The following issues were found
third_party/cpplint/cpplint.py
2630 issues
Line: 3384
Column: 1
'"// TODO(my_username): Stuff."')
middle_whitespace = match.group(3)
# Comparisons made explicit for correctness -- pylint: disable=g-explicit-bool-comparison
if middle_whitespace != ' ' and middle_whitespace != '':
error(filename, linenum, 'whitespace/todo', 2,
'TODO(my_username) should be followed by a space')
# If the comment contains an alphanumeric character, there
Reported by Pylint.
Line: 688
Column: 3
_global_error_suppressions = {}
def ProcessHppHeadersOption(val):
global _hpp_headers
try:
_hpp_headers = set(val.split(','))
# Automatically append to extensions list so it does not have to be set 2 times
_valid_extensions.update(_hpp_headers)
except ValueError:
Reported by Pylint.
Line: 1293
Column: 3
class _IncludeError(Exception):
"""Indicates a problem with the include order in a file."""
pass
class FileInfo(object):
"""Provides utility functions for filenames.
Reported by Pylint.
Line: 1575
Column: 3
lines_without_raw_strings.append(line)
# TODO(unknown): if delimiter is not None here, we might want to
# emit a warning for unterminated string.
return lines_without_raw_strings
def FindNextMultiLineCommentStart(lines, lineix):
Reported by Pylint.
Line: 2451
Column: 5
linenum: The number of the line to check.
error: The function to call with any errors found.
"""
pass
def CheckEnd(self, filename, clean_lines, linenum, error):
"""Run checks that applies to text after the closing brace.
This is mostly used for checking end of namespace comments.
Reported by Pylint.
Line: 2464
Column: 5
linenum: The number of the line to check.
error: The function to call with any errors found.
"""
pass
def IsBlockInfo(self):
"""Returns true if this block is a _BlockInfo.
This is convenient for verifying that an object is an instance of
Reported by Pylint.
Line: 2571
Column: 3
# lines. However, do apply checks if there is already an end of
# namespace comment and it's incorrect.
#
# TODO(unknown): We always want to check end of namespace comments
# if a namespace is large, but sometimes we also want to apply the
# check if a short namespace contained nontrivial things (something
# other than forward declarations). There is currently no logic on
# deciding what these nontrivial things are, so this check is
# triggered by namespace size only, which works most of the time.
Reported by Pylint.
Line: 2786
Column: 3
# Restore the stack to how it was before the #if
self.stack = copy.deepcopy(self.pp_stack[-1].stack_before_if)
else:
# TODO(unknown): unexpected #else, issue warning?
pass
elif Match(r'^\s*#\s*endif\b', line):
# End of #if or #else blocks.
if self.pp_stack:
# If we saw an #else, we will need to restore the nesting
Reported by Pylint.
Line: 2801
Column: 3
# Drop the corresponding #if
self.pp_stack.pop()
else:
# TODO(unknown): unexpected #endif, issue warning?
pass
# TODO(unknown): Update() is too long, but we will refactor later.
def Update(self, filename, clean_lines, linenum, error):
"""Update nesting state with current line.
Reported by Pylint.
Line: 2804
Column: 3
# TODO(unknown): unexpected #endif, issue warning?
pass
# TODO(unknown): Update() is too long, but we will refactor later.
def Update(self, filename, clean_lines, linenum, error):
"""Update nesting state with current line.
Args:
filename: The name of the current file.
Reported by Pylint.
test/thirdparty/imapdl/filterbr.py
121 issues
Line: 1
Column: 1
#!/usr/bin/env python3
# 2017, Georg Sauthoff <mail@gms.tf>, GPLv3
import sys
def skip_comments(lines):
state = 0
for line in lines:
Reported by Pylint.
Line: 7
Column: 1
import sys
def skip_comments(lines):
state = 0
for line in lines:
n = len(line)
l = ''
p = 0
Reported by Pylint.
Line: 8
Column: 1
import sys
def skip_comments(lines):
state = 0
for line in lines:
n = len(line)
l = ''
p = 0
while p < n:
Reported by Pylint.
Line: 9
Column: 1
def skip_comments(lines):
state = 0
for line in lines:
n = len(line)
l = ''
p = 0
while p < n:
if state == 0:
Reported by Pylint.
Line: 10
Column: 1
def skip_comments(lines):
state = 0
for line in lines:
n = len(line)
l = ''
p = 0
while p < n:
if state == 0:
a = line.find('//', p)
Reported by Pylint.
Line: 10
Column: 5
def skip_comments(lines):
state = 0
for line in lines:
n = len(line)
l = ''
p = 0
while p < n:
if state == 0:
a = line.find('//', p)
Reported by Pylint.
Line: 11
Column: 5
state = 0
for line in lines:
n = len(line)
l = ''
p = 0
while p < n:
if state == 0:
a = line.find('//', p)
b = line.find('/*', p)
Reported by Pylint.
Line: 11
Column: 1
state = 0
for line in lines:
n = len(line)
l = ''
p = 0
while p < n:
if state == 0:
a = line.find('//', p)
b = line.find('/*', p)
Reported by Pylint.
Line: 12
Column: 5
for line in lines:
n = len(line)
l = ''
p = 0
while p < n:
if state == 0:
a = line.find('//', p)
b = line.find('/*', p)
if a > -1 and (a < b or b == -1):
Reported by Pylint.
Line: 12
Column: 1
for line in lines:
n = len(line)
l = ''
p = 0
while p < n:
if state == 0:
a = line.find('//', p)
b = line.find('/*', p)
if a > -1 and (a < b or b == -1):
Reported by Pylint.
test/thirdparty/doctest/doctest.h
29 issues
Line: 3521
Column: 14
CWE codes:
134
Suggestion:
Make format string constant
#define DOCTEST_TO_STRING_OVERLOAD(type, fmt) \
String toString(type in) { \
char buf[64]; \
std::sprintf(buf, fmt, in); \
return buf; \
}
DOCTEST_TO_STRING_OVERLOAD(char, "%d")
DOCTEST_TO_STRING_OVERLOAD(char signed, "%d")
Reported by FlawFinder.
Line: 6368
Column: 18
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} else if(p->order_by.compare("name", true) == 0) {
std::sort(testArray.begin(), testArray.end(), nameOrderComparator);
} else if(p->order_by.compare("rand", true) == 0) {
std::srand(p->rand_seed);
// random_shuffle implementation
const auto first = &testArray[0];
for(size_t i = testArray.size() - 1; i > 0; --i) {
int idxToSwap = std::rand() % (i + 1); // NOLINT
Reported by FlawFinder.
Line: 485
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
union
{
char buf[len];
view data;
};
bool isOnStack() const { return (buf[last] & 128) == 0; }
void setOnHeap();
Reported by FlawFinder.
Line: 2958
Column: 65
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} // namespace
namespace detail {
void my_memcpy(void* dest, const void* src, unsigned num) { memcpy(dest, src, num); }
String rawMemoryToString(const void* object, unsigned size) {
// Reverse order for little endian architectures
int i = 0, end = static_cast<int>(size), inc = 1;
if(Endianness::which() == Endianness::Little) {
Reported by FlawFinder.
Line: 3061
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct CacheLineAlignedAtomic
{
std::atomic<T> atomic{};
char padding[DOCTEST_MULTI_LANE_ATOMICS_CACHE_LINE_SIZE - sizeof(std::atomic<T>)];
};
CacheLineAlignedAtomic m_atomics[DOCTEST_MULTI_LANE_ATOMICS_THREAD_LANES];
static_assert(sizeof(CacheLineAlignedAtomic) == DOCTEST_MULTI_LANE_ATOMICS_CACHE_LINE_SIZE,
"guarantee one atomic takes exactly one cache line");
Reported by FlawFinder.
Line: 3222
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void String::copy(const String& other) {
using namespace std;
if(other.isOnStack()) {
memcpy(buf, other.buf, len);
} else {
setOnHeap();
data.size = other.data.size;
data.capacity = data.size + 1;
data.ptr = new char[data.capacity];
Reported by FlawFinder.
Line: 3228
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data.size = other.data.size;
data.capacity = data.size + 1;
data.ptr = new char[data.capacity];
memcpy(data.ptr, other.data.ptr, data.size + 1);
}
}
String::String() {
buf[0] = '\0';
Reported by FlawFinder.
Line: 3249
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
String::String(const char* in, unsigned in_size) {
using namespace std;
if(in_size <= last) {
memcpy(buf, in, in_size);
buf[in_size] = '\0';
setLast(last - in_size);
} else {
setOnHeap();
data.size = in_size;
Reported by FlawFinder.
Line: 3257
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
data.size = in_size;
data.capacity = data.size + 1;
data.ptr = new char[data.capacity];
memcpy(data.ptr, in, in_size);
data.ptr[in_size] = '\0';
}
}
String::String(const String& other) { copy(other); }
Reported by FlawFinder.
Line: 3283
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if(isOnStack()) {
if(total_size < len) {
// append to the current stack space
memcpy(buf + my_old_size, other.c_str(), other_size + 1);
// NOLINTNEXTLINE(clang-analyzer-cplusplus.NewDeleteLeaks)
setLast(last - total_size);
} else {
// alloc new chunk
char* temp = new char[total_size + 1];
Reported by FlawFinder.
third_party/amalgamate/amalgamate.py
28 issues
Line: 54
Column: 23
# Search included file_path in self.include_paths and
# in source_dir if specified.
def find_included_file(self, file_path, source_dir):
search_dirs = self.include_paths[:]
if source_dir:
search_dirs.insert(0, source_dir)
for search_dir in search_dirs:
search_path = os.path.join(search_dir, file_path)
Reported by Pylint.
Line: 85
Column: 49
if self.verbose:
print("Config:")
print(" target = {0}".format(self.target))
print(" working_dir = {0}".format(os.getcwd()))
print(" include_paths = {0}".format(self.include_paths))
print("Creating amalgamation:")
for file_path in self.sources:
# Do not check the include paths while processing the source
Reported by Pylint.
Line: 87
Column: 49
print("Config:")
print(" target = {0}".format(self.target))
print(" working_dir = {0}".format(os.getcwd()))
print(" include_paths = {0}".format(self.include_paths))
print("Creating amalgamation:")
for file_path in self.sources:
# Do not check the include paths while processing the source
# list, all given source paths must be correct.
# actual_path = self.actual_path(file_path)
Reported by Pylint.
Line: 89
Column: 26
print(" working_dir = {0}".format(os.getcwd()))
print(" include_paths = {0}".format(self.include_paths))
print("Creating amalgamation:")
for file_path in self.sources:
# Do not check the include paths while processing the source
# list, all given source paths must be correct.
# actual_path = self.actual_path(file_path)
print(" - processing \"{0}\"".format(file_path))
t = TranslationUnit(file_path, self, True)
Reported by Pylint.
Line: 97
Column: 19
t = TranslationUnit(file_path, self, True)
amalgamation += t.content
with open(self.target, 'w') as f:
f.write(amalgamation)
print("...done!\n")
if self.verbose:
print("Files processed: {0}".format(self.sources))
Reported by Pylint.
Line: 102
Column: 49
print("...done!\n")
if self.verbose:
print("Files processed: {0}".format(self.sources))
print("Files included: {0}".format(self.included_files))
print("")
def _is_within(match, matches):
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python
# coding=utf-8
# amalgamate.py - Amalgamate C source and header files.
# Copyright (c) 2012, Erik Edlund <erik.edlund@32767.se>
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
Reported by Pylint.
Line: 6
Column: 2
# amalgamate.py - Amalgamate C source and header files.
# Copyright (c) 2012, Erik Edlund <erik.edlund@32767.se>
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
Reported by Pylint.
Line: 9
Column: 2
#
# Redistribution and use in source and binary forms, with or without modification,
# are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
Reported by Pylint.
Line: 12
Column: 2
#
# * Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# * Neither the name of Erik Edlund, nor the names of its contributors may
Reported by Pylint.
test/src/unit-iterators2.cpp
16 issues
Line: 272
CWE codes:
664
{
if (j != k)
{
CHECK_THROWS_AS(j.begin() == k.begin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.cbegin() == k.cbegin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.begin() < k.begin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.cbegin() < k.cbegin(), json::invalid_iterator&);
#if JSON_DIAGNOSTICS
// the output differs in each loop, so we cannot fix a string for the expected exception
Reported by Cppcheck.
Line: 273
CWE codes:
664
if (j != k)
{
CHECK_THROWS_AS(j.begin() == k.begin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.cbegin() == k.cbegin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.begin() < k.begin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.cbegin() < k.cbegin(), json::invalid_iterator&);
#if JSON_DIAGNOSTICS
// the output differs in each loop, so we cannot fix a string for the expected exception
#else
Reported by Cppcheck.
Line: 274
CWE codes:
664
{
CHECK_THROWS_AS(j.begin() == k.begin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.cbegin() == k.cbegin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.begin() < k.begin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.cbegin() < k.cbegin(), json::invalid_iterator&);
#if JSON_DIAGNOSTICS
// the output differs in each loop, so we cannot fix a string for the expected exception
#else
CHECK_THROWS_WITH(j.begin() == k.begin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
Reported by Cppcheck.
Line: 275
CWE codes:
664
CHECK_THROWS_AS(j.begin() == k.begin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.cbegin() == k.cbegin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.begin() < k.begin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.cbegin() < k.cbegin(), json::invalid_iterator&);
#if JSON_DIAGNOSTICS
// the output differs in each loop, so we cannot fix a string for the expected exception
#else
CHECK_THROWS_WITH(j.begin() == k.begin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
CHECK_THROWS_WITH(j.cbegin() == k.cbegin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
Reported by Cppcheck.
Line: 279
CWE codes:
664
#if JSON_DIAGNOSTICS
// the output differs in each loop, so we cannot fix a string for the expected exception
#else
CHECK_THROWS_WITH(j.begin() == k.begin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
CHECK_THROWS_WITH(j.cbegin() == k.cbegin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
CHECK_THROWS_WITH(j.begin() < k.begin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
CHECK_THROWS_WITH(j.cbegin() < k.cbegin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
#endif
}
Reported by Cppcheck.
Line: 280
CWE codes:
664
// the output differs in each loop, so we cannot fix a string for the expected exception
#else
CHECK_THROWS_WITH(j.begin() == k.begin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
CHECK_THROWS_WITH(j.cbegin() == k.cbegin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
CHECK_THROWS_WITH(j.begin() < k.begin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
CHECK_THROWS_WITH(j.cbegin() < k.cbegin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
#endif
}
}
Reported by Cppcheck.
Line: 281
CWE codes:
664
#else
CHECK_THROWS_WITH(j.begin() == k.begin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
CHECK_THROWS_WITH(j.cbegin() == k.cbegin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
CHECK_THROWS_WITH(j.begin() < k.begin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
CHECK_THROWS_WITH(j.cbegin() < k.cbegin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
#endif
}
}
}
Reported by Cppcheck.
Line: 282
CWE codes:
664
CHECK_THROWS_WITH(j.begin() == k.begin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
CHECK_THROWS_WITH(j.cbegin() == k.cbegin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
CHECK_THROWS_WITH(j.begin() < k.begin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
CHECK_THROWS_WITH(j.cbegin() < k.cbegin(), "[json.exception.invalid_iterator.212] cannot compare iterators of different containers");
#endif
}
}
}
}
Reported by Cppcheck.
Line: 754
CWE codes:
664
{
if (j != k)
{
CHECK_THROWS_AS(j.rbegin() == k.rbegin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.crbegin() == k.crbegin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.rbegin() < k.rbegin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.crbegin() < k.crbegin(), json::invalid_iterator&);
#if JSON_DIAGNOSTICS
// the output differs in each loop, so we cannot fix a string for the expected exception
Reported by Cppcheck.
Line: 755
CWE codes:
664
if (j != k)
{
CHECK_THROWS_AS(j.rbegin() == k.rbegin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.crbegin() == k.crbegin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.rbegin() < k.rbegin(), json::invalid_iterator&);
CHECK_THROWS_AS(j.crbegin() < k.crbegin(), json::invalid_iterator&);
#if JSON_DIAGNOSTICS
// the output differs in each loop, so we cannot fix a string for the expected exception
#else
Reported by Cppcheck.
single_include/nlohmann/json.hpp
16 issues
Line: 1489
Column: 86
CWE codes:
134
Suggestion:
Use a constant for the format specification
JSON_HEDLEY_MCST_LCC_VERSION_CHECK(1,25,10)
#define JSON_HEDLEY_PRINTF_FORMAT(string_idx,first_to_check) __attribute__((__format__(__printf__, string_idx, first_to_check)))
#elif JSON_HEDLEY_PELLES_VERSION_CHECK(6,0,0)
#define JSON_HEDLEY_PRINTF_FORMAT(string_idx,first_to_check) __declspec(vaformat(printf,string_idx,first_to_check))
#else
#define JSON_HEDLEY_PRINTF_FORMAT(string_idx,first_to_check)
#endif
#if defined(JSON_HEDLEY_CONSTEXPR)
Reported by FlawFinder.
Line: 7962
Column: 23
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
// escape control characters
std::array<char, 9> cs{{}};
(std::snprintf)(cs.data(), cs.size(), "<U+%.4X>", static_cast<unsigned char>(c)); // NOLINT(cppcoreguidelines-pro-type-vararg,hicpp-vararg)
result += cs.data();
}
else
{
// add character as is
Reported by FlawFinder.
Line: 8593
Column: 23
CWE codes:
134
Suggestion:
Use a constant for the format specification
default: // anything else not supported (yet)
{
std::array<char, 3> cr{{}};
(std::snprintf)(cr.data(), cr.size(), "%.2hhX", static_cast<unsigned char>(element_type)); // NOLINT(cppcoreguidelines-pro-type-vararg,hicpp-vararg)
return sax->parse_error(element_type_parse_position, std::string(cr.data()), parse_error::create(114, element_type_parse_position, "Unsupported BSON record type 0x" + std::string(cr.data()), BasicJsonType()));
}
}
}
Reported by FlawFinder.
Line: 10737
Column: 15
CWE codes:
134
Suggestion:
Use a constant for the format specification
std::string get_token_string() const
{
std::array<char, 3> cr{{}};
(std::snprintf)(cr.data(), cr.size(), "%.2hhX", static_cast<unsigned char>(current)); // NOLINT(cppcoreguidelines-pro-type-vararg,hicpp-vararg)
return std::string{cr.data()};
}
/*!
@param[in] format the current format
Reported by FlawFinder.
Line: 16765
Column: 43
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (codepoint <= 0xFFFF)
{
// NOLINTNEXTLINE(cppcoreguidelines-pro-type-vararg,hicpp-vararg)
(std::snprintf)(string_buffer.data() + bytes, 7, "\\u%04x",
static_cast<std::uint16_t>(codepoint));
bytes += 6;
}
else
{
Reported by FlawFinder.
Line: 16772
Column: 43
CWE codes:
134
Suggestion:
Use a constant for the format specification
else
{
// NOLINTNEXTLINE(cppcoreguidelines-pro-type-vararg,hicpp-vararg)
(std::snprintf)(string_buffer.data() + bytes, 13, "\\u%04x\\u%04x",
static_cast<std::uint16_t>(0xD7C0u + (codepoint >> 10u)),
static_cast<std::uint16_t>(0xDC00u + (codepoint & 0x3FFu)));
bytes += 12;
}
}
Reported by FlawFinder.
Line: 16811
Column: 35
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
std::string sn(9, '\0');
// NOLINTNEXTLINE(cppcoreguidelines-pro-type-vararg,hicpp-vararg)
(std::snprintf)(&sn[0], sn.size(), "%.2X", byte);
JSON_THROW(type_error::create(316, "invalid UTF-8 byte at index " + std::to_string(i) + ": 0x" + sn, BasicJsonType()));
}
case error_handler_t::ignore:
case error_handler_t::replace:
Reported by FlawFinder.
Line: 16906
Column: 27
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
std::string sn(9, '\0');
// NOLINTNEXTLINE(cppcoreguidelines-pro-type-vararg,hicpp-vararg)
(std::snprintf)(&sn[0], sn.size(), "%.2X", static_cast<std::uint8_t>(s.back()));
JSON_THROW(type_error::create(316, "incomplete UTF-8 string; last byte: 0x" + sn, BasicJsonType()));
}
case error_handler_t::ignore:
{
Reported by FlawFinder.
Line: 17111
Column: 36
CWE codes:
134
Suggestion:
Use a constant for the format specification
// the actual conversion
// NOLINTNEXTLINE(cppcoreguidelines-pro-type-vararg,hicpp-vararg)
std::ptrdiff_t len = (std::snprintf)(number_buffer.data(), number_buffer.size(), "%.*g", d, x);
// negative value indicates an error
JSON_ASSERT(len > 0);
// check if buffer was large enough
JSON_ASSERT(static_cast<std::size_t>(len) < number_buffer.size());
Reported by FlawFinder.
Line: 1988
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
sizeof(*( \
1 ? \
((void*) ((expr) * 0L) ) : \
((struct { char v[sizeof(void) * 2]; } *) 1) \
) \
) \
)
# endif
#endif
Reported by FlawFinder.
test/thirdparty/Fuzzer/afl/afl_driver.cpp
12 issues
Line: 239
CWE codes:
775
"Failed to duplicate stderr to AFL_DRIVER_STDERR_DUPLICATE_FILENAME");
abort();
}
}
int main(int argc, char **argv) {
fprintf(stderr, "======================= INFO =========================\n"
"This binary is built for AFL-fuzz.\n"
"To run the target function on a single input execute this:\n"
Reported by Cppcheck.
Line: 80
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
// to the file as well, if the error occurs after the duplication is performed.
#define CHECK_ERROR(cond, error_message) \
if (!(cond)) { \
fprintf(stderr, (error_message)); \
abort(); \
}
// libFuzzer interface is thin, so we don't include any libFuzzer headers.
extern "C" {
Reported by FlawFinder.
Line: 148
Column: 23
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (peak_rss < previous_peak_rss)
peak_rss = previous_peak_rss;
int chars_printed = fprintf(extra_stats_file, kExtraStatsFormatString,
peak_rss, slowest_unit_time_secs);
CHECK_ERROR(chars_printed != 0, "Failed to write extra_stats_file");
CHECK_ERROR(fclose(extra_stats_file) == 0,
Reported by FlawFinder.
Line: 190
Column: 19
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
// If extra_stats_file already exists: read old stats from it.
if (extra_stats_file) {
int matches = fscanf(extra_stats_file, kExtraStatsFormatString,
&previous_peak_rss, &slowest_unit_time_secs);
// Make sure we have read a real extra stats file and that we have used it
// to set slowest_unit_time_secs and previous_peak_rss.
CHECK_ERROR(matches == kNumExtraStats, "Extra stats file is corrupt");
Reported by FlawFinder.
Line: 178
Column: 32
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
// and check that the file is writable.
static void maybe_initialize_extra_stats() {
// If AFL_DRIVER_EXTRA_STATS_FILENAME isn't set then we have nothing to do.
char *extra_stats_filename = getenv("AFL_DRIVER_EXTRA_STATS_FILENAME");
if (!extra_stats_filename)
return;
// Open the file and find the previous peak_rss_mb value.
// This is necessary because the fuzzing process is restarted after N
Reported by FlawFinder.
Line: 225
Column: 7
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
// If the user asks us to duplicate stderr, then do it.
static void maybe_duplicate_stderr() {
char* stderr_duplicate_filename =
getenv("AFL_DRIVER_STDERR_DUPLICATE_FILENAME");
if (!stderr_duplicate_filename)
return;
FILE* stderr_duplicate_stream =
Reported by FlawFinder.
Line: 186
Column: 22
CWE codes:
362
// This is necessary because the fuzzing process is restarted after N
// iterations are completed. So we may need to get this value from a previous
// process to be accurate.
extra_stats_file = fopen(extra_stats_filename, "r");
// If extra_stats_file already exists: read old stats from it.
if (extra_stats_file) {
int matches = fscanf(extra_stats_file, kExtraStatsFormatString,
&previous_peak_rss, &slowest_unit_time_secs);
Reported by FlawFinder.
Line: 200
Column: 24
CWE codes:
362
CHECK_ERROR(fclose(extra_stats_file) == 0, "Failed to close file");
// Now open the file for writing.
extra_stats_file = fopen(extra_stats_filename, "w");
CHECK_ERROR(extra_stats_file,
"Failed to open extra stats file for writing");
} else {
// Looks like this is the first time in a fuzzing job this is being called.
extra_stats_file = fopen(extra_stats_filename, "w+");
Reported by FlawFinder.
Line: 205
Column: 24
CWE codes:
362
"Failed to open extra stats file for writing");
} else {
// Looks like this is the first time in a fuzzing job this is being called.
extra_stats_file = fopen(extra_stats_filename, "w+");
CHECK_ERROR(extra_stats_file, "failed to create extra stats file");
}
// Make sure that crash_handler gets called on any kind of fatal error.
int crash_signals[] = {SIGSEGV, SIGBUS, SIGABRT, SIGILL, SIGFPE, SIGINT,
Reported by FlawFinder.
Line: 263
Column: 9
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
int N = 1000;
if (argc >= 2)
N = atoi(argv[1]);
assert(N > 0);
time_t unit_time_secs;
int num_runs = 0;
while (__afl_persistent_loop(N)) {
ssize_t n_read = read(0, AflInputBuf, kMaxAflInputSize);
Reported by FlawFinder.
third_party/gdb_pretty_printer/nlohmann-json.py
10 issues
Line: 1
Column: 1
import gdb
class JsonValuePrinter:
"Print a json-value"
def __init__(self, val):
self.val = val
def to_string(self):
Reported by Pylint.
Line: 25
Column: 13
return gdb.default_visualizer(union_val.dereference())
else:
return JsonValuePrinter(union_val)
except:
return JsonValuePrinter(val['m_type'])
gdb.pretty_printers.append(json_lookup_function)
Reported by Pylint.
Line: 1
Column: 1
import gdb
class JsonValuePrinter:
"Print a json-value"
def __init__(self, val):
self.val = val
def to_string(self):
Reported by Pylint.
Line: 1
Column: 1
import gdb
class JsonValuePrinter:
"Print a json-value"
def __init__(self, val):
self.val = val
def to_string(self):
Reported by Pylint.
Line: 3
Column: 1
import gdb
class JsonValuePrinter:
"Print a json-value"
def __init__(self, val):
self.val = val
def to_string(self):
Reported by Pylint.
Line: 9
Column: 5
def __init__(self, val):
self.val = val
def to_string(self):
if self.val.type.strip_typedefs().code == gdb.TYPE_CODE_FLT:
return ("%.6f" % float(self.val)).rstrip("0")
return self.val
def json_lookup_function(val):
Reported by Pylint.
Line: 14
Column: 1
return ("%.6f" % float(self.val)).rstrip("0")
return self.val
def json_lookup_function(val):
name = val.type.strip_typedefs().name
if name and name.startswith("nlohmann::basic_json<") and name.endswith(">"):
t = str(val['m_type'])
if t.startswith("nlohmann::detail::value_t::"):
try:
Reported by Pylint.
Line: 14
Column: 1
return ("%.6f" % float(self.val)).rstrip("0")
return self.val
def json_lookup_function(val):
name = val.type.strip_typedefs().name
if name and name.startswith("nlohmann::basic_json<") and name.endswith(">"):
t = str(val['m_type'])
if t.startswith("nlohmann::detail::value_t::"):
try:
Reported by Pylint.
Line: 17
Column: 9
def json_lookup_function(val):
name = val.type.strip_typedefs().name
if name and name.startswith("nlohmann::basic_json<") and name.endswith(">"):
t = str(val['m_type'])
if t.startswith("nlohmann::detail::value_t::"):
try:
union_val = val['m_value'][t[27:]]
if union_val.type.code == gdb.TYPE_CODE_PTR:
return gdb.default_visualizer(union_val.dereference())
Reported by Pylint.
Line: 21
Column: 17
if t.startswith("nlohmann::detail::value_t::"):
try:
union_val = val['m_value'][t[27:]]
if union_val.type.code == gdb.TYPE_CODE_PTR:
return gdb.default_visualizer(union_val.dereference())
else:
return JsonValuePrinter(union_val)
except:
return JsonValuePrinter(val['m_type'])
Reported by Pylint.
test/thirdparty/Fuzzer/FuzzerLoop.cpp
8 issues
Line: 468
CWE codes:
908
// Test the callback with empty input and never try it again.
uint8_t dummy;
ExecuteCallback(&dummy, 0);
for (const auto &U : *InitialCorpus) {
if (size_t NumFeatures = RunOne(U)) {
CheckExitOnSrcPosOrItem();
Corpus.AddToCorpus(U, NumFeatures);
Reported by Cppcheck.
Line: 532
CWE codes:
908
// We copy the contents of Unit into a separate heap buffer
// so that we reliably find buffer overflows in it.
uint8_t *DataCopy = new uint8_t[Size];
memcpy(DataCopy, Data, Size);
if (CurrentUnitData && CurrentUnitData != Data)
memcpy(CurrentUnitData, Data, Size);
CurrentUnitSize = Size;
AllocTracer.Start(Options.TraceMalloc);
UnitStartTime = system_clock::now();
Reported by Cppcheck.
Line: 532
CWE codes:
908
// We copy the contents of Unit into a separate heap buffer
// so that we reliably find buffer overflows in it.
uint8_t *DataCopy = new uint8_t[Size];
memcpy(DataCopy, Data, Size);
if (CurrentUnitData && CurrentUnitData != Data)
memcpy(CurrentUnitData, Data, Size);
CurrentUnitSize = Size;
AllocTracer.Start(Options.TraceMalloc);
UnitStartTime = system_clock::now();
Reported by Cppcheck.
Line: 532
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// We copy the contents of Unit into a separate heap buffer
// so that we reliably find buffer overflows in it.
uint8_t *DataCopy = new uint8_t[Size];
memcpy(DataCopy, Data, Size);
if (CurrentUnitData && CurrentUnitData != Data)
memcpy(CurrentUnitData, Data, Size);
CurrentUnitSize = Size;
AllocTracer.Start(Options.TraceMalloc);
UnitStartTime = system_clock::now();
Reported by FlawFinder.
Line: 534
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t *DataCopy = new uint8_t[Size];
memcpy(DataCopy, Data, Size);
if (CurrentUnitData && CurrentUnitData != Data)
memcpy(CurrentUnitData, Data, Size);
CurrentUnitSize = Size;
AllocTracer.Start(Options.TraceMalloc);
UnitStartTime = system_clock::now();
ResetCounters(); // Reset coverage right before the callback.
TPC.ResetMaps();
Reported by FlawFinder.
Line: 622
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
Tmp.push_back(U);
}
char Stat[7] = "MIN ";
Stat[3] = '0' + Iter;
PrintStats(Stat, "\n", Tmp.size());
size_t NewSize = Tmp.size();
assert(NewSize <= OldSize);
Reported by FlawFinder.
Line: 714
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
assert(CurrentUnitData);
size_t Size = U.size();
assert(Size <= MaxInputLen && "Oversized Unit");
memcpy(CurrentUnitData, U.data(), Size);
assert(MaxMutationLen > 0);
for (int i = 0; i < Options.MutateDepth; i++) {
if (TotalNumberOfRuns >= Options.MaxNumberOfRuns)
Reported by FlawFinder.
Line: 773
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (U.size() <= 2) return;
while (!TimedOut() && TotalNumberOfRuns < Options.MaxNumberOfRuns) {
MD.StartMutationSequence();
memcpy(CurrentUnitData, U.data(), U.size());
for (int i = 0; i < Options.MutateDepth; i++) {
size_t NewSize = MD.Mutate(CurrentUnitData, U.size(), MaxMutationLen);
assert(NewSize > 0 && NewSize <= MaxMutationLen);
RunOne(CurrentUnitData, NewSize);
TryDetectingAMemoryLeak(CurrentUnitData, NewSize,
Reported by FlawFinder.
test/src/unit-algorithms.cpp
6 issues
Line: 131
Column: 29
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
SECTION("std::mismatch")
{
json j_array2 = {13, 29, 3, {{"one", 1}, {"two", 2}, {"three", 3}}, true, false, {1, 2, 3}, "foo", "baz"};
auto res = std::mismatch(j_array.begin(), j_array.end(), j_array2.begin());
CHECK(*res.first == json({{"one", 1}, {"two", 2}}));
CHECK(*res.second == json({{"one", 1}, {"two", 2}, {"three", 3}}));
}
SECTION("std::equal")
Reported by FlawFinder.
Line: 140
Column: 28
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
{
SECTION("using operator==")
{
CHECK(std::equal(j_array.begin(), j_array.end(), j_array.begin()));
CHECK(std::equal(j_object.begin(), j_object.end(), j_object.begin()));
CHECK(!std::equal(j_array.begin(), j_array.end(), j_object.begin()));
}
SECTION("using user-defined comparison")
Reported by FlawFinder.
Line: 141
Column: 28
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
SECTION("using operator==")
{
CHECK(std::equal(j_array.begin(), j_array.end(), j_array.begin()));
CHECK(std::equal(j_object.begin(), j_object.end(), j_object.begin()));
CHECK(!std::equal(j_array.begin(), j_array.end(), j_object.begin()));
}
SECTION("using user-defined comparison")
{
Reported by FlawFinder.
Line: 142
Column: 29
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
{
CHECK(std::equal(j_array.begin(), j_array.end(), j_array.begin()));
CHECK(std::equal(j_object.begin(), j_object.end(), j_object.begin()));
CHECK(!std::equal(j_array.begin(), j_array.end(), j_object.begin()));
}
SECTION("using user-defined comparison")
{
// compare objects only by size of its elements
Reported by FlawFinder.
Line: 149
Column: 29
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
{
// compare objects only by size of its elements
json j_array2 = {13, 29, 3, {"Hello", "World"}, true, false, {{"one", 1}, {"two", 2}, {"three", 3}}, "foo", "baz"};
CHECK(!std::equal(j_array.begin(), j_array.end(), j_array2.begin()));
CHECK(std::equal(j_array.begin(), j_array.end(), j_array2.begin(),
[](const json & a, const json & b)
{
return (a.size() == b.size());
}));
Reported by FlawFinder.
Line: 150
Column: 28
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
// compare objects only by size of its elements
json j_array2 = {13, 29, 3, {"Hello", "World"}, true, false, {{"one", 1}, {"two", 2}, {"three", 3}}, "foo", "baz"};
CHECK(!std::equal(j_array.begin(), j_array.end(), j_array2.begin()));
CHECK(std::equal(j_array.begin(), j_array.end(), j_array2.begin(),
[](const json & a, const json & b)
{
return (a.size() == b.size());
}));
}
Reported by FlawFinder.