The following issues were found
benchmarks/java/src/main/java/com/google/protobuf/ProtoCaliperBenchmark.java
75 issues
Line: 9
import com.google.caliper.Benchmark;
import com.google.caliper.Param;
import com.google.caliper.api.VmOptions;
import com.google.protobuf.ByteString;
import com.google.protobuf.CodedOutputStream;
import com.google.protobuf.ExtensionRegistry;
import com.google.protobuf.Message;
import com.google.protobuf.benchmarks.Benchmarks.BenchmarkDataset;
import java.io.ByteArrayInputStream;
Reported by PMD.
Line: 10
import com.google.caliper.Param;
import com.google.caliper.api.VmOptions;
import com.google.protobuf.ByteString;
import com.google.protobuf.CodedOutputStream;
import com.google.protobuf.ExtensionRegistry;
import com.google.protobuf.Message;
import com.google.protobuf.benchmarks.Benchmarks.BenchmarkDataset;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
Reported by PMD.
Line: 11
import com.google.caliper.api.VmOptions;
import com.google.protobuf.ByteString;
import com.google.protobuf.CodedOutputStream;
import com.google.protobuf.ExtensionRegistry;
import com.google.protobuf.Message;
import com.google.protobuf.benchmarks.Benchmarks.BenchmarkDataset;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.BufferedWriter;
Reported by PMD.
Line: 12
import com.google.protobuf.ByteString;
import com.google.protobuf.CodedOutputStream;
import com.google.protobuf.ExtensionRegistry;
import com.google.protobuf.Message;
import com.google.protobuf.benchmarks.Benchmarks.BenchmarkDataset;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.BufferedWriter;
import java.io.File;
Reported by PMD.
Line: 38
@Override ExtensionRegistry getExtensionRegistry() { return ExtensionRegistry.newInstance(); }
@Override
Message getDefaultInstance() {
return com.google.protobuf.benchmarks.BenchmarkMessage1Proto3.GoogleMessage1
.getDefaultInstance();
}
},
GOOGLE_MESSAGE1_PROTO2 {
@Override ExtensionRegistry getExtensionRegistry() { return ExtensionRegistry.newInstance(); }
Reported by PMD.
Line: 46
@Override ExtensionRegistry getExtensionRegistry() { return ExtensionRegistry.newInstance(); }
@Override
Message getDefaultInstance() {
return com.google.protobuf.benchmarks.BenchmarkMessage1Proto2.GoogleMessage1
.getDefaultInstance();
}
},
GOOGLE_MESSAGE2 {
@Override ExtensionRegistry getExtensionRegistry() { return ExtensionRegistry.newInstance(); }
Reported by PMD.
Line: 54
@Override ExtensionRegistry getExtensionRegistry() { return ExtensionRegistry.newInstance(); }
@Override
Message getDefaultInstance() {
return com.google.protobuf.benchmarks.BenchmarkMessage2.GoogleMessage2.getDefaultInstance();
}
},
GOOGLE_MESSAGE3 {
@Override
ExtensionRegistry getExtensionRegistry() {
Reported by PMD.
Line: 61
@Override
ExtensionRegistry getExtensionRegistry() {
ExtensionRegistry extensions = ExtensionRegistry.newInstance();
com.google.protobuf.benchmarks.BenchmarkMessage38.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage37.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage36.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage35.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage34.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage33.registerAllExtensions(extensions);
Reported by PMD.
Line: 62
ExtensionRegistry getExtensionRegistry() {
ExtensionRegistry extensions = ExtensionRegistry.newInstance();
com.google.protobuf.benchmarks.BenchmarkMessage38.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage37.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage36.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage35.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage34.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage33.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage32.registerAllExtensions(extensions);
Reported by PMD.
Line: 63
ExtensionRegistry extensions = ExtensionRegistry.newInstance();
com.google.protobuf.benchmarks.BenchmarkMessage38.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage37.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage36.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage35.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage34.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage33.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage32.registerAllExtensions(extensions);
com.google.protobuf.benchmarks.BenchmarkMessage31.registerAllExtensions(extensions);
Reported by PMD.
conformance/ConformanceJavaLite.java
74 issues
Line: 155
exceptions.add(null);
}
if (messages.isEmpty()) {
throw new RuntimeException("binary decoder types missing");
}
BinaryDecoder<T> decoder = new BinaryDecoder<>();
boolean hasMessage = false;
Reported by PMD.
Line: 183
sb.append(" rejected the payload.\n");
}
}
throw new RuntimeException(sb.toString());
}
if (hasException) {
// We do not check if exceptions are equal. Different implementations may return different
// exception messages. Throw an arbitrary one out instead.
Reported by PMD.
Line: 223
}
}
}
throw new RuntimeException(sb.toString());
}
return messages.get(0);
}
Reported by PMD.
Line: 264
.build();
}
} else {
throw new RuntimeException("Protobuf request doesn't have specific payload type.");
}
break;
}
case JSON_PAYLOAD:
{
Reported by PMD.
Line: 282
}
case PAYLOAD_NOT_SET:
{
throw new RuntimeException("Request didn't have payload.");
}
default:
{
throw new RuntimeException("Unexpected payload case.");
}
Reported by PMD.
Line: 286
}
default:
{
throw new RuntimeException("Unexpected payload case.");
}
}
switch (request.getRequestedOutputFormat()) {
case UNSPECIFIED:
Reported by PMD.
Line: 292
switch (request.getRequestedOutputFormat()) {
case UNSPECIFIED:
throw new RuntimeException("Unspecified output format.");
case PROTOBUF:
return Conformance.ConformanceResponse.newBuilder()
.setProtobufPayload(testMessage.toByteString())
.build();
Reported by PMD.
Line: 310
.build();
default:
{
throw new RuntimeException("Unexpected request output.");
}
}
}
private boolean doTestIo() throws Exception {
Reported by PMD.
Line: 325
byte[] serializedInput = new byte[bytes];
if (!readFromStdin(serializedInput, bytes)) {
throw new RuntimeException("Unexpected EOF from test program.");
}
Conformance.ConformanceRequest request =
Conformance.ConformanceRequest.parseFrom(serializedInput);
Conformance.ConformanceResponse response = doTest(request);
Reported by PMD.
Line: 48
class ConformanceJavaLite {
private int testCount = 0;
private boolean readFromStdin(byte[] buf, int len) throws Exception {
int ofs = 0;
while (len > 0) {
int read = System.in.read(buf, ofs, len);
if (read == -1) {
return false; // EOF
Reported by PMD.
ruby/src/main/java/com/google/protobuf/jruby/Utils.java
74 issues
Line: 69
}
public static IRubyObject checkType(ThreadContext context, FieldDescriptor.Type fieldType,
String fieldName, IRubyObject value, RubyModule typeClass) {
Ruby runtime = context.runtime;
switch(fieldType) {
case INT32:
case INT64:
Reported by PMD.
Line: 69
}
public static IRubyObject checkType(ThreadContext context, FieldDescriptor.Type fieldType,
String fieldName, IRubyObject value, RubyModule typeClass) {
Ruby runtime = context.runtime;
switch(fieldType) {
case INT32:
case INT64:
Reported by PMD.
Line: 356
}
}
private static IRubyObject validateAndEncodeString(ThreadContext context, String fieldType, String fieldName, IRubyObject value, String encoding) {
if (!(value instanceof RubyString))
throw createInvalidTypeError(context, fieldType, fieldName, value);
value = ((RubyString) value).encode(context, context.runtime.evalScriptlet(encoding));
value.setFrozen(true);
Reported by PMD.
Line: 50
import java.math.BigInteger;
public class Utils {
public static FieldDescriptor.Type rubyToFieldType(IRubyObject typeClass) {
return FieldDescriptor.Type.valueOf(typeClass.asJavaString().toUpperCase());
}
public static IRubyObject fieldTypeToRuby(ThreadContext context, FieldDescriptor.Type type) {
Reported by PMD.
Line: 50
import java.math.BigInteger;
public class Utils {
public static FieldDescriptor.Type rubyToFieldType(IRubyObject typeClass) {
return FieldDescriptor.Type.valueOf(typeClass.asJavaString().toUpperCase());
}
public static IRubyObject fieldTypeToRuby(ThreadContext context, FieldDescriptor.Type type) {
Reported by PMD.
Line: 50
import java.math.BigInteger;
public class Utils {
public static FieldDescriptor.Type rubyToFieldType(IRubyObject typeClass) {
return FieldDescriptor.Type.valueOf(typeClass.asJavaString().toUpperCase());
}
public static IRubyObject fieldTypeToRuby(ThreadContext context, FieldDescriptor.Type type) {
Reported by PMD.
Line: 50
import java.math.BigInteger;
public class Utils {
public static FieldDescriptor.Type rubyToFieldType(IRubyObject typeClass) {
return FieldDescriptor.Type.valueOf(typeClass.asJavaString().toUpperCase());
}
public static IRubyObject fieldTypeToRuby(ThreadContext context, FieldDescriptor.Type type) {
Reported by PMD.
Line: 50
import java.math.BigInteger;
public class Utils {
public static FieldDescriptor.Type rubyToFieldType(IRubyObject typeClass) {
return FieldDescriptor.Type.valueOf(typeClass.asJavaString().toUpperCase());
}
public static IRubyObject fieldTypeToRuby(ThreadContext context, FieldDescriptor.Type type) {
Reported by PMD.
Line: 50
import java.math.BigInteger;
public class Utils {
public static FieldDescriptor.Type rubyToFieldType(IRubyObject typeClass) {
return FieldDescriptor.Type.valueOf(typeClass.asJavaString().toUpperCase());
}
public static IRubyObject fieldTypeToRuby(ThreadContext context, FieldDescriptor.Type type) {
Reported by PMD.
Line: 52
public class Utils {
public static FieldDescriptor.Type rubyToFieldType(IRubyObject typeClass) {
return FieldDescriptor.Type.valueOf(typeClass.asJavaString().toUpperCase());
}
public static IRubyObject fieldTypeToRuby(ThreadContext context, FieldDescriptor.Type type) {
return fieldTypeToRuby(context, type.name());
}
Reported by PMD.
java/core/src/main/java/com/google/protobuf/FieldSet.java
74 issues
Line: 891
}
}
throw new RuntimeException("There is no way to get here, but the compiler thinks otherwise.");
}
/** Compute the number of bytes needed to encode a particular field. */
public static int computeFieldSize(final FieldDescriptorLite<?> descriptor, final Object value) {
WireFormat.FieldType type = descriptor.getLiteType();
Reported by PMD.
Line: 276
* Useful for implementing {@link Message.Builder#setField(Descriptors.FieldDescriptor,Object)}.
*/
@SuppressWarnings({"unchecked", "rawtypes"})
public void setField(final T descriptor, Object value) {
if (descriptor.isRepeated()) {
if (!(value instanceof List)) {
throw new IllegalArgumentException(
"Wrong object type used with protocol message reflection.");
}
Reported by PMD.
Line: 1074
* Object)}.
*/
@SuppressWarnings({"unchecked", "rawtypes"})
public void setField(final T descriptor, Object value) {
ensureIsMutable();
if (descriptor.isRepeated()) {
if (!(value instanceof List)) {
throw new IllegalArgumentException(
"Wrong object type used with protocol message reflection.");
Reported by PMD.
Line: 31
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.google.protobuf;
import static com.google.protobuf.Internal.checkNotNull;
import com.google.protobuf.LazyField.LazyIterator;
import java.io.IOException;
Reported by PMD.
Line: 51
*
* @author kenton@google.com Kenton Varda
*/
final class FieldSet<T extends FieldSet.FieldDescriptorLite<T>> {
/**
* Interface for a FieldDescriptor or lite extension descriptor. This prevents FieldSet from
* depending on {@link Descriptors.FieldDescriptor}.
*/
public interface FieldDescriptorLite<T extends FieldDescriptorLite<T>> extends Comparable<T> {
Reported by PMD.
Line: 51
*
* @author kenton@google.com Kenton Varda
*/
final class FieldSet<T extends FieldSet.FieldDescriptorLite<T>> {
/**
* Interface for a FieldDescriptor or lite extension descriptor. This prevents FieldSet from
* depending on {@link Descriptors.FieldDescriptor}.
*/
public interface FieldDescriptorLite<T extends FieldDescriptorLite<T>> extends Comparable<T> {
Reported by PMD.
Line: 51
*
* @author kenton@google.com Kenton Varda
*/
final class FieldSet<T extends FieldSet.FieldDescriptorLite<T>> {
/**
* Interface for a FieldDescriptor or lite extension descriptor. This prevents FieldSet from
* depending on {@link Descriptors.FieldDescriptor}.
*/
public interface FieldDescriptorLite<T extends FieldDescriptorLite<T>> extends Comparable<T> {
Reported by PMD.
Line: 51
*
* @author kenton@google.com Kenton Varda
*/
final class FieldSet<T extends FieldSet.FieldDescriptorLite<T>> {
/**
* Interface for a FieldDescriptor or lite extension descriptor. This prevents FieldSet from
* depending on {@link Descriptors.FieldDescriptor}.
*/
public interface FieldDescriptorLite<T extends FieldDescriptorLite<T>> extends Comparable<T> {
Reported by PMD.
Line: 51
*
* @author kenton@google.com Kenton Varda
*/
final class FieldSet<T extends FieldSet.FieldDescriptorLite<T>> {
/**
* Interface for a FieldDescriptor or lite extension descriptor. This prevents FieldSet from
* depending on {@link Descriptors.FieldDescriptor}.
*/
public interface FieldDescriptorLite<T extends FieldDescriptorLite<T>> extends Comparable<T> {
Reported by PMD.
Line: 76
private static final int DEFAULT_FIELD_MAP_ARRAY_SIZE = 16;
private final SmallSortedMap<T, Object> fields;
private boolean isImmutable;
private boolean hasLazyField;
/** Construct a new FieldSet. */
private FieldSet() {
Reported by PMD.
java/core/src/test/java/com/google/protobuf/ServiceTest.java
73 issues
Line: 60
/** Tests services and stubs. */
@RunWith(JUnit4.class)
public class ServiceTest {
private IMocksControl control;
private RpcController mockController;
private final Descriptors.MethodDescriptor fooDescriptor =
TestService.getDescriptor().getMethods().get(0);
private final Descriptors.MethodDescriptor barDescriptor =
Reported by PMD.
Line: 61
@RunWith(JUnit4.class)
public class ServiceTest {
private IMocksControl control;
private RpcController mockController;
private final Descriptors.MethodDescriptor fooDescriptor =
TestService.getDescriptor().getMethods().get(0);
private final Descriptors.MethodDescriptor barDescriptor =
TestService.getDescriptor().getMethods().get(1);
Reported by PMD.
Line: 63
private IMocksControl control;
private RpcController mockController;
private final Descriptors.MethodDescriptor fooDescriptor =
TestService.getDescriptor().getMethods().get(0);
private final Descriptors.MethodDescriptor barDescriptor =
TestService.getDescriptor().getMethods().get(1);
@Before
Reported by PMD.
Line: 65
private final Descriptors.MethodDescriptor fooDescriptor =
TestService.getDescriptor().getMethods().get(0);
private final Descriptors.MethodDescriptor barDescriptor =
TestService.getDescriptor().getMethods().get(1);
@Before
public void setUp() throws Exception {
control = EasyMock.createStrictControl();
Reported by PMD.
Line: 78
/** Tests Service.callMethod(). */
@Test
public void testCallMethod() throws Exception {
FooRequest fooRequest = FooRequest.newBuilder().build();
BarRequest barRequest = BarRequest.newBuilder().build();
MockCallback<Message> fooCallback = new MockCallback<Message>();
MockCallback<Message> barCallback = new MockCallback<Message>();
TestService mockService = control.createMock(TestService.class);
Reported by PMD.
Line: 85
MockCallback<Message> barCallback = new MockCallback<Message>();
TestService mockService = control.createMock(TestService.class);
mockService.foo(
EasyMock.same(mockController),
EasyMock.same(fooRequest),
this.<FooResponse>wrapsCallback(fooCallback));
mockService.bar(
EasyMock.same(mockController),
Reported by PMD.
Line: 89
EasyMock.same(mockController),
EasyMock.same(fooRequest),
this.<FooResponse>wrapsCallback(fooCallback));
mockService.bar(
EasyMock.same(mockController),
EasyMock.same(barRequest),
this.<BarResponse>wrapsCallback(barCallback));
control.replay();
Reported by PMD.
Line: 95
this.<BarResponse>wrapsCallback(barCallback));
control.replay();
mockService.callMethod(
fooDescriptor, mockController,
fooRequest, fooCallback);
mockService.callMethod(
barDescriptor, mockController,
barRequest, barCallback);
Reported by PMD.
Line: 98
mockService.callMethod(
fooDescriptor, mockController,
fooRequest, fooCallback);
mockService.callMethod(
barDescriptor, mockController,
barRequest, barCallback);
control.verify();
}
Reported by PMD.
Line: 106
/** Tests Service.get{Request,Response}Prototype(). */
@Test
public void testGetPrototype() throws Exception {
TestService mockService = control.createMock(TestService.class);
assertThat(mockService.getRequestPrototype(fooDescriptor))
.isSameInstanceAs(FooRequest.getDefaultInstance());
assertThat(mockService.getResponsePrototype(fooDescriptor))
Reported by PMD.
php/ext/google/protobuf/php-upb.c
70 issues
Line: 112
Column: 62
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define UPB_FORCEINLINE __inline__ __attribute__((always_inline))
#define UPB_NOINLINE __attribute__((noinline))
#define UPB_NORETURN __attribute__((__noreturn__))
#define UPB_PRINTF(str, first_vararg) __attribute__((format (printf, str, first_vararg)))
#elif defined(_MSC_VER)
#define UPB_NOINLINE
#define UPB_FORCEINLINE
#define UPB_NORETURN __declspec(noreturn)
#define UPB_PRINTF(str, first_vararg)
Reported by FlawFinder.
Line: 2703
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
void upb_status_vseterrf(upb_status *status, const char *fmt, va_list args) {
if (!status) return;
status->ok = false;
vsnprintf(status->msg, sizeof(status->msg), fmt, args);
status->msg[UPB_STATUS_MAX_MESSAGE - 1] = '\0';
}
void upb_status_vappenderrf(upb_status *status, const char *fmt, va_list args) {
size_t len;
Reported by FlawFinder.
Line: 2712
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!status) return;
status->ok = false;
len = strlen(status->msg);
vsnprintf(status->msg + len, sizeof(status->msg) - len, fmt, args);
status->msg[UPB_STATUS_MAX_MESSAGE - 1] = '\0';
}
/* upb_alloc ******************************************************************/
Reported by FlawFinder.
Line: 6050
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* ret = prefix + '.' + name; */
size_t n = strlen(prefix);
char *ret = symtab_alloc(ctx, n + name.size + 2);
strcpy(ret, prefix);
ret[n] = '.';
memcpy(&ret[n + 1], name.data, name.size);
ret[n + 1 + name.size] = '\0';
return ret;
} else {
Reported by FlawFinder.
Line: 8880
Column: 7
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list args;
va_start(args, fmt);
n = vsnprintf(e->ptr, have, fmt, args);
va_end(args);
if (UPB_LIKELY(have > n)) {
e->ptr += n;
} else {
Reported by FlawFinder.
Line: 584
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
char *data = upb_arena_malloc(&d->arena, size);
if (!data) decode_err(d);
memcpy(data, ptr, size);
str->data = data;
}
str->size = size;
return ptr + size;
}
Reported by FlawFinder.
Line: 657
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Append scalar value. */
mem = UPB_PTR_AT(_upb_array_ptr(arr), arr->len << op, void);
arr->len++;
memcpy(mem, val, 1 << op);
return ptr;
case OP_STRING:
decode_verifyutf8(d, ptr, val->size);
/* Fallthrough. */
case OP_BYTES: {
Reported by FlawFinder.
Line: 692
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
decode_reserve(d, arr, count);
mem = UPB_PTR_AT(_upb_array_ptr(arr), arr->len << lg2, void);
arr->len += count;
memcpy(mem, ptr, val->size); /* XXX: ptr boundary. */
return ptr + val->size;
}
case OP_VARPCK_LG2(0):
case OP_VARPCK_LG2(2):
case OP_VARPCK_LG2(3): {
Reported by FlawFinder.
Line: 711
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
out = UPB_PTR_AT(_upb_array_ptr(arr), arr->len << lg2, void);
}
arr->len++;
memcpy(out, &elem, scale);
out += scale;
}
decode_poplimit(d, ptr, saved_limit);
return ptr;
}
Reported by FlawFinder.
Line: 797
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case OP_BYTES:
return decode_readstr(d, ptr, val->size, mem);
case OP_SCALAR_LG2(3):
memcpy(mem, val, 8);
break;
case OP_SCALAR_LG2(2):
memcpy(mem, val, 4);
break;
case OP_SCALAR_LG2(0):
Reported by FlawFinder.
ruby/ext/google/protobuf_c/ruby-upb.c
69 issues
Line: 112
Column: 62
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define UPB_FORCEINLINE __inline__ __attribute__((always_inline))
#define UPB_NOINLINE __attribute__((noinline))
#define UPB_NORETURN __attribute__((__noreturn__))
#define UPB_PRINTF(str, first_vararg) __attribute__((format (printf, str, first_vararg)))
#elif defined(_MSC_VER)
#define UPB_NOINLINE
#define UPB_FORCEINLINE
#define UPB_NORETURN __declspec(noreturn)
#define UPB_PRINTF(str, first_vararg)
Reported by FlawFinder.
Line: 2703
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
void upb_status_vseterrf(upb_status *status, const char *fmt, va_list args) {
if (!status) return;
status->ok = false;
vsnprintf(status->msg, sizeof(status->msg), fmt, args);
status->msg[UPB_STATUS_MAX_MESSAGE - 1] = '\0';
}
void upb_status_vappenderrf(upb_status *status, const char *fmt, va_list args) {
size_t len;
Reported by FlawFinder.
Line: 2712
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!status) return;
status->ok = false;
len = strlen(status->msg);
vsnprintf(status->msg + len, sizeof(status->msg) - len, fmt, args);
status->msg[UPB_STATUS_MAX_MESSAGE - 1] = '\0';
}
/* upb_alloc ******************************************************************/
Reported by FlawFinder.
Line: 5665
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* ret = prefix + '.' + name; */
size_t n = strlen(prefix);
char *ret = symtab_alloc(ctx, n + name.size + 2);
strcpy(ret, prefix);
ret[n] = '.';
memcpy(&ret[n + 1], name.data, name.size);
ret[n + 1 + name.size] = '\0';
return ret;
} else {
Reported by FlawFinder.
Line: 8495
Column: 7
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list args;
va_start(args, fmt);
n = vsnprintf(e->ptr, have, fmt, args);
va_end(args);
if (UPB_LIKELY(have > n)) {
e->ptr += n;
} else {
Reported by FlawFinder.
Line: 584
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
char *data = upb_arena_malloc(&d->arena, size);
if (!data) decode_err(d);
memcpy(data, ptr, size);
str->data = data;
}
str->size = size;
return ptr + size;
}
Reported by FlawFinder.
Line: 657
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Append scalar value. */
mem = UPB_PTR_AT(_upb_array_ptr(arr), arr->len << op, void);
arr->len++;
memcpy(mem, val, 1 << op);
return ptr;
case OP_STRING:
decode_verifyutf8(d, ptr, val->size);
/* Fallthrough. */
case OP_BYTES: {
Reported by FlawFinder.
Line: 692
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
decode_reserve(d, arr, count);
mem = UPB_PTR_AT(_upb_array_ptr(arr), arr->len << lg2, void);
arr->len += count;
memcpy(mem, ptr, val->size); /* XXX: ptr boundary. */
return ptr + val->size;
}
case OP_VARPCK_LG2(0):
case OP_VARPCK_LG2(2):
case OP_VARPCK_LG2(3): {
Reported by FlawFinder.
Line: 711
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
out = UPB_PTR_AT(_upb_array_ptr(arr), arr->len << lg2, void);
}
arr->len++;
memcpy(out, &elem, scale);
out += scale;
}
decode_poplimit(d, ptr, saved_limit);
return ptr;
}
Reported by FlawFinder.
Line: 797
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case OP_BYTES:
return decode_readstr(d, ptr, val->size, mem);
case OP_SCALAR_LG2(3):
memcpy(mem, val, 8);
break;
case OP_SCALAR_LG2(2):
memcpy(mem, val, 4);
break;
case OP_SCALAR_LG2(0):
Reported by FlawFinder.
java/core/src/test/java/com/google/protobuf/UnmodifiableLazyStringListTest.java
69 issues
Line: 56
private static final ByteString BYTE_STRING_C = ByteString.copyFromUtf8("C");
@Test
public void testReadOnlyMethods() {
LazyStringArrayList rawList = createSampleList();
UnmodifiableLazyStringList list = new UnmodifiableLazyStringList(rawList);
assertThat(list).hasSize(3);
assertThat(list.get(0)).isSameInstanceAs(STRING_A);
assertThat(list.get(1)).isSameInstanceAs(STRING_B);
Reported by PMD.
Line: 59
public void testReadOnlyMethods() {
LazyStringArrayList rawList = createSampleList();
UnmodifiableLazyStringList list = new UnmodifiableLazyStringList(rawList);
assertThat(list).hasSize(3);
assertThat(list.get(0)).isSameInstanceAs(STRING_A);
assertThat(list.get(1)).isSameInstanceAs(STRING_B);
assertThat(list.get(2)).isSameInstanceAs(STRING_C);
assertThat(list.getByteString(0)).isEqualTo(BYTE_STRING_A);
assertThat(list.getByteString(1)).isEqualTo(BYTE_STRING_B);
Reported by PMD.
Line: 60
LazyStringArrayList rawList = createSampleList();
UnmodifiableLazyStringList list = new UnmodifiableLazyStringList(rawList);
assertThat(list).hasSize(3);
assertThat(list.get(0)).isSameInstanceAs(STRING_A);
assertThat(list.get(1)).isSameInstanceAs(STRING_B);
assertThat(list.get(2)).isSameInstanceAs(STRING_C);
assertThat(list.getByteString(0)).isEqualTo(BYTE_STRING_A);
assertThat(list.getByteString(1)).isEqualTo(BYTE_STRING_B);
assertThat(list.getByteString(2)).isEqualTo(BYTE_STRING_C);
Reported by PMD.
Line: 61
UnmodifiableLazyStringList list = new UnmodifiableLazyStringList(rawList);
assertThat(list).hasSize(3);
assertThat(list.get(0)).isSameInstanceAs(STRING_A);
assertThat(list.get(1)).isSameInstanceAs(STRING_B);
assertThat(list.get(2)).isSameInstanceAs(STRING_C);
assertThat(list.getByteString(0)).isEqualTo(BYTE_STRING_A);
assertThat(list.getByteString(1)).isEqualTo(BYTE_STRING_B);
assertThat(list.getByteString(2)).isEqualTo(BYTE_STRING_C);
Reported by PMD.
Line: 62
assertThat(list).hasSize(3);
assertThat(list.get(0)).isSameInstanceAs(STRING_A);
assertThat(list.get(1)).isSameInstanceAs(STRING_B);
assertThat(list.get(2)).isSameInstanceAs(STRING_C);
assertThat(list.getByteString(0)).isEqualTo(BYTE_STRING_A);
assertThat(list.getByteString(1)).isEqualTo(BYTE_STRING_B);
assertThat(list.getByteString(2)).isEqualTo(BYTE_STRING_C);
List<ByteString> byteStringList = list.asByteStringList();
Reported by PMD.
Line: 63
assertThat(list.get(0)).isSameInstanceAs(STRING_A);
assertThat(list.get(1)).isSameInstanceAs(STRING_B);
assertThat(list.get(2)).isSameInstanceAs(STRING_C);
assertThat(list.getByteString(0)).isEqualTo(BYTE_STRING_A);
assertThat(list.getByteString(1)).isEqualTo(BYTE_STRING_B);
assertThat(list.getByteString(2)).isEqualTo(BYTE_STRING_C);
List<ByteString> byteStringList = list.asByteStringList();
assertThat(byteStringList.get(0)).isSameInstanceAs(list.getByteString(0));
Reported by PMD.
Line: 64
assertThat(list.get(1)).isSameInstanceAs(STRING_B);
assertThat(list.get(2)).isSameInstanceAs(STRING_C);
assertThat(list.getByteString(0)).isEqualTo(BYTE_STRING_A);
assertThat(list.getByteString(1)).isEqualTo(BYTE_STRING_B);
assertThat(list.getByteString(2)).isEqualTo(BYTE_STRING_C);
List<ByteString> byteStringList = list.asByteStringList();
assertThat(byteStringList.get(0)).isSameInstanceAs(list.getByteString(0));
assertThat(byteStringList.get(1)).isSameInstanceAs(list.getByteString(1));
Reported by PMD.
Line: 65
assertThat(list.get(2)).isSameInstanceAs(STRING_C);
assertThat(list.getByteString(0)).isEqualTo(BYTE_STRING_A);
assertThat(list.getByteString(1)).isEqualTo(BYTE_STRING_B);
assertThat(list.getByteString(2)).isEqualTo(BYTE_STRING_C);
List<ByteString> byteStringList = list.asByteStringList();
assertThat(byteStringList.get(0)).isSameInstanceAs(list.getByteString(0));
assertThat(byteStringList.get(1)).isSameInstanceAs(list.getByteString(1));
assertThat(byteStringList.get(2)).isSameInstanceAs(list.getByteString(2));
Reported by PMD.
Line: 68
assertThat(list.getByteString(2)).isEqualTo(BYTE_STRING_C);
List<ByteString> byteStringList = list.asByteStringList();
assertThat(byteStringList.get(0)).isSameInstanceAs(list.getByteString(0));
assertThat(byteStringList.get(1)).isSameInstanceAs(list.getByteString(1));
assertThat(byteStringList.get(2)).isSameInstanceAs(list.getByteString(2));
}
@Test
Reported by PMD.
Line: 68
assertThat(list.getByteString(2)).isEqualTo(BYTE_STRING_C);
List<ByteString> byteStringList = list.asByteStringList();
assertThat(byteStringList.get(0)).isSameInstanceAs(list.getByteString(0));
assertThat(byteStringList.get(1)).isSameInstanceAs(list.getByteString(1));
assertThat(byteStringList.get(2)).isSameInstanceAs(list.getByteString(2));
}
@Test
Reported by PMD.
java/core/src/main/java/com/google/protobuf/MessageSetSchema.java
69 issues
Line: 133
@SuppressWarnings("ReferenceEquality")
@Override
public void mergeFrom(
T message, byte[] data, int position, int limit, ArrayDecoders.Registers registers)
throws IOException {
UnknownFieldSetLite unknownFields = ((GeneratedMessageLite) message).unknownFields;
if (unknownFields == UnknownFieldSetLite.getDefaultInstance()) {
unknownFields = UnknownFieldSetLite.newInstance();
((GeneratedMessageLite) message).unknownFields = unknownFields;
Reported by PMD.
Line: 133
@SuppressWarnings("ReferenceEquality")
@Override
public void mergeFrom(
T message, byte[] data, int position, int limit, ArrayDecoders.Registers registers)
throws IOException {
UnknownFieldSetLite unknownFields = ((GeneratedMessageLite) message).unknownFields;
if (unknownFields == UnknownFieldSetLite.getDefaultInstance()) {
unknownFields = UnknownFieldSetLite.newInstance();
((GeneratedMessageLite) message).unknownFields = unknownFields;
Reported by PMD.
Line: 133
@SuppressWarnings("ReferenceEquality")
@Override
public void mergeFrom(
T message, byte[] data, int position, int limit, ArrayDecoders.Registers registers)
throws IOException {
UnknownFieldSetLite unknownFields = ((GeneratedMessageLite) message).unknownFields;
if (unknownFields == UnknownFieldSetLite.getDefaultInstance()) {
unknownFields = UnknownFieldSetLite.newInstance();
((GeneratedMessageLite) message).unknownFields = unknownFields;
Reported by PMD.
Line: 133
@SuppressWarnings("ReferenceEquality")
@Override
public void mergeFrom(
T message, byte[] data, int position, int limit, ArrayDecoders.Registers registers)
throws IOException {
UnknownFieldSetLite unknownFields = ((GeneratedMessageLite) message).unknownFields;
if (unknownFields == UnknownFieldSetLite.getDefaultInstance()) {
unknownFields = UnknownFieldSetLite.newInstance();
((GeneratedMessageLite) message).unknownFields = unknownFields;
Reported by PMD.
Line: 133
@SuppressWarnings("ReferenceEquality")
@Override
public void mergeFrom(
T message, byte[] data, int position, int limit, ArrayDecoders.Registers registers)
throws IOException {
UnknownFieldSetLite unknownFields = ((GeneratedMessageLite) message).unknownFields;
if (unknownFields == UnknownFieldSetLite.getDefaultInstance()) {
unknownFields = UnknownFieldSetLite.newInstance();
((GeneratedMessageLite) message).unknownFields = unknownFields;
Reported by PMD.
Line: 133
@SuppressWarnings("ReferenceEquality")
@Override
public void mergeFrom(
T message, byte[] data, int position, int limit, ArrayDecoders.Registers registers)
throws IOException {
UnknownFieldSetLite unknownFields = ((GeneratedMessageLite) message).unknownFields;
if (unknownFields == UnknownFieldSetLite.getDefaultInstance()) {
unknownFields = UnknownFieldSetLite.newInstance();
((GeneratedMessageLite) message).unknownFields = unknownFields;
Reported by PMD.
Line: 133
@SuppressWarnings("ReferenceEquality")
@Override
public void mergeFrom(
T message, byte[] data, int position, int limit, ArrayDecoders.Registers registers)
throws IOException {
UnknownFieldSetLite unknownFields = ((GeneratedMessageLite) message).unknownFields;
if (unknownFields == UnknownFieldSetLite.getDefaultInstance()) {
unknownFields = UnknownFieldSetLite.newInstance();
((GeneratedMessageLite) message).unknownFields = unknownFields;
Reported by PMD.
Line: 133
@SuppressWarnings("ReferenceEquality")
@Override
public void mergeFrom(
T message, byte[] data, int position, int limit, ArrayDecoders.Registers registers)
throws IOException {
UnknownFieldSetLite unknownFields = ((GeneratedMessageLite) message).unknownFields;
if (unknownFields == UnknownFieldSetLite.getDefaultInstance()) {
unknownFields = UnknownFieldSetLite.newInstance();
((GeneratedMessageLite) message).unknownFields = unknownFields;
Reported by PMD.
Line: 133
@SuppressWarnings("ReferenceEquality")
@Override
public void mergeFrom(
T message, byte[] data, int position, int limit, ArrayDecoders.Registers registers)
throws IOException {
UnknownFieldSetLite unknownFields = ((GeneratedMessageLite) message).unknownFields;
if (unknownFields == UnknownFieldSetLite.getDefaultInstance()) {
unknownFields = UnknownFieldSetLite.newInstance();
((GeneratedMessageLite) message).unknownFields = unknownFields;
Reported by PMD.
Line: 260
continue;
}
// Done reading.
return;
}
} finally {
unknownFieldSchema.setBuilderToMessage(message, unknownFields);
}
}
Reported by PMD.
java/core/src/main/java/com/google/protobuf/CodedOutputStreamWriter.java
68 issues
Line: 31
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
package com.google.protobuf;
import static com.google.protobuf.Internal.checkNotNull;
import static com.google.protobuf.WireFormat.WIRETYPE_LENGTH_DELIMITED;
import java.io.IOException;
Reported by PMD.
Line: 43
/** An adapter between the {@link Writer} interface and {@link CodedOutputStream}. */
@ExperimentalApi
final class CodedOutputStreamWriter implements Writer {
private final CodedOutputStream output;
public static CodedOutputStreamWriter forCodedOutput(CodedOutputStream output) {
if (output.wrapper != null) {
return output.wrapper;
Reported by PMD.
Line: 43
/** An adapter between the {@link Writer} interface and {@link CodedOutputStream}. */
@ExperimentalApi
final class CodedOutputStreamWriter implements Writer {
private final CodedOutputStream output;
public static CodedOutputStreamWriter forCodedOutput(CodedOutputStream output) {
if (output.wrapper != null) {
return output.wrapper;
Reported by PMD.
Line: 44
/** An adapter between the {@link Writer} interface and {@link CodedOutputStream}. */
@ExperimentalApi
final class CodedOutputStreamWriter implements Writer {
private final CodedOutputStream output;
public static CodedOutputStreamWriter forCodedOutput(CodedOutputStream output) {
if (output.wrapper != null) {
return output.wrapper;
}
Reported by PMD.
Line: 194
// Compute and write the length of the data.
int dataSize = 0;
for (int i = 0; i < value.size(); ++i) {
dataSize += CodedOutputStream.computeInt32SizeNoTag(value.get(i));
}
output.writeUInt32NoTag(dataSize);
// Write the data itself, without any tags.
Reported by PMD.
Line: 200
output.writeUInt32NoTag(dataSize);
// Write the data itself, without any tags.
for (int i = 0; i < value.size(); ++i) {
output.writeInt32NoTag(value.get(i));
}
} else {
for (int i = 0; i < value.size(); ++i) {
output.writeInt32(fieldNumber, value.get(i));
Reported by PMD.
Line: 204
output.writeInt32NoTag(value.get(i));
}
} else {
for (int i = 0; i < value.size(); ++i) {
output.writeInt32(fieldNumber, value.get(i));
}
}
}
Reported by PMD.
Line: 218
// Compute and write the length of the data.
int dataSize = 0;
for (int i = 0; i < value.size(); ++i) {
dataSize += CodedOutputStream.computeFixed32SizeNoTag(value.get(i));
}
output.writeUInt32NoTag(dataSize);
// Write the data itself, without any tags.
Reported by PMD.
Line: 224
output.writeUInt32NoTag(dataSize);
// Write the data itself, without any tags.
for (int i = 0; i < value.size(); ++i) {
output.writeFixed32NoTag(value.get(i));
}
} else {
for (int i = 0; i < value.size(); ++i) {
output.writeFixed32(fieldNumber, value.get(i));
Reported by PMD.
Line: 228
output.writeFixed32NoTag(value.get(i));
}
} else {
for (int i = 0; i < value.size(); ++i) {
output.writeFixed32(fieldNumber, value.get(i));
}
}
}
Reported by PMD.