The following issues were found
java/core/src/test/java/com/google/protobuf/Proto3MessageInfoFactory.java
7 issues
Line: 491
try {
return clazz.getDeclaredField(name);
} catch (NoSuchFieldException | SecurityException e) {
throw new RuntimeException(e);
}
}
private static FieldInfo mapFieldInfo(Class<?> clazz, String fieldName, int fieldNumber) {
try {
Reported by PMD.
Line: 503
SchemaUtil.getMapDefaultEntry(clazz, fieldName),
null);
} catch (Throwable t) {
throw new RuntimeException(t);
}
}
}
Reported by PMD.
Line: 84
return builder.build();
}
private static void lookupFieldsByName(StructuralMessageInfo.Builder builder) {
builder.withDefaultInstance(Proto3Message.getDefaultInstance());
builder.withSyntax(ProtoSyntax.PROTO3);
builder.withField(forField(field("fieldDouble1_"), 1, FieldType.DOUBLE, true));
builder.withField(forField(field("fieldFloat2_"), 2, FieldType.FLOAT, true));
builder.withField(forField(field("fieldInt643_"), 3, FieldType.INT64, true));
Reported by PMD.
Line: 180
return builder.build();
}
private StructuralMessageInfo newMessageInfoForProto3MessageWithMaps() {
StructuralMessageInfo.Builder builder = StructuralMessageInfo.newBuilder();
builder.withSyntax(ProtoSyntax.PROTO3);
builder.withField(mapFieldInfo(Proto3MessageWithMaps.class, "field_map_bool_bool_1", 1));
builder.withField(mapFieldInfo(Proto3MessageWithMaps.class, "field_map_bool_bytes_2", 2));
builder.withField(mapFieldInfo(Proto3MessageWithMaps.class, "field_map_bool_double_3", 3));
Reported by PMD.
Line: 180
return builder.build();
}
private StructuralMessageInfo newMessageInfoForProto3MessageWithMaps() {
StructuralMessageInfo.Builder builder = StructuralMessageInfo.newBuilder();
builder.withSyntax(ProtoSyntax.PROTO3);
builder.withField(mapFieldInfo(Proto3MessageWithMaps.class, "field_map_bool_bool_1", 1));
builder.withField(mapFieldInfo(Proto3MessageWithMaps.class, "field_map_bool_bytes_2", 2));
builder.withField(mapFieldInfo(Proto3MessageWithMaps.class, "field_map_bool_double_3", 3));
Reported by PMD.
Line: 180
return builder.build();
}
private StructuralMessageInfo newMessageInfoForProto3MessageWithMaps() {
StructuralMessageInfo.Builder builder = StructuralMessageInfo.newBuilder();
builder.withSyntax(ProtoSyntax.PROTO3);
builder.withField(mapFieldInfo(Proto3MessageWithMaps.class, "field_map_bool_bool_1", 1));
builder.withField(mapFieldInfo(Proto3MessageWithMaps.class, "field_map_bool_bytes_2", 2));
builder.withField(mapFieldInfo(Proto3MessageWithMaps.class, "field_map_bool_double_3", 3));
Reported by PMD.
Line: 502
fieldNumber,
SchemaUtil.getMapDefaultEntry(clazz, fieldName),
null);
} catch (Throwable t) {
throw new RuntimeException(t);
}
}
}
Reported by PMD.
ruby/src/main/java/com/google/protobuf/jruby/RubyFileDescriptor.java
7 issues
Line: 79
@JRubyMethod(name = "name")
public IRubyObject getName(ThreadContext context) {
String name = fileDescriptor.getName();
return name == null ? context.nil : context.runtime.newString(name);
}
/*
* call-seq:
* FileDescriptor.syntax => syntax
Reported by PMD.
Line: 95
public IRubyObject getSyntax(ThreadContext context) {
switch (fileDescriptor.getSyntax()) {
case PROTO2:
return context.runtime.newSymbol("proto2");
case PROTO3:
return context.runtime.newSymbol("proto3");
default:
return context.nil;
}
Reported by PMD.
Line: 97
case PROTO2:
return context.runtime.newSymbol("proto2");
case PROTO3:
return context.runtime.newSymbol("proto3");
default:
return context.nil;
}
}
Reported by PMD.
Line: 105
private static RubyClass cFileDescriptor;
private FileDescriptor fileDescriptor;
}
Reported by PMD.
Line: 35
package com.google.protobuf.jruby;
import com.google.protobuf.Descriptors.Descriptor;
import com.google.protobuf.Descriptors.FileDescriptor;
import com.google.protobuf.Descriptors.FileDescriptor.Syntax.*;
import com.google.protobuf.Descriptors.GenericDescriptor;
import org.jruby.*;
import org.jruby.anno.JRubyClass;
Reported by PMD.
Line: 37
import com.google.protobuf.Descriptors.Descriptor;
import com.google.protobuf.Descriptors.FileDescriptor;
import com.google.protobuf.Descriptors.FileDescriptor.Syntax.*;
import com.google.protobuf.Descriptors.GenericDescriptor;
import org.jruby.*;
import org.jruby.anno.JRubyClass;
import org.jruby.anno.JRubyMethod;
import org.jruby.runtime.Block;
Reported by PMD.
Line: 39
import com.google.protobuf.Descriptors.FileDescriptor;
import com.google.protobuf.Descriptors.FileDescriptor.Syntax.*;
import com.google.protobuf.Descriptors.GenericDescriptor;
import org.jruby.*;
import org.jruby.anno.JRubyClass;
import org.jruby.anno.JRubyMethod;
import org.jruby.runtime.Block;
import org.jruby.runtime.ObjectAllocator;
import org.jruby.runtime.ThreadContext;
Reported by PMD.
src/google/protobuf/testing/file.cc
7 issues
Line: 62
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
#endif
#ifdef _WIN32
using google::protobuf::io::win32::access;
using google::protobuf::io::win32::chdir;
using google::protobuf::io::win32::fopen;
using google::protobuf::io::win32::mkdir;
using google::protobuf::io::win32::stat;
#endif
Reported by FlawFinder.
Line: 70
Column: 10
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
#endif
bool File::Exists(const std::string& name) {
return access(name.c_str(), F_OK) == 0;
}
bool File::ReadFileToString(const std::string& name, std::string* output,
bool text_mode) {
char buffer[1024];
Reported by FlawFinder.
Line: 64
Column: 36
CWE codes:
362
#ifdef _WIN32
using google::protobuf::io::win32::access;
using google::protobuf::io::win32::chdir;
using google::protobuf::io::win32::fopen;
using google::protobuf::io::win32::mkdir;
using google::protobuf::io::win32::stat;
#endif
bool File::Exists(const std::string& name) {
Reported by FlawFinder.
Line: 75
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
bool File::ReadFileToString(const std::string& name, std::string* output,
bool text_mode) {
char buffer[1024];
FILE* file = fopen(name.c_str(), text_mode ? "rt" : "rb");
if (file == NULL) return false;
while (true) {
size_t n = fread(buffer, 1, sizeof(buffer), file);
Reported by FlawFinder.
Line: 76
Column: 16
CWE codes:
362
bool File::ReadFileToString(const std::string& name, std::string* output,
bool text_mode) {
char buffer[1024];
FILE* file = fopen(name.c_str(), text_mode ? "rt" : "rb");
if (file == NULL) return false;
while (true) {
size_t n = fread(buffer, 1, sizeof(buffer), file);
if (n <= 0) break;
Reported by FlawFinder.
Line: 96
Column: 16
CWE codes:
362
bool File::WriteStringToFile(const std::string& contents,
const std::string& name) {
FILE* file = fopen(name.c_str(), "wb");
if (file == NULL) {
GOOGLE_LOG(ERROR) << "fopen(" << name << ", \"wb\"): " << strerror(errno);
return false;
}
Reported by FlawFinder.
Line: 116
Column: 16
CWE codes:
362
void File::WriteStringToFileOrDie(const std::string& contents,
const std::string& name) {
FILE* file = fopen(name.c_str(), "wb");
GOOGLE_CHECK(file != NULL)
<< "fopen(" << name << ", \"wb\"): " << strerror(errno);
GOOGLE_CHECK_EQ(fwrite(contents.data(), 1, contents.size(), file),
contents.size())
<< "fwrite(" << name << "): " << strerror(errno);
Reported by FlawFinder.
java/core/src/main/java/com/google/protobuf/RawMessageInfo.java
7 issues
Line: 175
* <p>In order to read the field info from this compact format, a reader needs to progress through
* the String object and the Object[] array simultaneously.
*/
private final String info;
private final Object[] objects;
private final int flags;
RawMessageInfo(MessageLite defaultInstance, String info, Object[] objects) {
Reported by PMD.
Line: 178
private final String info;
private final Object[] objects;
private final int flags;
RawMessageInfo(MessageLite defaultInstance, String info, Object[] objects) {
this.defaultInstance = defaultInstance;
this.info = info;
this.objects = objects;
Reported by PMD.
Line: 180
private final Object[] objects;
private final int flags;
RawMessageInfo(MessageLite defaultInstance, String info, Object[] objects) {
this.defaultInstance = defaultInstance;
this.info = info;
this.objects = objects;
int position = 0;
int value = (int) info.charAt(position++);
Reported by PMD.
Line: 186
this.objects = objects;
int position = 0;
int value = (int) info.charAt(position++);
if (value < 0xD800) {
flags = value;
} else {
int result = value & 0x1FFF;
int shift = 13;
while ((value = info.charAt(position++)) >= 0xD800) {
Reported by PMD.
Line: 191
} else {
int result = value & 0x1FFF;
int shift = 13;
while ((value = info.charAt(position++)) >= 0xD800) {
result |= (value & 0x1FFF) << shift;
shift += 13;
}
flags = result | (value << shift);
}
Reported by PMD.
Line: 204
}
Object[] getObjects() {
return objects;
}
@Override
public MessageLite getDefaultInstance() {
return defaultInstance;
Reported by PMD.
Line: 180
private final Object[] objects;
private final int flags;
RawMessageInfo(MessageLite defaultInstance, String info, Object[] objects) {
this.defaultInstance = defaultInstance;
this.info = info;
this.objects = objects;
int position = 0;
int value = (int) info.charAt(position++);
Reported by PMD.
src/google/protobuf/io/io_win32.cc
7 issues
Line: 282
Column: 5
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
#endif // not SUPPORT_LONGPATHS
}
int access(const char* path, int mode) {
#ifdef SUPPORT_LONGPATHS
wstring wpath;
if (!as_windows_path(path, &wpath)) {
errno = ENOENT;
return -1;
Reported by FlawFinder.
Line: 256
Column: 5
CWE codes:
362
} // namespace
int open(const char* path, int flags, int mode) {
#ifdef SUPPORT_LONGPATHS
wstring wpath;
if (!as_windows_path(path, &wpath)) {
errno = ENOENT;
return -1;
Reported by FlawFinder.
Line: 321
Column: 7
CWE codes:
362
#endif // not SUPPORT_LONGPATHS
}
FILE* fopen(const char* path, const char* mode) {
#ifdef SUPPORT_LONGPATHS
if (null_or_empty(path)) {
errno = EINVAL;
return nullptr;
}
Reported by FlawFinder.
Line: 339
Column: 12
CWE codes:
362
}
return ::_wfopen(wpath.c_str(), wmode.c_str());
#else
return ::fopen(path, mode);
#endif
}
int close(int fd) { return ::_close(fd); }
Reported by FlawFinder.
Line: 445
Column: 7
CWE codes:
120
SetLastError(0);
int size =
MultiByteToWideChar(inUtf8 ? CP_UTF8 : CP_ACP, 0, s, -1, nullptr, 0);
if (size == 0 && GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
return false;
}
std::unique_ptr<WCHAR[]> wstr(new WCHAR[size]);
MultiByteToWideChar(
Reported by FlawFinder.
Line: 450
Column: 3
CWE codes:
120
return false;
}
std::unique_ptr<WCHAR[]> wstr(new WCHAR[size]);
MultiByteToWideChar(
inUtf8 ? CP_UTF8 : CP_ACP, 0, s, -1, wstr.get(), size + 1);
out->assign(wstr.get());
return true;
}
Reported by FlawFinder.
Line: 349
Column: 5
CWE codes:
120
20
int dup2(int fd1, int fd2) { return ::_dup2(fd1, fd2); }
int read(int fd, void* buffer, size_t size) {
return ::_read(fd, buffer, size);
}
int setmode(int fd, int mode) { return ::_setmode(fd, mode); }
Reported by FlawFinder.
src/google/protobuf/testing/googletest.cc
7 issues
Line: 80
Column: 18
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
#else
#ifndef _MSC_VER
// automake sets the "srcdir" environment variable.
char* result = getenv("srcdir");
if (result != NULL) {
return result;
}
#endif // _MSC_VER
Reported by FlawFinder.
Line: 113
Column: 28
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
std::string GetTemporaryDirectoryName() {
// Tests run under Bazel "should not" use /tmp. Bazel sets this environment
// variable for tests to use instead.
char *from_environment = getenv("TEST_TMPDIR");
if (from_environment != NULL && from_environment[0] != '\0') {
return std::string(from_environment) + "/protobuf_tmpdir";
}
// tmpnam() is generally not considered safe but we're only using it for
Reported by FlawFinder.
Line: 124
Column: 24
CWE codes:
377
char b[L_tmpnam + 1]; // HPUX multithread return 0 if s is 0
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
std::string result = tmpnam(b);
#pragma GCC diagnostic pop
#ifdef _WIN32
// Avoid a trailing dot by changing it to an underscore. On Win32 the names of
// files and directories can, but should not, end with dot.
//
Reported by FlawFinder.
Line: 62
Column: 36
CWE codes:
362
using google::protobuf::io::win32::dup2;
using google::protobuf::io::win32::dup;
using google::protobuf::io::win32::mkdir;
using google::protobuf::io::win32::open;
#endif
#ifndef O_BINARY
#ifdef _O_BINARY
#define O_BINARY _O_BINARY
Reported by FlawFinder.
Line: 121
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// tmpnam() is generally not considered safe but we're only using it for
// testing. We cannot use tmpfile() or mkstemp() since we're creating a
// directory.
char b[L_tmpnam + 1]; // HPUX multithread return 0 if s is 0
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
std::string result = tmpnam(b);
#pragma GCC diagnostic pop
#ifdef _WIN32
Reported by FlawFinder.
Line: 203
Column: 12
CWE codes:
362
stdout_capture_filename_ = TestTempDir() + "/captured_stdout";
int fd = open(stdout_capture_filename_.c_str(),
O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0777);
GOOGLE_CHECK(fd >= 0) << "open: " << strerror(errno);
original_stdout_ = dup(1);
close(1);
Reported by FlawFinder.
Line: 218
Column: 12
CWE codes:
362
stderr_capture_filename_ = TestTempDir() + "/captured_stderr";
int fd = open(stderr_capture_filename_.c_str(),
O_WRONLY | O_CREAT | O_EXCL | O_BINARY, 0777);
GOOGLE_CHECK(fd >= 0) << "open: " << strerror(errno);
original_stderr_ = dup(2);
close(2);
Reported by FlawFinder.
java/core/src/main/java/com/google/protobuf/MapFieldLite.java
7 issues
Line: 125
}
}
private static boolean equals(Object a, Object b) {
if (a instanceof byte[] && b instanceof byte[]) {
return Arrays.equals((byte[]) a, (byte[]) b);
}
return a.equals(b);
}
Reported by PMD.
Line: 47
*
* <p>This class is a protobuf implementation detail. Users shouldn't use this class directly.
*/
public final class MapFieldLite<K, V> extends LinkedHashMap<K, V> {
private boolean isMutable;
private MapFieldLite() {
this.isMutable = true;
Reported by PMD.
Line: 47
*
* <p>This class is a protobuf implementation detail. Users shouldn't use this class directly.
*/
public final class MapFieldLite<K, V> extends LinkedHashMap<K, V> {
private boolean isMutable;
private MapFieldLite() {
this.isMutable = true;
Reported by PMD.
Line: 49
*/
public final class MapFieldLite<K, V> extends LinkedHashMap<K, V> {
private boolean isMutable;
private MapFieldLite() {
this.isMutable = true;
}
Reported by PMD.
Line: 49
*/
public final class MapFieldLite<K, V> extends LinkedHashMap<K, V> {
private boolean isMutable;
private MapFieldLite() {
this.isMutable = true;
}
Reported by PMD.
Line: 60
this.isMutable = true;
}
@SuppressWarnings({"rawtypes", "unchecked"})
private static final MapFieldLite EMPTY_MAP_FIELD = new MapFieldLite<>();
static {
EMPTY_MAP_FIELD.makeImmutable();
}
Reported by PMD.
Line: 137
* Map} because it compares by identity not by content for byte arrays.
*/
static <K, V> boolean equals(Map<K, V> a, Map<K, V> b) {
if (a == b) {
return true;
}
if (a.size() != b.size()) {
return false;
}
Reported by PMD.
java/core/src/main/java/com/google/protobuf/ManifestSchemaFactory.java
7 issues
Line: 41
@ExperimentalApi
final class ManifestSchemaFactory implements SchemaFactory {
private final MessageInfoFactory messageInfoFactory;
public ManifestSchemaFactory() {
this(getDefaultMessageInfoFactory());
}
Reported by PMD.
Line: 123
}
private static class CompositeMessageInfoFactory implements MessageInfoFactory {
private MessageInfoFactory[] factories;
CompositeMessageInfoFactory(MessageInfoFactory... factories) {
this.factories = factories;
}
Reported by PMD.
Line: 123
}
private static class CompositeMessageInfoFactory implements MessageInfoFactory {
private MessageInfoFactory[] factories;
CompositeMessageInfoFactory(MessageInfoFactory... factories) {
this.factories = factories;
}
Reported by PMD.
Line: 125
private static class CompositeMessageInfoFactory implements MessageInfoFactory {
private MessageInfoFactory[] factories;
CompositeMessageInfoFactory(MessageInfoFactory... factories) {
this.factories = factories;
}
@Override
public boolean isSupported(Class<?> clazz) {
Reported by PMD.
Line: 167
private static MessageInfoFactory getDescriptorMessageInfoFactory() {
try {
Class<?> clazz = Class.forName("com.google.protobuf.DescriptorMessageInfoFactory");
return (MessageInfoFactory) clazz.getDeclaredMethod("getInstance").invoke(null);
} catch (Exception e) {
return EMPTY_FACTORY;
}
}
}
Reported by PMD.
Line: 167
private static MessageInfoFactory getDescriptorMessageInfoFactory() {
try {
Class<?> clazz = Class.forName("com.google.protobuf.DescriptorMessageInfoFactory");
return (MessageInfoFactory) clazz.getDeclaredMethod("getInstance").invoke(null);
} catch (Exception e) {
return EMPTY_FACTORY;
}
}
}
Reported by PMD.
Line: 168
try {
Class<?> clazz = Class.forName("com.google.protobuf.DescriptorMessageInfoFactory");
return (MessageInfoFactory) clazz.getDeclaredMethod("getInstance").invoke(null);
} catch (Exception e) {
return EMPTY_FACTORY;
}
}
}
Reported by PMD.
php/ext/google/protobuf/convert.c
6 issues
Line: 407
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// The resulting upb_strview will only be value while the zval is alive.
if (arena) {
ptr = upb_arena_malloc(arena, size);
memcpy(ptr, Z_STRVAL_P(php_val), size);
} else {
ptr = Z_STRVAL_P(php_val);
}
upb_val->str_val = upb_strview_make(ptr, size);
Reported by FlawFinder.
Line: 432
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ZVAL_LONG(php_val, upb_val.int64_val);
#else
{
char buf[20];
int size = sprintf(buf, "%lld", upb_val.int64_val);
ZVAL_NEW_STR(php_val, zend_string_init(buf, size, 0));
}
#endif
break;
Reported by FlawFinder.
Line: 433
Column: 20
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
#else
{
char buf[20];
int size = sprintf(buf, "%lld", upb_val.int64_val);
ZVAL_NEW_STR(php_val, zend_string_init(buf, size, 0));
}
#endif
break;
case UPB_TYPE_UINT64:
Reported by FlawFinder.
Line: 443
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ZVAL_LONG(php_val, upb_val.uint64_val);
#else
{
char buf[20];
int size = sprintf(buf, "%lld", (int64_t)upb_val.uint64_val);
ZVAL_NEW_STR(php_val, zend_string_init(buf, size, 0));
}
#endif
break;
Reported by FlawFinder.
Line: 444
Column: 20
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
#else
{
char buf[20];
int size = sprintf(buf, "%lld", (int64_t)upb_val.uint64_val);
ZVAL_NEW_STR(php_val, zend_string_init(buf, size, 0));
}
#endif
break;
case UPB_TYPE_INT32:
Reported by FlawFinder.
Line: 515
Column: 38
CWE codes:
126
GPBUtil_class_entry = zend_register_internal_class(&class_type);
zend_declare_class_constant_string(GPBUtil_class_entry, prefix_name,
strlen(prefix_name),
"type.googleapis.com/");
}
Reported by FlawFinder.
src/google/protobuf/compiler/command_line_interface_unittest.cc
6 issues
Line: 543
// ===================================================================
TEST_F(CommandLineInterfaceTest, BasicOutput) {
// Test that the common case works.
CreateTempFile("foo.proto",
"syntax = \"proto2\";\n"
"message Foo {}\n");
Reported by Cppcheck.
Line: 78
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
#if defined(_WIN32)
// DO NOT include <io.h>, instead create functions in io_win32.{h,cc} and import
// them like we do below.
using google::protobuf::io::win32::access;
using google::protobuf::io::win32::close;
using google::protobuf::io::win32::dup;
using google::protobuf::io::win32::dup2;
using google::protobuf::io::win32::open;
using google::protobuf::io::win32::write;
Reported by FlawFinder.
Line: 350
Column: 11
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
"test_plugin", // Unix
};
for (int i = 0; i < GOOGLE_ARRAYSIZE(possible_paths); i++) {
if (access(possible_paths[i], F_OK) == 0) {
plugin_path = possible_paths[i];
break;
}
}
#endif
Reported by FlawFinder.
Line: 2574
Column: 26
CWE codes:
120
args.push_back("--proto_path=" + TestUtil::TestSourceDir());
break;
case DESCRIPTOR_SET_IN:
args.push_back(StrCat("--descriptor_set_in=",
unittest_proto_descriptor_set_filename_));
break;
default:
ADD_FAILURE() << "unexpected EncodeDecodeTestMode: " << GetParam();
}
Reported by FlawFinder.
Line: 82
Column: 36
CWE codes:
362
using google::protobuf::io::win32::close;
using google::protobuf::io::win32::dup;
using google::protobuf::io::win32::dup2;
using google::protobuf::io::win32::open;
using google::protobuf::io::win32::write;
#endif
// Disable the whole test when we use tcmalloc for "draconian" heap checks, in
// which case tcmalloc will print warnings that fail the plugin tests.
Reported by FlawFinder.
Line: 2538
Column: 14
CWE codes:
362
}
bool RedirectStdinFromFile(const std::string& filename) {
int fd = open(filename.c_str(), O_RDONLY);
if (fd < 0) return false;
dup2(fd, STDIN_FILENO);
close(fd);
return true;
}
Reported by FlawFinder.