The following issues were found
Modules/_decimal/libmpdec/mpdecimal.h
5 issues
Line: 800
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define mpd_err_fatal(...) \
do {fprintf(stderr, "%s:%d: error: ", __FILE__, __LINE__); \
fprintf(stderr, __VA_ARGS__); fputc('\n', stderr); \
abort(); \
} while (0)
#define mpd_err_warn(...) \
do {fprintf(stderr, "%s:%d: warning: ", __FILE__, __LINE__); \
fprintf(stderr, __VA_ARGS__); fputc('\n', stderr); \
Reported by FlawFinder.
Line: 805
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
} while (0)
#define mpd_err_warn(...) \
do {fprintf(stderr, "%s:%d: warning: ", __FILE__, __LINE__); \
fprintf(stderr, __VA_ARGS__); fputc('\n', stderr); \
} while (0)
/******************************************************************************/
/* Memory handling */
Reported by FlawFinder.
Line: 238
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum { MPD_CLAMP_DEFAULT, MPD_CLAMP_IEEE_754, MPD_CLAMP_GUARD };
extern const char * const mpd_round_string[MPD_ROUND_GUARD];
extern const char * const mpd_clamp_string[MPD_CLAMP_GUARD];
typedef struct mpd_context_t {
mpd_ssize_t prec; /* precision */
Reported by FlawFinder.
Line: 239
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum { MPD_CLAMP_DEFAULT, MPD_CLAMP_IEEE_754, MPD_CLAMP_GUARD };
extern const char * const mpd_round_string[MPD_ROUND_GUARD];
extern const char * const mpd_clamp_string[MPD_CLAMP_GUARD];
typedef struct mpd_context_t {
mpd_ssize_t prec; /* precision */
mpd_ssize_t emax; /* max positive exp */
Reported by FlawFinder.
Line: 399
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char type; /* conversion specifier */
char align; /* alignment */
char sign; /* sign printing/alignment */
char fill[5]; /* fill character */
const char *dot; /* decimal point */
const char *sep; /* thousands separator */
const char *grouping; /* grouping of digits */
} mpd_spec_t;
Reported by FlawFinder.
Modules/_hashopenssl.c
5 issues
Line: 399
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
EVP_digest_impl(EVPobject *self)
/*[clinic end generated code: output=0f6a3a0da46dc12d input=03561809a419bf00]*/
{
unsigned char digest[EVP_MAX_MD_SIZE];
EVP_MD_CTX *temp_ctx;
PyObject *retval;
unsigned int digest_size;
temp_ctx = EVP_MD_CTX_new();
Reported by FlawFinder.
Line: 434
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
EVP_hexdigest_impl(EVPobject *self)
/*[clinic end generated code: output=18e6decbaf197296 input=aff9cf0e4c741a9a]*/
{
unsigned char digest[EVP_MAX_MD_SIZE];
EVP_MD_CTX *temp_ctx;
unsigned int digest_size;
temp_ctx = EVP_MD_CTX_new();
if (temp_ctx == NULL) {
Reported by FlawFinder.
Line: 1348
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
Py_buffer *msg, PyObject *digest)
/*[clinic end generated code: output=82f19965d12706ac input=0a0790cc3db45c2e]*/
{
unsigned char md[EVP_MAX_MD_SIZE] = {0};
unsigned int md_len = 0;
unsigned char *result;
const EVP_MD *evp;
evp = py_digest_by_digestmod(module, digest);
Reported by FlawFinder.
Line: 1622
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
_hashlib_HMAC_digest_impl(HMACobject *self)
/*[clinic end generated code: output=1b1424355af7a41e input=bff07f74da318fb4]*/
{
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int digest_size = _hmac_digest_size(self);
if (digest_size == 0) {
return _setException(PyExc_ValueError);
}
int r = _hmac_digest(self, digest, digest_size);
Reported by FlawFinder.
Line: 1647
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
_hashlib_HMAC_hexdigest_impl(HMACobject *self)
/*[clinic end generated code: output=80d825be1eaae6a7 input=5abc42702874ddcf]*/
{
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int digest_size = _hmac_digest_size(self);
if (digest_size == 0) {
return _setException(PyExc_ValueError);
}
int r = _hmac_digest(self, digest, digest_size);
Reported by FlawFinder.
Modules/_sqlite/cursor.c
5 issues
Line: 212
* In other words, it will work as people expect it to work.*/
if (*pos == ' ' || *pos == '(' || *pos == 0) {
pysqlite_state *state = self->connection->state;
converter = _pysqlite_get_converter(state, decltype,
pos - decltype);
if (!converter && PyErr_Occurred()) {
Py_CLEAR(self->row_cast_map);
return -1;
}
Reported by Cppcheck.
Line: 275
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
PyObject* converter;
PyObject* converted;
Py_ssize_t nbytes;
char buf[200];
const char* colname;
PyObject* error_msg;
if (self->reset) {
PyObject *exc = self->connection->InterfaceError;
Reported by FlawFinder.
Line: 255
Column: 15
CWE codes:
126
len = pos - colname;
}
else {
len = strlen(colname);
}
return PyUnicode_FromStringAndSize(colname, len);
}
/*
Reported by FlawFinder.
Line: 358
Column: 59
CWE codes:
126
}
PyOS_snprintf(buf, sizeof(buf) - 1, "Could not decode to UTF-8 column '%s' with text '%s'",
colname , text);
error_msg = PyUnicode_Decode(buf, strlen(buf), "ascii", "replace");
PyObject *exc = self->connection->OperationalError;
if (!error_msg) {
PyErr_SetString(exc, "Could not decode to UTF-8");
} else {
Reported by FlawFinder.
Line: 754
Column: 15
CWE codes:
126
self->reset = 0;
sql_len = strlen(sql_script);
int max_length = sqlite3_limit(self->connection->db,
SQLITE_LIMIT_LENGTH, -1);
if (sql_len >= (unsigned)max_length) {
PyErr_SetString(self->connection->DataError,
"query string is too large");
Reported by FlawFinder.
Modules/_sre.c
5 issues
Line: 537
CWE codes:
908
j = STATE_OFFSET(state, state->mark[index+1]);
}
return getslice(state->isbytes, state->beginning, string, i, j);
}
static void
pattern_error(Py_ssize_t status)
{
Reported by Cppcheck.
Line: 537
CWE codes:
908
j = STATE_OFFSET(state, state->mark[index+1]);
}
return getslice(state->isbytes, state->beginning, string, i, j);
}
static void
pattern_error(Py_ssize_t status)
{
Reported by Cppcheck.
Line: 83
Column: 18
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define SRE_ERROR_INTERRUPTED -10 /* signal handler raised exception */
#if defined(VERBOSE)
#define TRACE(v) printf v
#else
#define TRACE(v)
#endif
/* -------------------------------------------------------------------- */
Reported by FlawFinder.
Line: 1517
Column: 19
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* Trace macro for the validator */
#if defined(VVERBOSE)
#define VTRACE(v) printf v
#else
#define VTRACE(v) do {} while(0) /* do nothing */
#endif
/* Report failure */
Reported by FlawFinder.
Line: 1593
Column: 32
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
FAIL;
/* Make sure that each byte points to a valid block */
for (i = 0; i < 256; i++) {
if (((unsigned char *)code)[i] >= arg)
FAIL;
}
code += offset;
offset = arg * (256/SRE_CODE_BITS); /* 256-bit bitmap times arg */
if (offset > (uintptr_t)(end - code))
Reported by FlawFinder.
Modules/_winapi.c
5 issues
Line: 637
Column: 5
CWE codes:
120
Suggestion:
Consider using a function version that stops copying at the end of the buffer
goto cleanup;
/* Copy everything but the native prefix to the print name offset. */
wcscpy(rdb->MountPointReparseBuffer.PathBuffer +
prefix_len + print_len + 1,
rdb->MountPointReparseBuffer.PathBuffer + prefix_len);
/* Create a directory for the junction point. */
if (!CreateDirectoryW(dst_path, NULL))
Reported by FlawFinder.
Line: 630
Column: 5
CWE codes:
120
Suggestion:
Consider using a function version that stops copying at the end of the buffer
/* Store the full native path of link target at the substitute name
offset (0). */
wcscpy(rdb->MountPointReparseBuffer.PathBuffer, L"\\??\\");
if (GetFullPathNameW(src_path, print_len + 1,
rdb->MountPointReparseBuffer.PathBuffer + prefix_len,
NULL) == 0)
goto cleanup;
Reported by FlawFinder.
Line: 1916
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define CCH_EXT 128
#define CB_TYPE 510
struct {
wchar_t ext[CCH_EXT];
wchar_t type[CB_TYPE / sizeof(wchar_t) + 1];
} entries[64];
int entry = 0;
HKEY hkcr = NULL;
LRESULT err;
Reported by FlawFinder.
Line: 1917
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define CB_TYPE 510
struct {
wchar_t ext[CCH_EXT];
wchar_t type[CB_TYPE / sizeof(wchar_t) + 1];
} entries[64];
int entry = 0;
HKEY hkcr = NULL;
LRESULT err;
Reported by FlawFinder.
Line: 1323
Column: 45
CWE codes:
126
if (! result)
return PyErr_SetFromWindowsErr(GetLastError());
return PyUnicode_FromWideChar(filename, wcslen(filename));
}
/*[clinic input]
_winapi.GetStdHandle -> HANDLE
Reported by FlawFinder.
Modules/clinic/_ssl.c.h
5 issues
Line: 373
Column: 9
CWE codes:
126
if (cb_type == NULL) {
goto exit;
}
if (strlen(cb_type) != (size_t)cb_type_length) {
PyErr_SetString(PyExc_ValueError, "embedded null character");
goto exit;
}
skip_optional_pos:
return_value = _ssl__SSLSocket_get_channel_binding_impl(self, cb_type);
Reported by FlawFinder.
Line: 454
Column: 9
CWE codes:
126
if (cipherlist == NULL) {
goto exit;
}
if (strlen(cipherlist) != (size_t)cipherlist_length) {
PyErr_SetString(PyExc_ValueError, "embedded null character");
goto exit;
}
return_value = _ssl__SSLContext_set_ciphers_impl(self, cipherlist);
Reported by FlawFinder.
Line: 1201
Column: 9
CWE codes:
126
if (txt == NULL) {
goto exit;
}
if (strlen(txt) != (size_t)txt_length) {
PyErr_SetString(PyExc_ValueError, "embedded null character");
goto exit;
}
if (!noptargs) {
goto skip_optional_pos;
Reported by FlawFinder.
Line: 1289
Column: 9
CWE codes:
126
if (store_name == NULL) {
goto exit;
}
if (strlen(store_name) != (size_t)store_name_length) {
PyErr_SetString(PyExc_ValueError, "embedded null character");
goto exit;
}
return_value = _ssl_enum_certificates_impl(module, store_name);
Reported by FlawFinder.
Line: 1342
Column: 9
CWE codes:
126
if (store_name == NULL) {
goto exit;
}
if (strlen(store_name) != (size_t)store_name_length) {
PyErr_SetString(PyExc_ValueError, "embedded null character");
goto exit;
}
return_value = _ssl_enum_crls_impl(module, store_name);
Reported by FlawFinder.
Objects/abstract.c
5 issues
Line: 580
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (PyBuffer_IsContiguous(view, fort)) {
/* simplest copy is all that is needed */
memcpy(view->buf, buf, len);
return 0;
}
/* Otherwise a more elaborate scheme is needed */
Reported by FlawFinder.
Line: 609
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
elements = len / view->itemsize;
while (elements--) {
ptr = PyBuffer_GetPointer(view, indices);
memcpy(ptr, src, view->itemsize);
src += view->itemsize;
addone(view->ndim, indices, view->shape);
}
PyMem_Free(indices);
Reported by FlawFinder.
Line: 652
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(PyBuffer_IsContiguous(&view_dest, 'F') &&
PyBuffer_IsContiguous(&view_src, 'F'))) {
/* simplest copy is all that is needed */
memcpy(view_dest.buf, view_src.buf, view_src.len);
PyBuffer_Release(&view_dest);
PyBuffer_Release(&view_src);
return 0;
}
Reported by FlawFinder.
Line: 680
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
_Py_add_one_to_index_C(view_src.ndim, indices, view_src.shape);
dptr = PyBuffer_GetPointer(&view_dest, indices);
sptr = PyBuffer_GetPointer(&view_src, indices);
memcpy(dptr, sptr, view_src.itemsize);
}
PyMem_Free(indices);
PyBuffer_Release(&view_dest);
PyBuffer_Release(&view_src);
return 0;
Reported by FlawFinder.
Line: 2958
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
PyErr_NoMemory();
goto fail;
}
memcpy(array[i], data, size);
Py_DECREF(item);
}
array[argc] = NULL;
return array;
Reported by FlawFinder.
Lib/tkinter/scrolledtext.py
5 issues
Line: 20
Column: 1
__all__ = ['ScrolledText']
class ScrolledText(Text):
def __init__(self, master=None, **kw):
self.frame = Frame(master)
self.vbar = Scrollbar(self.frame)
self.vbar.pack(side=RIGHT, fill=Y)
Reported by Pylint.
Line: 20
Column: 1
__all__ = ['ScrolledText']
class ScrolledText(Text):
def __init__(self, master=None, **kw):
self.frame = Frame(master)
self.vbar = Scrollbar(self.frame)
self.vbar.pack(side=RIGHT, fill=Y)
Reported by Pylint.
Line: 37
Column: 13
methods = vars(Pack).keys() | vars(Grid).keys() | vars(Place).keys()
methods = methods.difference(text_meths)
for m in methods:
if m[0] != '_' and m != 'config' and m != 'configure':
setattr(self, m, getattr(self.frame, m))
def __str__(self):
return str(self.frame)
Reported by Pylint.
Line: 45
Column: 1
return str(self.frame)
def example():
from tkinter.constants import END
stext = ScrolledText(bg='white', height=10)
stext.insert(END, __doc__)
stext.pack(fill=BOTH, side=LEFT, expand=True)
Reported by Pylint.
Line: 46
Column: 5
def example():
from tkinter.constants import END
stext = ScrolledText(bg='white', height=10)
stext.insert(END, __doc__)
stext.pack(fill=BOTH, side=LEFT, expand=True)
stext.focus_set()
Reported by Pylint.
PC/layout/support/catalog.py
5 issues
Line: 9
Column: 1
__version__ = "3.8"
import sys
__all__ = ["PYTHON_CAT_NAME", "PYTHON_CDF_NAME"]
def public(f):
Reported by Pylint.
Line: 14
Column: 1
__all__ = ["PYTHON_CAT_NAME", "PYTHON_CDF_NAME"]
def public(f):
__all__.append(f.__name__)
return f
PYTHON_CAT_NAME = "python.cat"
Reported by Pylint.
Line: 14
Column: 1
__all__ = ["PYTHON_CAT_NAME", "PYTHON_CDF_NAME"]
def public(f):
__all__.append(f.__name__)
return f
PYTHON_CAT_NAME = "python.cat"
Reported by Pylint.
Line: 36
Column: 1
"""
def can_sign(file):
return file.is_file() and file.stat().st_size
@public
def write_catalog(target, files):
Reported by Pylint.
Line: 41
Column: 1
@public
def write_catalog(target, files):
with target.open("w", encoding="utf-8") as cat:
cat.write(CATALOG_TEMPLATE.format(target=target))
cat.writelines("<HASH>{}={}\n".format(n, f) for n, f in files if can_sign(f))
Reported by Pylint.
Lib/tkinter/colorchooser.py
5 issues
Line: 1
Column: 1
# tk common color chooser dialogue
#
# this module provides an interface to the native color dialogue
# available in Tk 4.2 and newer.
#
# written by Fredrik Lundh, May 1997
#
# fixed initialcolor handling in August 1998
#
Reported by Pylint.
Line: 17
Column: 1
__all__ = ["Chooser", "askcolor"]
class Chooser(Dialog):
"""Create a dialog for the tk_chooseColor command.
Args:
master: The master widget for this dialog. If not provided,
defaults to options['parent'] (if defined).
Reported by Pylint.
Line: 61
Column: 15
# To simplify application code, the color chooser returns
# an RGB tuple together with the Tk color string.
r, g, b = widget.winfo_rgb(result)
return (r//256, g//256, b//256), str(result)
#
# convenience stuff
Reported by Pylint.
Line: 61
Column: 12
# To simplify application code, the color chooser returns
# an RGB tuple together with the Tk color string.
r, g, b = widget.winfo_rgb(result)
return (r//256, g//256, b//256), str(result)
#
# convenience stuff
Reported by Pylint.
Line: 61
Column: 9
# To simplify application code, the color chooser returns
# an RGB tuple together with the Tk color string.
r, g, b = widget.winfo_rgb(result)
return (r//256, g//256, b//256), str(result)
#
# convenience stuff
Reported by Pylint.