The following issues were found
src/test/fuzz/p2p_transport_serialization.cpp
1 issues
Line: 54
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (checksum_assist && mutable_msg_bytes.size() == CMessageHeader::CHECKSUM_OFFSET) {
CHash256 hasher;
unsigned char hsh[32];
hasher.Write(payload_bytes);
hasher.Finalize(hsh);
for (size_t i = 0; i < CMessageHeader::CHECKSUM_SIZE; ++i) {
mutable_msg_bytes.push_back(hsh[i]);
}
Reported by FlawFinder.
src/qt/csvmodelwriter.cpp
1 issues
Line: 52
Column: 14
CWE codes:
362
bool CSVModelWriter::write()
{
QFile file(filename);
if(!file.open(QIODevice::WriteOnly | QIODevice::Text))
return false;
QTextStream out(&file);
int numRows = 0;
if(model)
Reported by FlawFinder.
src/test/fuzz/load_external_block_file.cpp
1 issues
Line: 30
Column: 52
CWE codes:
362
{
FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
FuzzedFileProvider fuzzed_file_provider = ConsumeFile(fuzzed_data_provider);
FILE* fuzzed_block_file = fuzzed_file_provider.open();
if (fuzzed_block_file == nullptr) {
return;
}
FlatFilePos flat_file_pos;
g_setup->m_node.chainman->ActiveChainstate().LoadExternalBlockFile(fuzzed_block_file, fuzzed_data_provider.ConsumeBool() ? &flat_file_pos : nullptr);
Reported by FlawFinder.
src/test/fuzz/asmap.cpp
1 issues
Line: 55
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
assert(addr_size == ADDR_IPV4_SIZE);
in_addr ipv4;
memcpy(&ipv4, addr_data, addr_size);
net_addr.SetIP(CNetAddr{ipv4});
}
(void)net_addr.GetMappedAS(asmap);
}
Reported by FlawFinder.
src/init.cpp
1 issues
Line: 761
Column: 9
CWE codes:
732
#ifndef WIN32
if (!args.GetBoolArg("-sysperms", false)) {
umask(077);
}
// Clean shutdown on SIGTERM
registerSignalHandler(SIGTERM, HandleSIGTERM);
registerSignalHandler(SIGINT, HandleSIGTERM);
Reported by FlawFinder.
src/i2p.cpp
1 issues
Line: 90
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
CSHA256 hasher;
hasher.Write(dest.data(), dest.size());
unsigned char hash[CSHA256::OUTPUT_SIZE];
hasher.Finalize(hash);
CNetAddr addr;
const std::string addr_str = EncodeBase32(hash, false) + ".b32.i2p";
if (!addr.SetSpecial(addr_str)) {
Reported by FlawFinder.
src/test/fuzz/FuzzedDataProvider.h
1 issues
Line: 339
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// Private methods.
inline void FuzzedDataProvider::CopyAndAdvance(void *destination,
size_t num_bytes) {
std::memcpy(destination, data_ptr_, num_bytes);
Advance(num_bytes);
}
inline void FuzzedDataProvider::Advance(size_t num_bytes) {
if (num_bytes > remaining_bytes_)
Reported by FlawFinder.
src/test/dbwrapper_tests.cpp
1 issues
Line: 359
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
BOOST_AUTO_TEST_CASE(iterator_string_ordering)
{
char buf[10];
fs::path ph = m_args.GetDataDirBase() / "iterator_string_ordering";
CDBWrapper dbw(ph, (1 << 20), true, false, false);
for (int x=0x00; x<10; ++x) {
for (int y = 0; y < 10; y++) {
Reported by FlawFinder.
src/test/compress_tests.cpp
1 issues
Line: 25
// amounts 50 .. 21000000
#define NUM_MULTIPLES_50BTC 420000
BOOST_FIXTURE_TEST_SUITE(compress_tests, BasicTestingSetup)
bool static TestEncode(uint64_t in) {
return in == DecompressAmount(CompressAmount(in));
}
Reported by Cppcheck.
src/test/checkqueue_tests.cpp
1 issues
Line: 21
#include <utility>
#include <vector>
BOOST_FIXTURE_TEST_SUITE(checkqueue_tests, TestingSetup)
static const unsigned int QUEUE_BATCH_SIZE = 128;
static const int SCRIPT_CHECK_THREADS = 3;
struct FakeCheck {
Reported by Cppcheck.