The following issues were found
src/secp256k1/src/bench.h
2 issues
Line: 125
Column: 17
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
}
int get_iters(int default_iters) {
char* env = getenv("SECP256K1_BENCH_ITERS");
if (env) {
return strtol(env, NULL, 0);
} else {
return default_iters;
}
Reported by FlawFinder.
Line: 29
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int64_t x_abs, y;
int c, i, rounding;
size_t ptr;
char buffer[30];
if (x == INT64_MIN) {
/* Prevent UB. */
printf("ERR");
return;
Reported by FlawFinder.
src/test/fuzz/buffered_file.cpp
2 issues
Line: 22
Column: 46
CWE codes:
362
FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
FuzzedFileProvider fuzzed_file_provider = ConsumeFile(fuzzed_data_provider);
std::optional<CBufferedFile> opt_buffered_file;
FILE* fuzzed_file = fuzzed_file_provider.open();
try {
opt_buffered_file.emplace(fuzzed_file, fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(0, 4096), fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(0, 4096), fuzzed_data_provider.ConsumeIntegral<int>(), fuzzed_data_provider.ConsumeIntegral<int>());
} catch (const std::ios_base::failure&) {
if (fuzzed_file != nullptr) {
fclose(fuzzed_file);
Reported by FlawFinder.
Line: 38
Column: 44
CWE codes:
120
20
[&] {
std::array<uint8_t, 4096> arr{};
try {
opt_buffered_file->read((char*)arr.data(), fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096));
} catch (const std::ios_base::failure&) {
}
},
[&] {
opt_buffered_file->SetLimit(fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(0, 4096));
Reported by FlawFinder.
test/functional/rpc_invalidateblock.py
2 issues
Line: 14
Column: 1
)
class InvalidateTest(BitcoinTestFramework):
def set_test_params(self):
self.setup_clean_chain = True
self.num_nodes = 3
def setup_network(self):
Reported by Pylint.
Line: 22
Column: 5
def setup_network(self):
self.setup_nodes()
def run_test(self):
self.log.info("Make sure we repopulate setBlockIndexCandidates after InvalidateBlock:")
self.log.info("Mine 4 blocks on Node 0")
self.nodes[0].generatetoaddress(4, self.nodes[0].get_deterministic_priv_key().address)
assert_equal(self.nodes[0].getblockcount(), 4)
besthash_n0 = self.nodes[0].getbestblockhash()
Reported by Pylint.
src/test/fuzz/autofile.cpp
2 issues
Line: 21
Column: 53
CWE codes:
362
{
FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
FuzzedAutoFileProvider fuzzed_auto_file_provider = ConsumeAutoFile(fuzzed_data_provider);
CAutoFile auto_file = fuzzed_auto_file_provider.open();
while (fuzzed_data_provider.ConsumeBool()) {
CallOneOf(
fuzzed_data_provider,
[&] {
std::array<uint8_t, 4096> arr{};
Reported by FlawFinder.
Line: 28
Column: 31
CWE codes:
120
20
[&] {
std::array<uint8_t, 4096> arr{};
try {
auto_file.read((char*)arr.data(), fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, 4096));
} catch (const std::ios_base::failure&) {
}
},
[&] {
const std::array<uint8_t, 4096> arr{};
Reported by FlawFinder.
src/test/validation_chainstatemanager_tests.cpp
2 issues
Line: 182
Column: 29
CWE codes:
362
int height;
WITH_LOCK(::cs_main, height = node.chainman->ActiveHeight());
fs::path snapshot_path = root / tfm::format("test_snapshot.%d.dat", height);
FILE* outfile{fsbridge::fopen(snapshot_path, "wb")};
CAutoFile auto_outfile{outfile, SER_DISK, CLIENT_VERSION};
UniValue result = CreateUTXOSnapshot(node, node.chainman->ActiveChainstate(), auto_outfile);
BOOST_TEST_MESSAGE(
"Wrote UTXO snapshot to " << snapshot_path.make_preferred().string() << ": " << result.write());
Reported by FlawFinder.
Line: 191
Column: 28
CWE codes:
362
// Read the written snapshot in and then activate it.
//
FILE* infile{fsbridge::fopen(snapshot_path, "rb")};
CAutoFile auto_infile{infile, SER_DISK, CLIENT_VERSION};
SnapshotMetadata metadata;
auto_infile >> metadata;
malleation(auto_infile, metadata);
Reported by FlawFinder.
test/functional/p2p_getdata.py
2 issues
Line: 16
Column: 1
from test_framework.test_framework import BitcoinTestFramework
class P2PStoreBlock(P2PInterface):
def __init__(self):
super().__init__()
self.blocks = defaultdict(int)
def on_block(self, message):
Reported by Pylint.
Line: 26
Column: 1
self.blocks[message.block.sha256] += 1
class GetdataTest(BitcoinTestFramework):
def set_test_params(self):
self.num_nodes = 1
def run_test(self):
p2p_block_store = self.nodes[0].add_p2p_connection(P2PStoreBlock())
Reported by Pylint.
src/leveldb/util/crc32c_test.cc
2 issues
Line: 13
class CRC {};
TEST(CRC, StandardResults) {
// From rfc3720 section B.4.
char buf[32];
memset(buf, 0, sizeof(buf));
ASSERT_EQ(0x8a9136aa, Value(buf, sizeof(buf)));
Reported by Cppcheck.
Line: 15
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TEST(CRC, StandardResults) {
// From rfc3720 section B.4.
char buf[32];
memset(buf, 0, sizeof(buf));
ASSERT_EQ(0x8a9136aa, Value(buf, sizeof(buf)));
memset(buf, 0xff, sizeof(buf));
Reported by FlawFinder.
src/secp256k1/include/secp256k1_extrakeys.h
2 issues
Line: 23
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* compare keys, use secp256k1_xonly_pubkey_cmp.
*/
typedef struct {
unsigned char data[64];
} secp256k1_xonly_pubkey;
/** Opaque data structure that holds a keypair consisting of a secret and a
* public key.
*
Reported by FlawFinder.
Line: 34
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* however guaranteed to be 96 bytes in size, and can be safely copied/moved.
*/
typedef struct {
unsigned char data[96];
} secp256k1_keypair;
/** Parse a 32-byte sequence into a xonly_pubkey object.
*
* Returns: 1 if the public key was fully valid.
Reported by FlawFinder.
src/secp256k1/include/secp256k1.h
2 issues
Line: 71
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* compare keys, use secp256k1_ec_pubkey_cmp.
*/
typedef struct {
unsigned char data[64];
} secp256k1_pubkey;
/** Opaque data structured that holds a parsed ECDSA signature.
*
* The exact representation of data inside is implementation defined and not
Reported by FlawFinder.
Line: 84
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* secp256k1_ecdsa_signature_parse_* functions.
*/
typedef struct {
unsigned char data[64];
} secp256k1_ecdsa_signature;
/** A pointer to a function to deterministically generate a nonce.
*
* Returns: 1 if a nonce was successfully generated. 0 will cause signing to fail.
Reported by FlawFinder.
src/chainparams.cpp
2 issues
Line: 354
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
CHashWriter h(SER_DISK, 0);
h << consensus.signet_challenge;
uint256 hash = h.GetHash();
memcpy(pchMessageStart, hash.begin(), 4);
nDefaultPort = 38333;
nPruneAfterHeight = 1000;
genesis = CreateGenesisBlock(1598918400, 52613770, 0x1e0377ae, 1, 50 * COIN);
Reported by FlawFinder.
Line: 25
Column: 173
CWE codes:
126
txNew.nVersion = 1;
txNew.vin.resize(1);
txNew.vout.resize(1);
txNew.vin[0].scriptSig = CScript() << 486604799 << CScriptNum(4) << std::vector<unsigned char>((const unsigned char*)pszTimestamp, (const unsigned char*)pszTimestamp + strlen(pszTimestamp));
txNew.vout[0].nValue = genesisReward;
txNew.vout[0].scriptPubKey = genesisOutputScript;
CBlock genesis;
genesis.nTime = nTime;
Reported by FlawFinder.