The following issues were found
Objects/clinic/unicodeobject.c.h
4 issues
Line: 163
Column: 13
CWE codes:
126
if (encoding == NULL) {
goto exit;
}
if (strlen(encoding) != (size_t)encoding_length) {
PyErr_SetString(PyExc_ValueError, "embedded null character");
goto exit;
}
if (!--noptargs) {
goto skip_optional_pos;
Reported by FlawFinder.
Line: 180
Column: 9
CWE codes:
126
if (errors == NULL) {
goto exit;
}
if (strlen(errors) != (size_t)errors_length) {
PyErr_SetString(PyExc_ValueError, "embedded null character");
goto exit;
}
skip_optional_pos:
return_value = unicode_encode_impl(self, encoding, errors);
Reported by FlawFinder.
Line: 1303
Column: 13
CWE codes:
126
if (encoding == NULL) {
goto exit;
}
if (strlen(encoding) != (size_t)encoding_length) {
PyErr_SetString(PyExc_ValueError, "embedded null character");
goto exit;
}
if (!--noptargs) {
goto skip_optional_pos;
Reported by FlawFinder.
Line: 1320
Column: 9
CWE codes:
126
if (errors == NULL) {
goto exit;
}
if (strlen(errors) != (size_t)errors_length) {
PyErr_SetString(PyExc_ValueError, "embedded null character");
goto exit;
}
skip_optional_pos:
return_value = unicode_new_impl(type, x, encoding, errors);
Reported by FlawFinder.
Modules/sha1module.c
4 issues
Line: 48
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct sha1_state {
SHA1_INT64 length;
SHA1_INT32 state[5], curlen;
unsigned char buf[SHA1_BLOCKSIZE];
};
typedef struct {
PyObject_HEAD
Reported by FlawFinder.
Line: 227
Column: 12
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
inlen -= SHA1_BLOCKSIZE;
} else {
n = Py_MIN(inlen, (Py_ssize_t)(SHA1_BLOCKSIZE - sha1->curlen));
memcpy(sha1->buf + sha1->curlen, in, (size_t)n);
sha1->curlen += (SHA1_INT32)n;
in += n;
inlen -= n;
if (sha1->curlen == SHA1_BLOCKSIZE) {
sha1_compress(sha1, sha1->buf);
Reported by FlawFinder.
Line: 371
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
SHA1Type_digest_impl(SHA1object *self)
/*[clinic end generated code: output=2f05302a7aa2b5cb input=13824b35407444bd]*/
{
unsigned char digest[SHA1_DIGESTSIZE];
struct sha1_state temp;
temp = self->hash_state;
sha1_done(&temp, digest);
return PyBytes_FromStringAndSize((const char *)digest, SHA1_DIGESTSIZE);
Reported by FlawFinder.
Line: 389
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
SHA1Type_hexdigest_impl(SHA1object *self)
/*[clinic end generated code: output=4161fd71e68c6659 input=97691055c0c74ab0]*/
{
unsigned char digest[SHA1_DIGESTSIZE];
struct sha1_state temp;
/* Get the raw (binary) digest value */
temp = self->hash_state;
sha1_done(&temp, digest);
Reported by FlawFinder.
Modules/main.c
4 issues
Line: 129
Column: 50
CWE codes:
126
{
PyObject *sys_path0 = NULL, *importer;
sys_path0 = PyUnicode_FromWideChar(filename, wcslen(filename));
if (sys_path0 == NULL) {
goto error;
}
importer = PyImport_GetImporter(sys_path0);
Reported by FlawFinder.
Line: 276
Column: 46
CWE codes:
126
Py_DECREF(runpy);
return pymain_exit_err_print();
}
module = PyUnicode_FromWideChar(modname, wcslen(modname));
if (module == NULL) {
fprintf(stderr, "Could not convert module name to unicode\n");
Py_DECREF(runpy);
Py_DECREF(runmodule);
return pymain_exit_err_print();
Reported by FlawFinder.
Line: 329
Column: 22
CWE codes:
120
20
if (skip_source_first_line) {
int ch;
/* Push back first newline so line numbers remain the same */
while ((ch = getc(fp)) != EOF) {
if (ch == '\n') {
(void)ungetc(ch, fp);
break;
}
}
Reported by FlawFinder.
Line: 393
Column: 43
CWE codes:
126
if (env == NULL || env[0] == L'\0') {
return 0;
}
startup = PyUnicode_FromWideChar(env, wcslen(env));
if (startup == NULL) {
goto error;
}
#else
const char *env = _Py_GetEnv(config->use_environment, "PYTHONSTARTUP");
Reported by FlawFinder.
PC/frozen_dllmain.c
4 issues
Line: 123
Column: 5
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
char funcName[255];
HMODULE hmod = GetModuleHandleW(NULL);
strcpy(funcName, "_DllMain");
strcat(funcName, modName);
strcat(funcName, "@12"); // stdcall convention.
pfndllmain = (BOOL (WINAPI *)(HINSTANCE, DWORD, LPVOID))GetProcAddress(hmod, funcName);
if (pfndllmain==NULL) {
/* No function by that name exported - then that module does
not appear in our frozen program - return OK
Reported by FlawFinder.
Line: 120
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
BOOL (WINAPI * pfndllmain)(HINSTANCE, DWORD, LPVOID);
char funcName[255];
HMODULE hmod = GetModuleHandleW(NULL);
strcpy(funcName, "_DllMain");
strcat(funcName, modName);
strcat(funcName, "@12"); // stdcall convention.
pfndllmain = (BOOL (WINAPI *)(HINSTANCE, DWORD, LPVOID))GetProcAddress(hmod, funcName);
Reported by FlawFinder.
Line: 122
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
char funcName[255];
HMODULE hmod = GetModuleHandleW(NULL);
strcpy(funcName, "_DllMain");
strcat(funcName, modName);
strcat(funcName, "@12"); // stdcall convention.
pfndllmain = (BOOL (WINAPI *)(HINSTANCE, DWORD, LPVOID))GetProcAddress(hmod, funcName);
if (pfndllmain==NULL) {
/* No function by that name exported - then that module does
Reported by FlawFinder.
Line: 124
Column: 5
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
HMODULE hmod = GetModuleHandleW(NULL);
strcpy(funcName, "_DllMain");
strcat(funcName, modName);
strcat(funcName, "@12"); // stdcall convention.
pfndllmain = (BOOL (WINAPI *)(HINSTANCE, DWORD, LPVOID))GetProcAddress(hmod, funcName);
if (pfndllmain==NULL) {
/* No function by that name exported - then that module does
not appear in our frozen program - return OK
*/
Reported by FlawFinder.
Modules/_io/clinic/_iomodule.c.h
4 issues
Line: 172
Column: 13
CWE codes:
126
if (mode == NULL) {
goto exit;
}
if (strlen(mode) != (size_t)mode_length) {
PyErr_SetString(PyExc_ValueError, "embedded null character");
goto exit;
}
if (!--noptargs) {
goto skip_optional_pos;
Reported by FlawFinder.
Line: 199
Column: 17
CWE codes:
126
if (encoding == NULL) {
goto exit;
}
if (strlen(encoding) != (size_t)encoding_length) {
PyErr_SetString(PyExc_ValueError, "embedded null character");
goto exit;
}
}
else {
Reported by FlawFinder.
Line: 222
Column: 17
CWE codes:
126
if (errors == NULL) {
goto exit;
}
if (strlen(errors) != (size_t)errors_length) {
PyErr_SetString(PyExc_ValueError, "embedded null character");
goto exit;
}
}
else {
Reported by FlawFinder.
Line: 245
Column: 17
CWE codes:
126
if (newline == NULL) {
goto exit;
}
if (strlen(newline) != (size_t)newline_length) {
PyErr_SetString(PyExc_ValueError, "embedded null character");
goto exit;
}
}
else {
Reported by FlawFinder.
Programs/_freeze_importlib.c
4 issues
Line: 102
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
Py_ExitStatusException(status);
}
sprintf(buf, "<frozen %s>", name);
code = Py_CompileStringExFlags(text, buf, Py_file_input, NULL, 0);
if (code == NULL)
goto error;
free(text);
text = NULL;
Reported by FlawFinder.
Line: 37
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
main(int argc, char *argv[])
{
const char *name, *inpath, *outpath;
char buf[100];
FILE *infile = NULL, *outfile = NULL;
struct _Py_stat_struct stat;
size_t text_size, data_size, i, n;
char *text = NULL;
unsigned char *data;
Reported by FlawFinder.
Line: 54
Column: 14
CWE codes:
362
name = argv[1];
inpath = argv[2];
outpath = argv[3];
infile = fopen(inpath, "rb");
if (infile == NULL) {
fprintf(stderr, "cannot open '%s' for reading\n", inpath);
goto error;
}
if (_Py_fstat_noraise(fileno(infile), &stat)) {
Reported by FlawFinder.
Line: 120
Column: 15
CWE codes:
362
/* Open the file in text mode. The hg checkout should be using the eol extension,
which in turn should cause the EOL style match the C library's text mode */
outfile = fopen(outpath, "w");
if (outfile == NULL) {
fprintf(stderr, "cannot open '%s' for writing\n", outpath);
goto error;
}
fprintf(outfile, "%s\n", header);
Reported by FlawFinder.
Lib/xml/__init__.py
4 issues
Line: 20
Column: 30
"""
__all__ = ["dom", "parsers", "sax", "etree"]
Reported by Pylint.
Line: 20
Column: 37
"""
__all__ = ["dom", "parsers", "sax", "etree"]
Reported by Pylint.
Line: 20
Column: 12
"""
__all__ = ["dom", "parsers", "sax", "etree"]
Reported by Pylint.
Line: 20
Column: 19
"""
__all__ = ["dom", "parsers", "sax", "etree"]
Reported by Pylint.
Modules/readline.c
4 issues
Line: 206
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
Py_DECREF(encoded);
return PyErr_NoMemory();
}
strcpy(copy, PyBytes_AS_STRING(encoded));
Py_DECREF(encoded);
rl_parse_and_bind(copy);
PyMem_Free(copy); /* Free the copy */
Py_RETURN_NONE;
}
Reported by FlawFinder.
Line: 1436
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char *q = p;
p = PyMem_RawMalloc(n+2);
if (p != NULL) {
memcpy(p, q, n);
p[n] = '\n';
p[n+1] = '\0';
}
free(q);
RESTORE_LOCALE(saved_locale)
Reported by FlawFinder.
Line: 1414
Column: 9
CWE codes:
126
}
/* we have a valid line */
n = strlen(p);
if (should_auto_add_history && n > 0) {
const char *line;
int length = _py_get_history_length();
if (length > 0) {
HIST_ENTRY *hist_ent;
Reported by FlawFinder.
Line: 1473
Column: 58
CWE codes:
126
PyObject *m;
readlinestate *mod_state;
if (strncmp(rl_library_version, libedit_version_tag, strlen(libedit_version_tag)) == 0) {
using_libedit_emulation = 1;
}
if (using_libedit_emulation)
readlinemodule.m_doc = doc_module_le;
Reported by FlawFinder.
Modules/_blake2/impl/blake2sp.c
4 issues
Line: 105
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
uint8_t block[BLAKE2S_BLOCKBYTES];
memset( block, 0, BLAKE2S_BLOCKBYTES );
memcpy( block, key, keylen );
for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
blake2s_update( S->S[i], block, BLAKE2S_BLOCKBYTES );
secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
Reported by FlawFinder.
Line: 123
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if( left && inlen >= fill )
{
memcpy( S->buf + left, in, fill );
for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
blake2s_update( S->S[i], S->buf + i * BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES );
in += fill;
Reported by FlawFinder.
Line: 159
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
inlen %= PARALLELISM_DEGREE * BLAKE2S_BLOCKBYTES;
if( inlen > 0 )
memcpy( S->buf + left, in, inlen );
S->buflen = ( uint32_t ) left + ( uint32_t ) inlen;
return 0;
}
Reported by FlawFinder.
Line: 221
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
uint8_t block[BLAKE2S_BLOCKBYTES];
memset( block, 0, BLAKE2S_BLOCKBYTES );
memcpy( block, key, keylen );
for( size_t i = 0; i < PARALLELISM_DEGREE; ++i )
blake2s_update( S[i], block, BLAKE2S_BLOCKBYTES );
secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
Reported by FlawFinder.
Tools/c-analyzer/c_parser/parser/_regexes.py
4 issues
Line: 114
Column: 31
#######################################
# types
SIMPLE_TYPE = textwrap.dedent(rf'''
# simple type
(?:
\b
(?:
void
Reported by Pylint.
Line: 1
Column: 1
# Regular expression patterns for C syntax.
#
# None of these patterns has any capturing. However, a number of them
# have capturing markers compatible with utils.set_capture_groups().
import textwrap
def _ind(text, level=1, edges='both'):
Reported by Pylint.
Line: 12
Column: 8
def _ind(text, level=1, edges='both'):
indent = ' ' * level
text = textwrap.indent(text, indent)
if edges == 'pre' or edges == 'both':
text = '\n' + indent + text.lstrip()
if edges == 'post' or edges == 'both':
text = text.rstrip() + '\n' + ' ' * (level - 1)
return text
Reported by Pylint.
Line: 14
Column: 8
text = textwrap.indent(text, indent)
if edges == 'pre' or edges == 'both':
text = '\n' + indent + text.lstrip()
if edges == 'post' or edges == 'both':
text = text.rstrip() + '\n' + ' ' * (level - 1)
return text
#######################################
Reported by Pylint.