The following issues were found
src/mapport.cpp
2 issues
Line: 158
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char * multicastif = nullptr;
const char * minissdpdpath = nullptr;
struct UPNPDev * devlist = nullptr;
char lanaddr[64];
int error = 0;
#if MINIUPNPC_API_VERSION < 14
devlist = upnpDiscover(2000, multicastif, minissdpdpath, 0, 0, &error);
#else
Reported by FlawFinder.
Line: 175
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (r == 1)
{
if (fDiscover) {
char externalIPAddress[40];
r = UPNP_GetExternalIPAddress(urls.controlURL, data.first.servicetype, externalIPAddress);
if (r != UPNPCOMMAND_SUCCESS) {
LogPrintf("UPnP: GetExternalIPAddress() returned %d\n", r);
} else {
if (externalIPAddress[0]) {
Reported by FlawFinder.
src/crypto/ripemd160.h
2 issues
Line: 16
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
private:
uint32_t s[5];
unsigned char buf[64];
uint64_t bytes;
public:
static const size_t OUTPUT_SIZE = 20;
Reported by FlawFinder.
Line: 24
Column: 28
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
CRIPEMD160();
CRIPEMD160& Write(const unsigned char* data, size_t len);
void Finalize(unsigned char hash[OUTPUT_SIZE]);
CRIPEMD160& Reset();
};
#endif // BITCOIN_CRYPTO_RIPEMD160_H
Reported by FlawFinder.
src/wallet/test/coinselector_tests.cpp
2 issues
Line: 19
#include <boost/test/unit_test.hpp>
#include <random>
BOOST_FIXTURE_TEST_SUITE(coinselector_tests, WalletTestingSetup)
// how many times to run all the tests to have a chance to catch errors that only show up with particular random shuffles
#define RUN_TESTS 100
// some tests fail 1% of the time due to bad luck.
Reported by Cppcheck.
Line: 102
Column: 59
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
static bool equal_sets(CoinSet a, CoinSet b)
{
std::pair<CoinSet::iterator, CoinSet::iterator> ret = mismatch(a.begin(), a.end(), b.begin());
return ret.first == a.end() && ret.second == b.end();
}
static CAmount make_hard_case(int utxos, std::vector<CInputCoin>& utxo_pool)
{
Reported by FlawFinder.
src/leveldb/helpers/memenv/memenv.cc
2 issues
Line: 97
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (avail > bytes_to_copy) {
avail = bytes_to_copy;
}
memcpy(dst, blocks_[block] + block_offset, avail);
bytes_to_copy -= avail;
dst += avail;
block++;
block_offset = 0;
Reported by FlawFinder.
Line: 130
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (avail > src_len) {
avail = src_len;
}
memcpy(blocks_.back() + offset, src, avail);
src_len -= avail;
src += avail;
size_ += avail;
}
Reported by FlawFinder.
src/wallet/rpcdump.cpp
2 issues
Line: 552
Column: 14
CWE codes:
362
EnsureWalletIsUnlocked(*pwallet);
fsbridge::ifstream file;
file.open(request.params[0].get_str(), std::ios::in | std::ios::ate);
if (!file.is_open()) {
throw JSONRPCError(RPC_INVALID_PARAMETER, "Cannot open wallet dump file");
}
CHECK_NONFATAL(pwallet->chain().findBlock(pwallet->GetLastBlockHash(), FoundBlock().time(nTimeBegin)));
Reported by FlawFinder.
Line: 760
Column: 10
CWE codes:
362
}
fsbridge::ofstream file;
file.open(filepath);
if (!file.is_open())
throw JSONRPCError(RPC_INVALID_PARAMETER, "Cannot open wallet dump file");
std::map<CKeyID, int64_t> mapKeyBirth;
wallet.GetKeyBirthTimes(mapKeyBirth);
Reported by FlawFinder.
src/validation.h
2 issues
Line: 1044
Column: 86
CWE codes:
362
using FopenFn = std::function<FILE*(const fs::path&, const char*)>;
/** Dump the mempool to disk. */
bool DumpMempool(const CTxMemPool& pool, FopenFn mockable_fopen_function = fsbridge::fopen, bool skip_file_commit = false);
/** Load the mempool from disk. */
bool LoadMempool(CTxMemPool& pool, CChainState& active_chainstate, FopenFn mockable_fopen_function = fsbridge::fopen);
/**
Reported by FlawFinder.
Line: 1047
Column: 112
CWE codes:
362
bool DumpMempool(const CTxMemPool& pool, FopenFn mockable_fopen_function = fsbridge::fopen, bool skip_file_commit = false);
/** Load the mempool from disk. */
bool LoadMempool(CTxMemPool& pool, CChainState& active_chainstate, FopenFn mockable_fopen_function = fsbridge::fopen);
/**
* Return the expected assumeutxo value for a given height, if one exists.
*
* @param[in] height Get the assumeutxo value for this height.
Reported by FlawFinder.
src/test/fuzz/policy_estimator_io.cpp
1 issues
Line: 23
Column: 60
CWE codes:
362
{
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
FuzzedAutoFileProvider fuzzed_auto_file_provider = ConsumeAutoFile(fuzzed_data_provider);
CAutoFile fuzzed_auto_file = fuzzed_auto_file_provider.open();
// Re-using block_policy_estimator across runs to avoid costly creation of CBlockPolicyEstimator object.
static CBlockPolicyEstimator block_policy_estimator;
if (block_policy_estimator.Read(fuzzed_auto_file)) {
block_policy_estimator.Write(fuzzed_auto_file);
}
Reported by FlawFinder.
src/qt/rpcconsole.cpp
1 issues
Line: 253
Column: 61
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
for(char argch: curarg)
if (!IsDigit(argch))
throw std::runtime_error("Invalid result query");
subelement = lastResult[atoi(curarg.c_str())];
}
else if (lastResult.isObject())
subelement = find_value(lastResult, curarg);
else
throw std::runtime_error("Invalid result query"); //no array or object: abort
Reported by FlawFinder.
src/test/fuzz/policy_estimator.cpp
1 issues
Line: 73
Column: 64
CWE codes:
362
}
{
FuzzedAutoFileProvider fuzzed_auto_file_provider = ConsumeAutoFile(fuzzed_data_provider);
CAutoFile fuzzed_auto_file = fuzzed_auto_file_provider.open();
block_policy_estimator.Write(fuzzed_auto_file);
block_policy_estimator.Read(fuzzed_auto_file);
}
}
Reported by FlawFinder.
src/test/fuzz/parse_numbers.cpp
1 issues
Line: 29
Column: 11
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
int32_t i32;
(void)ParseInt32(random_string, &i32);
(void)atoi(random_string);
uint32_t u32;
(void)ParseUInt32(random_string, &u32);
int64_t i64;
Reported by FlawFinder.