The following issues were found
src/google/protobuf/compiler/java/java_field.cc
4 issues
Line: 253
Column: 28
CWE codes:
120
(*variables)["capitalized_name"] = info->capitalized_name;
(*variables)["disambiguated_reason"] = info->disambiguated_reason;
(*variables)["constant_name"] = FieldConstantName(descriptor);
(*variables)["number"] = StrCat(descriptor->number());
(*variables)["kt_dsl_builder"] = "_builder";
// These variables are placeholders to pick out the beginning and ends of
// identifiers for annotations (when doing so with existing variables would
// be ambiguous or impossible). They should never be set to anything but the
// empty string.
Reported by FlawFinder.
Line: 288
Column: 7
CWE codes:
120
(*variables)["oneof_name"] = info->name;
(*variables)["oneof_capitalized_name"] = info->capitalized_name;
(*variables)["oneof_index"] =
StrCat(descriptor->containing_oneof()->index());
(*variables)["oneof_stored_type"] = GetOneofStoredType(descriptor);
(*variables)["set_oneof_case_message"] =
info->name + "Case_ = " + StrCat(descriptor->number());
(*variables)["clear_oneof_case_message"] = info->name + "Case_ = 0";
(*variables)["has_oneof_case_message"] =
Reported by FlawFinder.
Line: 291
Column: 33
CWE codes:
120
StrCat(descriptor->containing_oneof()->index());
(*variables)["oneof_stored_type"] = GetOneofStoredType(descriptor);
(*variables)["set_oneof_case_message"] =
info->name + "Case_ = " + StrCat(descriptor->number());
(*variables)["clear_oneof_case_message"] = info->name + "Case_ = 0";
(*variables)["has_oneof_case_message"] =
info->name + "Case_ == " + StrCat(descriptor->number());
}
Reported by FlawFinder.
Line: 294
Column: 34
CWE codes:
120
info->name + "Case_ = " + StrCat(descriptor->number());
(*variables)["clear_oneof_case_message"] = info->name + "Case_ = 0";
(*variables)["has_oneof_case_message"] =
info->name + "Case_ == " + StrCat(descriptor->number());
}
void PrintExtraFieldInfo(const std::map<std::string, std::string>& variables,
io::Printer* printer) {
const std::map<std::string, std::string>::const_iterator it =
Reported by FlawFinder.
src/google/protobuf/compiler/java/java_file.cc
4 issues
Line: 175
Column: 51
CWE codes:
120
if ((*bytecode_estimate) > bytesPerMethod) {
++(*method_num);
printer->Print(chain_statement, "method_num", StrCat(*method_num));
printer->Outdent();
printer->Print("}\n");
printer->Print(method_decl, "method_num", StrCat(*method_num));
printer->Indent();
*bytecode_estimate = 0;
Reported by FlawFinder.
Line: 178
Column: 47
CWE codes:
120
printer->Print(chain_statement, "method_num", StrCat(*method_num));
printer->Outdent();
printer->Print("}\n");
printer->Print(method_decl, "method_num", StrCat(*method_num));
printer->Indent();
*bytecode_estimate = 0;
}
}
} // namespace
Reported by FlawFinder.
Line: 560
Column: 38
CWE codes:
120
" $scope$.getExtensions().get($index$),\n"
" (com.google.protobuf.Message) defaultExtensionInstance);\n"
"}\n",
"scope", scope, "index", StrCat(field->index()), "class",
name_resolver_->GetImmutableClassName(field->message_type()));
} else {
printer->Print("registry.add($scope$.getExtensions().get($index$));\n",
"scope", scope, "index", StrCat(field->index()));
}
Reported by FlawFinder.
Line: 564
Column: 49
CWE codes:
120
name_resolver_->GetImmutableClassName(field->message_type()));
} else {
printer->Print("registry.add($scope$.getExtensions().get($index$));\n",
"scope", scope, "index", StrCat(field->index()));
}
}
printer->Print(
"com.google.protobuf.Descriptors.FileDescriptor\n"
" .internalUpdateFileDescriptor(descriptor, registry);\n");
Reported by FlawFinder.
src/google/protobuf/compiler/java/java_message_lite.cc
4 issues
Line: 235
Column: 27
CWE codes:
120
vars["oneof_name"] = context_->GetOneofGeneratorInfo(oneof)->name;
vars["oneof_capitalized_name"] =
context_->GetOneofGeneratorInfo(oneof)->capitalized_name;
vars["oneof_index"] = StrCat((oneof)->index());
// oneofCase_ and oneof_
printer->Print(vars,
"private int $oneof_name$Case_ = 0;\n"
"private java.lang.Object $oneof_name$_;\n");
// OneofCase enum
Reported by FlawFinder.
Line: 247
Column: 22
CWE codes:
120
const FieldDescriptor* field = (oneof)->field(j);
printer->Print("$field_name$($field_number$),\n", "field_name",
ToUpper(field->name()), "field_number",
StrCat(field->number()));
}
printer->Print("$cap_oneof_name$_NOT_SET(0);\n", "cap_oneof_name",
ToUpper(vars["oneof_name"]));
printer->Print(vars,
"private final int value;\n"
Reported by FlawFinder.
Line: 271
Column: 38
CWE codes:
120
for (int j = 0; j < (oneof)->field_count(); j++) {
const FieldDescriptor* field = (oneof)->field(j);
printer->Print(" case $field_number$: return $field_name$;\n",
"field_number", StrCat(field->number()),
"field_name", ToUpper(field->name()));
}
printer->Print(
" case 0: return $cap_oneof_name$_NOT_SET;\n"
" default: return null;\n"
Reported by FlawFinder.
Line: 307
Column: 30
CWE codes:
120
for (int i = 0; i < descriptor_->field_count(); i++) {
printer->Print("public static final int $constant_name$ = $number$;\n",
"constant_name", FieldConstantName(descriptor_->field(i)),
"number", StrCat(descriptor_->field(i)->number()));
field_generators_.get(descriptor_->field(i)).GenerateMembers(printer);
printer->Print("\n");
}
GenerateParseFromMethods(printer);
Reported by FlawFinder.
src/google/protobuf/repeated_field.h
4 issues
Line: 125
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
template <typename T>
inline void SwapBlock(char* p, char* q) {
T tmp;
memcpy(&tmp, p, sizeof(T));
memcpy(p, q, sizeof(T));
memcpy(q, &tmp, sizeof(T));
}
// Swaps two blocks of memory of size kSize:
Reported by FlawFinder.
Line: 126
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
inline void SwapBlock(char* p, char* q) {
T tmp;
memcpy(&tmp, p, sizeof(T));
memcpy(p, q, sizeof(T));
memcpy(q, &tmp, sizeof(T));
}
// Swaps two blocks of memory of size kSize:
// template <int kSize> void memswap(char* p, char* q);
Reported by FlawFinder.
Line: 127
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
T tmp;
memcpy(&tmp, p, sizeof(T));
memcpy(p, q, sizeof(T));
memcpy(q, &tmp, sizeof(T));
}
// Swaps two blocks of memory of size kSize:
// template <int kSize> void memswap(char* p, char* q);
Reported by FlawFinder.
Line: 1686
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
template <typename Element>
struct ElementCopier<Element, true> {
void operator()(Element* to, const Element* from, int array_size) {
memcpy(to, from, static_cast<size_t>(array_size) * sizeof(Element));
}
};
} // namespace internal
Reported by FlawFinder.
src/google/protobuf/io/io_win32.h
4 issues
Line: 66
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
namespace win32 {
PROTOBUF_EXPORT FILE* fopen(const char* path, const char* mode);
PROTOBUF_EXPORT int access(const char* path, int mode);
PROTOBUF_EXPORT int chdir(const char* path);
PROTOBUF_EXPORT int close(int fd);
PROTOBUF_EXPORT int dup(int fd);
PROTOBUF_EXPORT int dup2(int fd1, int fd2);
PROTOBUF_EXPORT int mkdir(const char* path, int _mode);
Reported by FlawFinder.
Line: 65
Column: 23
CWE codes:
362
namespace io {
namespace win32 {
PROTOBUF_EXPORT FILE* fopen(const char* path, const char* mode);
PROTOBUF_EXPORT int access(const char* path, int mode);
PROTOBUF_EXPORT int chdir(const char* path);
PROTOBUF_EXPORT int close(int fd);
PROTOBUF_EXPORT int dup(int fd);
PROTOBUF_EXPORT int dup2(int fd1, int fd2);
Reported by FlawFinder.
Line: 72
Column: 21
CWE codes:
362
PROTOBUF_EXPORT int dup(int fd);
PROTOBUF_EXPORT int dup2(int fd1, int fd2);
PROTOBUF_EXPORT int mkdir(const char* path, int _mode);
PROTOBUF_EXPORT int open(const char* path, int flags, int mode = 0);
PROTOBUF_EXPORT int read(int fd, void* buffer, size_t size);
PROTOBUF_EXPORT int setmode(int fd, int mode);
PROTOBUF_EXPORT int stat(const char* path, struct _stat* buffer);
PROTOBUF_EXPORT int write(int fd, const void* buffer, size_t size);
PROTOBUF_EXPORT std::wstring testonly_utf8_to_winpath(const char* path);
Reported by FlawFinder.
Line: 73
Column: 21
CWE codes:
120
20
PROTOBUF_EXPORT int dup2(int fd1, int fd2);
PROTOBUF_EXPORT int mkdir(const char* path, int _mode);
PROTOBUF_EXPORT int open(const char* path, int flags, int mode = 0);
PROTOBUF_EXPORT int read(int fd, void* buffer, size_t size);
PROTOBUF_EXPORT int setmode(int fd, int mode);
PROTOBUF_EXPORT int stat(const char* path, struct _stat* buffer);
PROTOBUF_EXPORT int write(int fd, const void* buffer, size_t size);
PROTOBUF_EXPORT std::wstring testonly_utf8_to_winpath(const char* path);
Reported by FlawFinder.
java/core/src/main/java/com/google/protobuf/ExtensionRegistryFactory.java
3 issues
Line: 41
* <p>This factory detects (via reflection) if the full (non-Lite) protocol buffer libraries are
* available, and if so, the instances returned are actually {@link ExtensionRegistry}.
*/
final class ExtensionRegistryFactory {
static final String FULL_REGISTRY_CLASS_NAME = "com.google.protobuf.ExtensionRegistry";
/* Visible for Testing
@Nullable */
Reported by PMD.
Line: 86
try {
return (ExtensionRegistryLite)
EXTENSION_REGISTRY_CLASS.getDeclaredMethod(methodName).invoke(null);
} catch (Exception e) {
return null;
}
}
}
Reported by PMD.
Line: 87
try {
return (ExtensionRegistryLite)
EXTENSION_REGISTRY_CLASS.getDeclaredMethod(methodName).invoke(null);
} catch (Exception e) {
return null;
}
}
}
Reported by PMD.
src/google/protobuf/arena_unittest.cc
3 issues
Line: 158
GOOGLE_DISALLOW_EVIL_CONSTRUCTORS(MustBeConstructedWithOneThroughEight);
};
TEST(ArenaTest, ArenaConstructable) {
EXPECT_TRUE(Arena::is_arena_constructable<TestAllTypes>::type::value);
EXPECT_TRUE(Arena::is_arena_constructable<const TestAllTypes>::type::value);
EXPECT_FALSE(Arena::is_arena_constructable<Arena>::type::value);
}
Reported by Cppcheck.
Line: 319
Column: 13
CWE codes:
126
TestUtil::ExpectAllFieldsSet(*arena_message);
// Test that string fields have nul terminator bytes (earlier bug).
EXPECT_EQ(strlen(original.optional_string().c_str()),
strlen(arena_message->optional_string().c_str()));
}
TEST(ArenaTest, UnknownFields) {
TestAllTypes original;
Reported by FlawFinder.
Line: 320
Column: 13
CWE codes:
126
// Test that string fields have nul terminator bytes (earlier bug).
EXPECT_EQ(strlen(original.optional_string().c_str()),
strlen(arena_message->optional_string().c_str()));
}
TEST(ArenaTest, UnknownFields) {
TestAllTypes original;
TestUtil::SetAllFields(&original);
Reported by FlawFinder.
java/core/src/main/java/com/google/protobuf/InvalidProtocolBufferException.java
3 issues
Line: 41
*
* @author kenton@google.com Kenton Varda
*/
public class InvalidProtocolBufferException extends IOException {
private static final long serialVersionUID = -1616151763072450476L;
private MessageLite unfinishedMessage = null;
private boolean wasThrownFromInputStream;
public InvalidProtocolBufferException(final String description) {
Reported by PMD.
Line: 43
*/
public class InvalidProtocolBufferException extends IOException {
private static final long serialVersionUID = -1616151763072450476L;
private MessageLite unfinishedMessage = null;
private boolean wasThrownFromInputStream;
public InvalidProtocolBufferException(final String description) {
super(description);
}
Reported by PMD.
Line: 44
public class InvalidProtocolBufferException extends IOException {
private static final long serialVersionUID = -1616151763072450476L;
private MessageLite unfinishedMessage = null;
private boolean wasThrownFromInputStream;
public InvalidProtocolBufferException(final String description) {
super(description);
}
Reported by PMD.
java/core/src/main/java/com/google/protobuf/UninitializedMessageException.java
3 issues
Line: 50
public class UninitializedMessageException extends RuntimeException {
private static final long serialVersionUID = -7466929953374883507L;
public UninitializedMessageException(final MessageLite message) {
super(
"Message was missing required fields. (Lite runtime could not "
+ "determine which fields were missing).");
missingFields = null;
}
Reported by PMD.
Line: 85
/** Construct the description string for this exception. */
private static String buildDescription(final List<String> missingFields) {
final StringBuilder description = new StringBuilder("Message missing required fields: ");
boolean first = true;
for (final String field : missingFields) {
if (first) {
first = false;
} else {
description.append(", ");
Reported by PMD.
Line: 88
boolean first = true;
for (final String field : missingFields) {
if (first) {
first = false;
} else {
description.append(", ");
}
description.append(field);
}
Reported by PMD.
ruby/src/main/java/com/google/protobuf/jruby/RubyEnum.java
3 issues
Line: 40
import org.jruby.runtime.ThreadContext;
import org.jruby.runtime.builtin.IRubyObject;
public class RubyEnum {
/*
* call-seq:
* Enum.lookup(number) => name
*
* This module method, provided on each generated enum module, looks up an enum
Reported by PMD.
Line: 51
@JRubyMethod(meta = true)
public static IRubyObject lookup(ThreadContext context, IRubyObject recv, IRubyObject number) {
RubyEnumDescriptor rubyEnumDescriptor = (RubyEnumDescriptor) getDescriptor(context, recv);
return rubyEnumDescriptor.numberToName(context, number);
}
/*
* call-seq:
* Enum.resolve(name) => number
Reported by PMD.
Line: 64
@JRubyMethod(meta = true)
public static IRubyObject resolve(ThreadContext context, IRubyObject recv, IRubyObject name) {
RubyEnumDescriptor rubyEnumDescriptor = (RubyEnumDescriptor) getDescriptor(context, recv);
return rubyEnumDescriptor.nameToNumber(context, name);
}
/*
* call-seq:
* Enum.descriptor
Reported by PMD.