The following issues were found
ruby/src/main/java/com/google/protobuf/jruby/RubyProtobuf.java
6 issues
Line: 43
import org.jruby.runtime.builtin.IRubyObject;
@JRubyModule(name = "Protobuf")
public class RubyProtobuf {
public static void createProtobuf(Ruby runtime) {
RubyModule mGoogle = runtime.getModule("Google");
RubyModule mProtobuf = mGoogle.defineModuleUnder("Protobuf");
mProtobuf.defineAnnotatedMethods(RubyProtobuf.class);
Reported by PMD.
Line: 47
public static void createProtobuf(Ruby runtime) {
RubyModule mGoogle = runtime.getModule("Google");
RubyModule mProtobuf = mGoogle.defineModuleUnder("Protobuf");
mProtobuf.defineAnnotatedMethods(RubyProtobuf.class);
RubyModule mInternal = mProtobuf.defineModuleUnder("Internal");
}
/*
Reported by PMD.
Line: 48
public static void createProtobuf(Ruby runtime) {
RubyModule mGoogle = runtime.getModule("Google");
RubyModule mProtobuf = mGoogle.defineModuleUnder("Protobuf");
mProtobuf.defineAnnotatedMethods(RubyProtobuf.class);
RubyModule mInternal = mProtobuf.defineModuleUnder("Internal");
}
/*
* call-seq:
Reported by PMD.
Line: 49
RubyModule mGoogle = runtime.getModule("Google");
RubyModule mProtobuf = mGoogle.defineModuleUnder("Protobuf");
mProtobuf.defineAnnotatedMethods(RubyProtobuf.class);
RubyModule mInternal = mProtobuf.defineModuleUnder("Internal");
}
/*
* call-seq:
* Google::Protobuf.deep_copy(obj) => copy_of_obj
Reported by PMD.
Line: 49
RubyModule mGoogle = runtime.getModule("Google");
RubyModule mProtobuf = mGoogle.defineModuleUnder("Protobuf");
mProtobuf.defineAnnotatedMethods(RubyProtobuf.class);
RubyModule mInternal = mProtobuf.defineModuleUnder("Internal");
}
/*
* call-seq:
* Google::Protobuf.deep_copy(obj) => copy_of_obj
Reported by PMD.
Line: 49
RubyModule mGoogle = runtime.getModule("Google");
RubyModule mProtobuf = mGoogle.defineModuleUnder("Protobuf");
mProtobuf.defineAnnotatedMethods(RubyProtobuf.class);
RubyModule mInternal = mProtobuf.defineModuleUnder("Internal");
}
/*
* call-seq:
* Google::Protobuf.deep_copy(obj) => copy_of_obj
Reported by PMD.
java/core/src/main/java/com/google/protobuf/IntArrayList.java
6 issues
Line: 46
* @author dweis@google.com (Daniel Weis)
*/
final class IntArrayList extends AbstractProtobufList<Integer>
implements IntList, RandomAccess, PrimitiveNonBoxingCollection {
private static final IntArrayList EMPTY_LIST = new IntArrayList(new int[0], 0);
static {
EMPTY_LIST.makeImmutable();
}
Reported by PMD.
Line: 58
}
/** The backing store for the list. */
private int[] array;
/**
* The size of the list distinct from the length of the array. That is, it is the number of
* elements set in the list.
*/
Reported by PMD.
Line: 64
* The size of the list distinct from the length of the array. That is, it is the number of
* elements set in the list.
*/
private int size;
/** Constructs a new mutable {@code IntArrayList} with default capacity. */
IntArrayList() {
this(new int[DEFAULT_CAPACITY], 0);
}
Reported by PMD.
Line: 64
* The size of the list distinct from the length of the array. That is, it is the number of
* elements set in the list.
*/
private int size;
/** Constructs a new mutable {@code IntArrayList} with default capacity. */
IntArrayList() {
this(new int[DEFAULT_CAPACITY], 0);
}
Reported by PMD.
Line: 104
return false;
}
final int[] arr = other.array;
for (int i = 0; i < size; i++) {
if (array[i] != arr[i]) {
return false;
}
}
Reported by PMD.
Line: 147
if (!(element instanceof Integer)) {
return -1;
}
int unboxedElement = (Integer) element;
int numElems = size();
for (int i = 0; i < numElems; i++) {
if (array[i] == unboxedElement) {
return i;
}
Reported by PMD.
java/core/src/main/java/com/google/protobuf/DoubleArrayList.java
6 issues
Line: 46
* @author dweis@google.com (Daniel Weis)
*/
final class DoubleArrayList extends AbstractProtobufList<Double>
implements DoubleList, RandomAccess, PrimitiveNonBoxingCollection {
private static final DoubleArrayList EMPTY_LIST = new DoubleArrayList(new double[0], 0);
static {
EMPTY_LIST.makeImmutable();
}
Reported by PMD.
Line: 58
}
/** The backing store for the list. */
private double[] array;
/**
* The size of the list distinct from the length of the array. That is, it is the number of
* elements set in the list.
*/
Reported by PMD.
Line: 64
* The size of the list distinct from the length of the array. That is, it is the number of
* elements set in the list.
*/
private int size;
/** Constructs a new mutable {@code DoubleArrayList} with default capacity. */
DoubleArrayList() {
this(new double[DEFAULT_CAPACITY], 0);
}
Reported by PMD.
Line: 64
* The size of the list distinct from the length of the array. That is, it is the number of
* elements set in the list.
*/
private int size;
/** Constructs a new mutable {@code DoubleArrayList} with default capacity. */
DoubleArrayList() {
this(new double[DEFAULT_CAPACITY], 0);
}
Reported by PMD.
Line: 104
return false;
}
final double[] arr = other.array;
for (int i = 0; i < size; i++) {
if (Double.doubleToLongBits(array[i]) != Double.doubleToLongBits(arr[i])) {
return false;
}
}
Reported by PMD.
Line: 148
if (!(element instanceof Double)) {
return -1;
}
double unboxedElement = (Double) element;
int numElems = size();
for (int i = 0; i < numElems; i++) {
if (array[i] == unboxedElement) {
return i;
}
Reported by PMD.
src/google/protobuf/util/json_util.cc
6 issues
Line: 144
Column: 9
CWE codes:
120
loc_string.append(" ");
}
status_ = util::InvalidArgumentError(
StrCat(loc_string, unknown_name, ": ", message));
}
void InvalidValue(const converter::LocationTrackerInterface& loc,
StringPiece type_name,
StringPiece value) override {
Reported by FlawFinder.
Line: 151
Column: 9
CWE codes:
120
StringPiece type_name,
StringPiece value) override {
status_ = util::InvalidArgumentError(
StrCat(GetLocString(loc), ": invalid value ", std::string(value),
" for type ", std::string(type_name)));
}
void MissingField(const converter::LocationTrackerInterface& loc,
StringPiece missing_name) override {
Reported by FlawFinder.
Line: 157
Column: 42
CWE codes:
120
void MissingField(const converter::LocationTrackerInterface& loc,
StringPiece missing_name) override {
status_ = util::InvalidArgumentError(StrCat(
GetLocString(loc), ": missing field ", std::string(missing_name)));
}
private:
util::Status status_;
Reported by FlawFinder.
Line: 168
Column: 20
CWE codes:
120
std::string loc_string = loc.ToString();
StripWhitespace(&loc_string);
if (!loc_string.empty()) {
loc_string = StrCat("(", loc_string, ")");
}
return loc_string;
}
GOOGLE_DISALLOW_EVIL_CONSTRUCTORS(StatusErrorListener);
Reported by FlawFinder.
Line: 68
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void ZeroCopyStreamByteSink::Append(const char* bytes, size_t len) {
while (true) {
if (len <= buffer_size_) {
memcpy(buffer_, bytes, len);
buffer_ = static_cast<char*>(buffer_) + len;
buffer_size_ -= len;
return;
}
if (buffer_size_ > 0) {
Reported by FlawFinder.
Line: 74
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
if (buffer_size_ > 0) {
memcpy(buffer_, bytes, buffer_size_);
bytes += buffer_size_;
len -= buffer_size_;
}
if (!stream_->Next(&buffer_, &buffer_size_)) {
// There isn't a way for ByteSink to report errors.
Reported by FlawFinder.
src/google/protobuf/stubs/bytestream.cc
5 issues
Line: 63
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// Catch cases where the pointer returned by GetAppendBuffer() was modified.
GOOGLE_DCHECK(!(dest_ <= data && data < (dest_ + n)))
<< "Append() data[] overlaps with dest_[]";
memcpy(dest_, data, n);
}
dest_ += n;
}
CheckedArrayByteSink::CheckedArrayByteSink(char* outbuf, size_t capacity)
Reported by FlawFinder.
Line: 82
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// Catch cases where the pointer returned by GetAppendBuffer() was modified.
GOOGLE_DCHECK(!(outbuf_ <= bytes && bytes < (outbuf_ + capacity_)))
<< "Append() bytes[] overlaps with outbuf_[]";
memcpy(outbuf_ + size_, bytes, n);
}
size_ += n;
}
GrowingArrayByteSink::GrowingArrayByteSink(size_t estimated_size)
Reported by FlawFinder.
Line: 109
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
Expand(n - available);
}
if (n > 0 && bytes != (buf_ + size_)) {
memcpy(buf_ + size_, bytes, n);
}
size_ += n;
}
char* GrowingArrayByteSink::GetBuffer(size_t* nbytes) {
Reported by FlawFinder.
Line: 126
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void GrowingArrayByteSink::Expand(size_t amount) { // Expand by at least 50%.
size_t new_capacity = std::max(capacity_ + amount, (3 * capacity_) / 2);
char* bigger = new char[new_capacity];
memcpy(bigger, buf_, size_);
delete[] buf_;
buf_ = bigger;
capacity_ = new_capacity;
}
Reported by FlawFinder.
Line: 137
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// of capacity_.
if (capacity_ > 256 && size_ < (3 * capacity_) / 4) {
char* just_enough = new char[size_];
memcpy(just_enough, buf_, size_);
delete[] buf_;
buf_ = just_enough;
capacity_ = size_;
}
}
Reported by FlawFinder.
src/google/protobuf/util/type_resolver_util.cc
5 issues
Line: 310
Column: 11
CWE codes:
120
std::string* type_name) {
if (type_url.substr(0, url_prefix_.size() + 1) != url_prefix_ + "/") {
return util::InvalidArgumentError(
StrCat("Invalid type URL, type URLs must be of the form '",
url_prefix_, "/<typename>', got: ", type_url));
}
*type_name = type_url.substr(url_prefix_.size() + 1);
return util::Status();
}
Reported by FlawFinder.
Line: 320
Column: 16
CWE codes:
120
std::string DefaultValueAsString(const FieldDescriptor* descriptor) {
switch (descriptor->cpp_type()) {
case FieldDescriptor::CPPTYPE_INT32:
return StrCat(descriptor->default_value_int32());
break;
case FieldDescriptor::CPPTYPE_INT64:
return StrCat(descriptor->default_value_int64());
break;
case FieldDescriptor::CPPTYPE_UINT32:
Reported by FlawFinder.
Line: 323
Column: 16
CWE codes:
120
return StrCat(descriptor->default_value_int32());
break;
case FieldDescriptor::CPPTYPE_INT64:
return StrCat(descriptor->default_value_int64());
break;
case FieldDescriptor::CPPTYPE_UINT32:
return StrCat(descriptor->default_value_uint32());
break;
case FieldDescriptor::CPPTYPE_UINT64:
Reported by FlawFinder.
Line: 326
Column: 16
CWE codes:
120
return StrCat(descriptor->default_value_int64());
break;
case FieldDescriptor::CPPTYPE_UINT32:
return StrCat(descriptor->default_value_uint32());
break;
case FieldDescriptor::CPPTYPE_UINT64:
return StrCat(descriptor->default_value_uint64());
break;
case FieldDescriptor::CPPTYPE_FLOAT:
Reported by FlawFinder.
Line: 329
Column: 16
CWE codes:
120
return StrCat(descriptor->default_value_uint32());
break;
case FieldDescriptor::CPPTYPE_UINT64:
return StrCat(descriptor->default_value_uint64());
break;
case FieldDescriptor::CPPTYPE_FLOAT:
return SimpleFtoa(descriptor->default_value_float());
break;
case FieldDescriptor::CPPTYPE_DOUBLE:
Reported by FlawFinder.
src/google/protobuf/util/internal/protostream_objectsource_test.cc
5 issues
Line: 299
::testing::Values(
testing::USE_TYPE_RESOLVER));
TEST_P(ProtostreamObjectSourceTest, EmptyMessage) {
Book empty;
ow_.StartObject("")->EndObject();
DoTest(empty, Book::descriptor());
}
Reported by Cppcheck.
Line: 481
Column: 20
CWE codes:
120
int repeat = 10000;
for (int i = 0; i < repeat; ++i) {
Book_Label* label = book.add_labels();
label->set_key(StrCat("i", i));
label->set_value(StrCat("v", i));
}
// Make sure StartList and EndList are called exactly once (see b/18227499 for
// problems when this doesn't happen)
Reported by FlawFinder.
Line: 482
Column: 22
CWE codes:
120
for (int i = 0; i < repeat; ++i) {
Book_Label* label = book.add_labels();
label->set_key(StrCat("i", i));
label->set_value(StrCat("v", i));
}
// Make sure StartList and EndList are called exactly once (see b/18227499 for
// problems when this doesn't happen)
EXPECT_CALL(mock_, StartList(_)).Times(1);
Reported by FlawFinder.
Line: 587
Column: 20
CWE codes:
120
for (int i = 0; i < 63; ++i) {
Author* next = current_author->add_friend_();
next->set_id(i);
next->set_name(StrCat("author_name_", i));
next->set_alive(true);
current_author = next;
}
// Recursive message with depth (65) > max (max is 64).
Reported by FlawFinder.
Line: 595
Column: 21
CWE codes:
120
// Recursive message with depth (65) > max (max is 64).
for (int i = 0; i < 64; ++i) {
Cyclic* next = current->mutable_m_cyclic();
next->set_m_str(StrCat("count_", i));
current = next;
}
util::Status status = ExecuteTest(cyclic, Cyclic::descriptor());
EXPECT_TRUE(util::IsInvalidArgument(status));
Reported by FlawFinder.
src/google/protobuf/parse_context.cc
5 issues
Line: 125
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (StreamNext(&data)) {
if (size_ > kSlopBytes) {
// We got a large chunk
std::memcpy(buffer_ + kSlopBytes, data, kSlopBytes);
next_chunk_ = static_cast<const char*>(data);
buffer_end_ = buffer_ + kSlopBytes;
if (aliasing_ >= kNoDelta) aliasing_ = kOnPatch;
return buffer_;
} else if (size_ > 0) {
Reported by FlawFinder.
Line: 131
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (aliasing_ >= kNoDelta) aliasing_ = kOnPatch;
return buffer_;
} else if (size_ > 0) {
std::memcpy(buffer_ + kSlopBytes, data, size_);
next_chunk_ = buffer_;
buffer_end_ = buffer_ + size_;
if (aliasing_ >= kNoDelta) aliasing_ = kOnPatch;
return buffer_;
}
Reported by FlawFinder.
Line: 268
Column: 12
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
limit_end_ = buffer_end_ = buffer_ + kSlopBytes;
next_chunk_ = buffer_;
auto ptr = buffer_ + 2 * kSlopBytes - size;
std::memcpy(ptr, data, size);
return ptr;
}
}
overall_limit_ = 0;
next_chunk_ = nullptr;
Reported by FlawFinder.
Line: 506
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void AddFixed64(uint32_t num, uint64_t value) {
if (unknown_ == nullptr) return;
WriteVarint(num * 8 + 1, unknown_);
char buffer[8];
io::CodedOutputStream::WriteLittleEndian64ToArray(
value, reinterpret_cast<uint8_t*>(buffer));
unknown_->append(buffer, 8);
}
const char* ParseLengthDelimited(uint32_t num, const char* ptr,
Reported by FlawFinder.
Line: 530
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void AddFixed32(uint32_t num, uint32_t value) {
if (unknown_ == nullptr) return;
WriteVarint(num * 8 + 5, unknown_);
char buffer[4];
io::CodedOutputStream::WriteLittleEndian32ToArray(
value, reinterpret_cast<uint8_t*>(buffer));
unknown_->append(buffer, 4);
}
Reported by FlawFinder.
src/google/protobuf/util/internal/json_stream_parser.cc
5 issues
Line: 306
Column: 33
CWE codes:
120
default:
result =
util::InternalError(StrCat("Unknown parse type: ", type));
break;
}
if (!result.ok()) {
// If we were cancelled, save our state and try again later.
if (!finishing_ && util::IsCancelled(result)) {
Reported by FlawFinder.
Line: 877
Column: 7
CWE codes:
120
std::string location(p_start - begin, ' ');
location.push_back('^');
auto status = util::InvalidArgumentError(
StrCat(message, "\n", segment, "\n", location));
return status;
}
util::Status JsonStreamParser::ReportUnknown(StringPiece message,
ParseErrorType parse_code) {
Reported by FlawFinder.
Line: 888
Column: 26
CWE codes:
120
return util::CancelledError("");
}
if (p_.empty()) {
return ReportFailure(StrCat("Unexpected end of string. ", message),
parse_code);
}
return ReportFailure(message, parse_code);
}
Reported by FlawFinder.
Line: 897
Column: 39
CWE codes:
120
util::Status JsonStreamParser::IncrementRecursionDepth(
StringPiece key) const {
if (++recursion_depth_ > max_recursion_depth_) {
return util::InvalidArgumentError(StrCat(
"Message too deep. Max recursion depth reached for key '", key, "'"));
}
return util::Status();
}
Reported by FlawFinder.
Line: 537
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return ReportFailure("Invalid unicode code point.",
ParseErrorType::INVALID_UNICODE);
}
char buf[UTFmax];
int len = EncodeAsUTF8Char(code, buf);
// Advance past the [final] code unit escape.
p_.remove_prefix(kUnicodeEscapedLength);
parsed_storage_.append(buf, len);
return util::Status();
Reported by FlawFinder.
ruby/ext/google/protobuf_c/message.c
5 issues
Line: 661
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// TODO(copy unknown fields?)
// TODO(use official upb msg copy function)
memcpy((upb_msg*)new_msg_self->msg, self->msg, size);
Arena_fuse(self->arena, Arena_get(new_msg_self->arena));
return new_msg;
}
// Support function for Message_eq, and also used by other #eq functions.
Reported by FlawFinder.
Line: 1049
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static VALUE Message_encode_json(int argc, VALUE* argv, VALUE klass) {
Message* msg = ruby_to_Message(argv[0]);
int options = 0;
char buf[1024];
size_t size;
upb_status status;
// TODO(haberman): use this message's pool instead.
const upb_symtab *symtab = DescriptorPool_GetSymtab(generated_pool);
Reported by FlawFinder.
Line: 198
Column: 15
CWE codes:
126
static bool Match(const upb_msgdef* m, const char* name, const upb_fielddef** f,
const upb_oneofdef** o, const char* prefix,
const char* suffix) {
size_t sp = strlen(prefix);
size_t ss = strlen(suffix);
size_t sn = strlen(name);
if (sn <= sp + ss) return false;
Reported by FlawFinder.
Line: 199
Column: 15
CWE codes:
126
const upb_oneofdef** o, const char* prefix,
const char* suffix) {
size_t sp = strlen(prefix);
size_t ss = strlen(suffix);
size_t sn = strlen(name);
if (sn <= sp + ss) return false;
if (memcmp(name, prefix, sp) != 0 ||
Reported by FlawFinder.
Line: 200
Column: 15
CWE codes:
126
const char* suffix) {
size_t sp = strlen(prefix);
size_t ss = strlen(suffix);
size_t sn = strlen(name);
if (sn <= sp + ss) return false;
if (memcmp(name, prefix, sp) != 0 ||
memcmp(name + sn - ss, suffix, ss) != 0) {
Reported by FlawFinder.