Codekhana

src/third_party/boost/boost/archive/basic_archive.hpp

1 issues

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)

Security

Line: 195 Column: 21 CWE codes: 126

                      return t;
    }
    std::size_t size() const {
        return std::strlen(t);
    }
    explicit class_name_type(const char *key_)
    : t(const_cast<char *>(key_)){}
    explicit class_name_type(char *key_)
    : t(key_){}

Reported by FlawFinder.

src/third_party/boost/boost/archive/detail/iserializer.hpp

1 issues

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition

Security

Line: 124 Column: 31 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              {
private:
    void destroy(/*const*/ void *address) const BOOST_OVERRIDE {
        boost::serialization::access::destroy(static_cast<T *>(address));
    }
public:
    explicit iserializer() :
        basic_iserializer(
            boost::serialization::singleton<

Reported by FlawFinder.

src/third_party/boost/boost/archive/iterators/escape.hpp

1 issues

equal - Function does not check the second iterator for over-read conditions

Security

Line: 68 Column: 10 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it

                      return m_current_value;
    }

    bool equal(const this_t & rhs) const {
        if(m_full){
            if(! rhs.m_full)
                const_cast<this_t *>(& rhs)->dereference_impl();
        }
        else{

Reported by FlawFinder.

src/third_party/boost/boost/archive/iterators/istream_iterator.hpp

1 issues

equal - Function does not check the second iterator for over-read conditions

Security

Line: 52 Column: 10 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it

                  > super_t;
    typedef typename std::basic_istream<Elem> istream_type;

    bool equal(const this_t & rhs) const {
        // note: only  works for comparison against end of stream
        return m_istream == rhs.m_istream;
    }

    //Access the value referred to

Reported by FlawFinder.

src/third_party/boost/boost/archive/iterators/ostream_iterator.hpp

1 issues

equal - Function does not check the second iterator for over-read conditions

Security

Line: 50 Column: 10 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it

                  ostream_iterator & dereference() const {
        return const_cast<ostream_iterator &>(*this);
    }
    bool equal(const this_t & rhs) const {
        return m_ostream == rhs.m_ostream;
    }
    void increment(){}
protected:
    ostream_type *m_ostream;

Reported by FlawFinder.

src/third_party/boost/boost/archive/iterators/transform_width.hpp

1 issues

equal - Function does not check the second iterator for over-read conditions

Security

Line: 88 Column: 10 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it

                  }

    // standard iterator interface
    bool equal(const this_t & rhs) const {
        return const_cast<this_t *>(this)->equal_impl(rhs);
    }

    void increment(){
        m_buffer_out_full = false;

Reported by FlawFinder.

src/third_party/boost/boost/archive/iterators/wchar_from_mb.hpp

1 issues

equal - Function does not check the second iterator for over-read conditions

Security

Line: 88 Column: 10 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it

                      }
    }

    bool equal(this_t const & rhs) const {
        return dereference() == rhs.dereference();
    }

    boost::archive::detail::utf8_codecvt_facet m_codecvt_facet;
    std::mbstate_t m_mbs;

Reported by FlawFinder.

src/third_party/boost/boost/array.hpp

1 issues

equal - Function does not check the second iterator for over-read conditions

Security

Line: 324 Column: 21 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it

                  // comparisons
    template<class T, std::size_t N>
    bool operator== (const array<T,N>& x, const array<T,N>& y) {
        return std::equal(x.begin(), x.end(), y.begin());
    }
    template<class T, std::size_t N>
    bool operator< (const array<T,N>& x, const array<T,N>& y) {
        return std::lexicographical_compare(x.begin(),x.end(),y.begin(),y.end());
    }

Reported by FlawFinder.

src/third_party/boost/boost/asio/basic_socket_streambuf.hpp

1 issues

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 619 Column: 16 CWE codes: 362

                    // Close and reopen the socket.
      typename Protocol::endpoint ep(*i);
      socket().close(ec_);
      socket().open(ep.protocol(), ec_);
      if (ec_)
        continue;

      // Try to complete the operation without blocking.
      if (!socket().native_non_blocking())

Reported by FlawFinder.

src/third_party/boost/boost/asio/buffer.hpp

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 2182 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                std::size_t source_size = source.size();
  std::size_t n = target_size < source_size ? target_size : source_size;
  if (n > 0)
    memcpy(target.data(), source.data(), n);
  return n;
}

template <typename TargetIterator, typename SourceIterator>
inline std::size_t buffer_copy(one_buffer, one_buffer,

Reported by FlawFinder.

Modal title

The following issues were found

src/third_party/boost/boost/archive/basic_archive.hpp

1 issues

src/third_party/boost/boost/archive/detail/iserializer.hpp

1 issues

src/third_party/boost/boost/archive/iterators/escape.hpp

1 issues

src/third_party/boost/boost/archive/iterators/istream_iterator.hpp

1 issues

src/third_party/boost/boost/archive/iterators/ostream_iterator.hpp

1 issues

src/third_party/boost/boost/archive/iterators/transform_width.hpp

1 issues

src/third_party/boost/boost/archive/iterators/wchar_from_mb.hpp

1 issues

src/third_party/boost/boost/array.hpp

1 issues

src/third_party/boost/boost/asio/basic_socket_streambuf.hpp

1 issues

src/third_party/boost/boost/asio/buffer.hpp

1 issues