The following issues were found
Objects/call.c
1 issues
Line: 427
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* use borrowed references */
stack[0] = obj;
memcpy(&stack[1],
_PyTuple_ITEMS(args),
argcount * sizeof(PyObject *));
PyObject *result = _PyObject_FastCallDictTstate(tstate, callable,
stack, argcount + 1,
Reported by FlawFinder.
Modules/_csv.c
1 issues
Line: 265
Column: 47
CWE codes:
126
_set_str(const char *name, PyObject **target, PyObject *src, const char *dflt)
{
if (src == NULL)
*target = PyUnicode_DecodeASCII(dflt, strlen(dflt), NULL);
else {
if (src == Py_None)
*target = NULL;
else if (!PyUnicode_Check(src)) {
PyErr_Format(PyExc_TypeError,
Reported by FlawFinder.
PCbuild/field3.py
1 issues
Line: 1
Column: 1
# An absurd workaround for the lack of arithmetic in MS's resource compiler.
# After building Python, run this, then paste the output into the appropriate
# part of PC\python_nt.rc.
# Example output:
#
# * For 2.3a0,
# * PY_MICRO_VERSION = 0
# * PY_RELEASE_LEVEL = 'alpha' = 0xA
# * PY_RELEASE_SERIAL = 1
Reported by Pylint.
Modules/clinic/_dbmmodule.c.h
1 issues
Line: 172
Column: 9
CWE codes:
126
if (flags == NULL) {
goto exit;
}
if (strlen(flags) != (size_t)flags_length) {
PyErr_SetString(PyExc_ValueError, "embedded null character");
goto exit;
}
if (nargs < 3) {
goto skip_optional;
Reported by FlawFinder.
Objects/stringlib/fastsearch.h
1 issues
Line: 172
Column: 19
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* Change to a 1 to see logging comments walk through the algorithm. */
#if 0 && STRINGLIB_SIZEOF_CHAR == 1
# define LOG(...) printf(__VA_ARGS__)
# define LOG_STRING(s, n) printf("\"%.*s\"", (int)(n), s)
# define LOG_LINEUP() do { \
LOG("> "); LOG_STRING(haystack, len_haystack); LOG("\n> "); \
LOG("%*s",(int)(window_last - haystack + 1 - len_needle), ""); \
LOG_STRING(needle, len_needle); LOG("\n"); \
Reported by FlawFinder.
Objects/classobject.c
1 issues
Line: 82
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* We need this, since calling memcpy() with a NULL pointer is
* undefined behaviour. */
assert(args != NULL);
memcpy(newargs + 1, args, totalargs * sizeof(PyObject *));
result = _PyObject_VectorcallTstate(tstate, func,
newargs, nargs+1, kwnames);
if (newargs != newargs_stack) {
PyMem_Free(newargs);
}
Reported by FlawFinder.
PC/msvcrtmodule.c
1 issues
Line: 243
Py_BEGIN_ALLOW_THREADS
ch = _getch();
Py_END_ALLOW_THREADS
return ch;
}
/*[clinic input]
msvcrt.getwch -> wchar_t
Reported by Cppcheck.
Modules/_decimal/libmpdec/examples/sqrt.c
1 issues
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
mpd_t *a;
mpd_t *result;
char *rstring;
char status_str[MPD_MAX_FLAG_STRING];
clock_t start_clock, end_clock;
if (argc != 2) {
fprintf(stderr, "sqrt: usage: ./sqrt x\n");
exit(1);
Reported by FlawFinder.
Modules/_asynciomodule.c
1 issues
Line: 19
_Py_IDENTIFIER(call_soon);
_Py_IDENTIFIER(cancel);
_Py_IDENTIFIER(get_event_loop);
_Py_IDENTIFIER(throw);
/* State of the _asyncio module */
static PyObject *asyncio_mod;
static PyObject *traceback_extract_stack;
Reported by Cppcheck.
Modules/_decimal/libmpdec/examples/shift.c
1 issues
Line: 42
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
mpd_t *a, *b;
mpd_t *result;
char *rstring;
char status_str[MPD_MAX_FLAG_STRING];
clock_t start_clock, end_clock;
if (argc != 3) {
fprintf(stderr, "shift: usage: ./shift x y\n");
exit(1);
Reported by FlawFinder.