The following issues were found
src/test/blockfilter_tests.cpp
1 issues
Line: 133
Column: 15
CWE codes:
120
20
UniValue json;
std::string json_data(json_tests::blockfilters,
json_tests::blockfilters + sizeof(json_tests::blockfilters));
if (!json.read(json_data) || !json.isArray()) {
BOOST_ERROR("Parse error.");
return;
}
const UniValue& tests = json.get_array();
Reported by FlawFinder.
src/test/bip32_tests.cpp
1 issues
Line: 109
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
key.SetSeed(seed.data(), seed.size());
pubkey = key.Neuter();
for (const TestDerivation &derive : test.vDerive) {
unsigned char data[74];
key.Encode(data);
pubkey.Encode(data);
// Test private key
BOOST_CHECK(EncodeExtKey(key) == derive.prv);
Reported by FlawFinder.
src/qt/bitcoingui.cpp
1 issues
Line: 416
Column: 31
CWE codes:
362
auto activity = new OpenWalletActivity(m_wallet_controller, this);
connect(activity, &OpenWalletActivity::opened, this, &BitcoinGUI::setCurrentWallet);
connect(activity, &OpenWalletActivity::finished, activity, &QObject::deleteLater);
activity->open(path);
});
}
if (m_open_wallet_menu->isEmpty()) {
QAction* action = m_open_wallet_menu->addAction(tr("No wallets available"));
action->setEnabled(false);
Reported by FlawFinder.
src/test/base58_tests.cpp
1 issues
Line: 60
Column: 70
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
std::vector<unsigned char> expected = ParseHex(test[0].get_str());
std::string base58string = test[1].get_str();
BOOST_CHECK_MESSAGE(DecodeBase58(base58string, result, 256), strTest);
BOOST_CHECK_MESSAGE(result.size() == expected.size() && std::equal(result.begin(), result.end(), expected.begin()), strTest);
}
BOOST_CHECK(!DecodeBase58("invalid"s, result, 100));
BOOST_CHECK(!DecodeBase58("invalid\0"s, result, 100));
BOOST_CHECK(!DecodeBase58("\0invalid"s, result, 100));
Reported by FlawFinder.
src/crypto/sha3.h
1 issues
Line: 20
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
private:
uint64_t m_state[25] = {0};
unsigned char m_buffer[8];
unsigned m_bufsize = 0;
unsigned m_pos = 0;
//! Sponge rate in bits.
static constexpr unsigned RATE_BITS = 1088;
Reported by FlawFinder.
src/span.h
1 issues
Line: 210
Column: 115
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
return Span<C>(m_data + m_size - count, count);
}
friend constexpr bool operator==(const Span& a, const Span& b) noexcept { return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin()); }
friend constexpr bool operator!=(const Span& a, const Span& b) noexcept { return !(a == b); }
friend constexpr bool operator<(const Span& a, const Span& b) noexcept { return std::lexicographical_compare(a.begin(), a.end(), b.begin(), b.end()); }
friend constexpr bool operator<=(const Span& a, const Span& b) noexcept { return !(b < a); }
friend constexpr bool operator>(const Span& a, const Span& b) noexcept { return (b < a); }
friend constexpr bool operator>=(const Span& a, const Span& b) noexcept { return !(a < b); }
Reported by FlawFinder.
src/secp256k1/src/scratch_impl.h
1 issues
Line: 19
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
secp256k1_scratch* ret = (secp256k1_scratch *)alloc;
if (ret != NULL) {
memset(ret, 0, sizeof(*ret));
memcpy(ret->magic, "scratch", 8);
ret->data = (void *) ((char *) alloc + base_alloc);
ret->max_size = size;
}
return ret;
}
Reported by FlawFinder.
src/secp256k1/src/scratch.h
1 issues
Line: 14
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* (where it is exposed as a different typedef) */
typedef struct secp256k1_scratch_space_struct {
/** guard against interpreting this object as other types */
unsigned char magic[8];
/** actual allocated data */
void *data;
/** amount that has been allocated (i.e. `data + offset` is the next
* available pointer) */
size_t alloc_size;
Reported by FlawFinder.
src/crypto/hmac_sha512.h
1 issues
Line: 29
Column: 28
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
inner.Write(data, len);
return *this;
}
void Finalize(unsigned char hash[OUTPUT_SIZE]);
};
#endif // BITCOIN_CRYPTO_HMAC_SHA512_H
Reported by FlawFinder.
src/crypto/hmac_sha256.h
1 issues
Line: 29
Column: 28
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
inner.Write(data, len);
return *this;
}
void Finalize(unsigned char hash[OUTPUT_SIZE]);
};
#endif // BITCOIN_CRYPTO_HMAC_SHA256_H
Reported by FlawFinder.