE codes:
120
20
*/
struct SampledMeasurementKeyHasher {
size_t operator()(const SampledMeasurementKey& s) const {
return absl::Hash<uint64_t>{}(s.bucketId.view().read<uint64_t>()) ^
absl::Hash<uint32_t>{}(s.bucketId.view().read<uint32_t>(8)) ^
absl::Hash<int32_t>{}(s.measurementIndex);
}
};
Reported by FlawFinder.
Line: 105
Column: 58
CWE codes:
120
20
struct SampledMeasurementKeyHasher {
size_t operator()(const SampledMeasurementKey& s) const {
return absl::Hash<uint64_t>{}(s.bucketId.view().read<uint64_t>()) ^
absl::Hash<uint32_t>{}(s.bucketId.view().read<uint32_t>(8)) ^
absl::Hash<int32_t>{}(s.measurementIndex);
}
};
// Tracks which measurements have been seen so far.
Reported by FlawFinder.
src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid128.c
2 issues
Line: 1403
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// bid_char_table2[] is used to convert n to string, where 10 <= n <= 99
unsigned char bid_char_table2[180] = {
'1', '0',
'1', '1',
'1', '2',
'1', '3',
'1', '4',
Reported by FlawFinder.
Line: 1498
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// bid_char_table3[] is used to convert n to string, where 000 <= n <= 999
unsigned char bid_char_table3[3000] = {
'0', '0', '0',
'0', '0', '1',
'0', '0', '2',
'0', '0', '3',
'0', '0', '4',
Reported by FlawFinder.