The following issues were found
src/google/protobuf/compiler/objectivec/objectivec_generator.cc
3 issues
Line: 181
Column: 23
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
// These are not official generation options and could be removed/changed in
// the future and doing that won't count as a breaking change.
bool headers_only = getenv("GPB_OBJC_HEADERS_ONLY") != NULL;
std::unordered_set<std::string> skip_impls;
if (getenv("GPB_OBJC_SKIP_IMPLS_FILE") != NULL) {
std::ifstream skip_file(getenv("GPB_OBJC_SKIP_IMPLS_FILE"));
if (skip_file.is_open()) {
std::string line;
Reported by FlawFinder.
Line: 183
Column: 7
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
// the future and doing that won't count as a breaking change.
bool headers_only = getenv("GPB_OBJC_HEADERS_ONLY") != NULL;
std::unordered_set<std::string> skip_impls;
if (getenv("GPB_OBJC_SKIP_IMPLS_FILE") != NULL) {
std::ifstream skip_file(getenv("GPB_OBJC_SKIP_IMPLS_FILE"));
if (skip_file.is_open()) {
std::string line;
while (std::getline(skip_file, line)) {
skip_impls.insert(line);
Reported by FlawFinder.
Line: 184
Column: 29
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
bool headers_only = getenv("GPB_OBJC_HEADERS_ONLY") != NULL;
std::unordered_set<std::string> skip_impls;
if (getenv("GPB_OBJC_SKIP_IMPLS_FILE") != NULL) {
std::ifstream skip_file(getenv("GPB_OBJC_SKIP_IMPLS_FILE"));
if (skip_file.is_open()) {
std::string line;
while (std::getline(skip_file, line)) {
skip_impls.insert(line);
}
Reported by FlawFinder.
ruby/ext/google/protobuf_c/convert.c
3 issues
Line: 49
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
upb_strview ret;
if (arena) {
char *ptr = upb_arena_malloc(arena, RSTRING_LEN(str));
memcpy(ptr, RSTRING_PTR(str), RSTRING_LEN(str));
ret.data = ptr;
} else {
// Data is only needed temporarily (within map lookup).
ret.data = RSTRING_PTR(str);
}
Reported by FlawFinder.
Line: 282
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (type_info.type) {
default:
memcpy(&new_msgval, &msgval, sizeof(msgval));
break;
case UPB_TYPE_STRING:
case UPB_TYPE_BYTES: {
size_t n = msgval.str_val.size;
char *mem = upb_arena_malloc(arena, n);
Reported by FlawFinder.
Line: 290
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char *mem = upb_arena_malloc(arena, n);
new_msgval.str_val.data = mem;
new_msgval.str_val.size = n;
memcpy(mem, msgval.str_val.data, n);
break;
}
case UPB_TYPE_MESSAGE:
new_msgval.msg_val =
Message_deep_copy(msgval.msg_val, type_info.def.msgdef, arena);
Reported by FlawFinder.
src/google/protobuf/compiler/java/java_enum_field.cc
3 issues
Line: 71
Column: 7
CWE codes:
120
name_resolver->GetMutableClassName(descriptor->enum_type());
(*variables)["default"] = ImmutableDefaultValue(descriptor, name_resolver);
(*variables)["default_number"] =
StrCat(descriptor->default_value_enum()->number());
(*variables)["tag"] = StrCat(
static_cast<int32_t>(internal::WireFormat::MakeTag(descriptor)));
(*variables)["tag_size"] = StrCat(
internal::WireFormat::TagSize(descriptor->number(), GetType(descriptor)));
// TODO(birdo): Add @deprecated javadoc when generating javadoc is supported
Reported by FlawFinder.
Line: 72
Column: 25
CWE codes:
120
(*variables)["default"] = ImmutableDefaultValue(descriptor, name_resolver);
(*variables)["default_number"] =
StrCat(descriptor->default_value_enum()->number());
(*variables)["tag"] = StrCat(
static_cast<int32_t>(internal::WireFormat::MakeTag(descriptor)));
(*variables)["tag_size"] = StrCat(
internal::WireFormat::TagSize(descriptor->number(), GetType(descriptor)));
// TODO(birdo): Add @deprecated javadoc when generating javadoc is supported
// by the proto compiler
Reported by FlawFinder.
Line: 74
Column: 30
CWE codes:
120
StrCat(descriptor->default_value_enum()->number());
(*variables)["tag"] = StrCat(
static_cast<int32_t>(internal::WireFormat::MakeTag(descriptor)));
(*variables)["tag_size"] = StrCat(
internal::WireFormat::TagSize(descriptor->number(), GetType(descriptor)));
// TODO(birdo): Add @deprecated javadoc when generating javadoc is supported
// by the proto compiler
(*variables)["deprecation"] =
descriptor->options().deprecated() ? "@java.lang.Deprecated " : "";
Reported by FlawFinder.
src/google/protobuf/compiler/java/java_enum_field_lite.cc
3 issues
Line: 78
Column: 7
CWE codes:
120
name_resolver->GetMutableClassName(descriptor->enum_type());
(*variables)["default"] = ImmutableDefaultValue(descriptor, name_resolver);
(*variables)["default_number"] =
StrCat(descriptor->default_value_enum()->number());
(*variables)["tag"] = StrCat(
static_cast<int32_t>(internal::WireFormat::MakeTag(descriptor)));
(*variables)["tag_size"] = StrCat(
internal::WireFormat::TagSize(descriptor->number(), GetType(descriptor)));
// TODO(birdo): Add @deprecated javadoc when generating javadoc is supported
Reported by FlawFinder.
Line: 79
Column: 25
CWE codes:
120
(*variables)["default"] = ImmutableDefaultValue(descriptor, name_resolver);
(*variables)["default_number"] =
StrCat(descriptor->default_value_enum()->number());
(*variables)["tag"] = StrCat(
static_cast<int32_t>(internal::WireFormat::MakeTag(descriptor)));
(*variables)["tag_size"] = StrCat(
internal::WireFormat::TagSize(descriptor->number(), GetType(descriptor)));
// TODO(birdo): Add @deprecated javadoc when generating javadoc is supported
// by the proto compiler
Reported by FlawFinder.
Line: 81
Column: 30
CWE codes:
120
StrCat(descriptor->default_value_enum()->number());
(*variables)["tag"] = StrCat(
static_cast<int32_t>(internal::WireFormat::MakeTag(descriptor)));
(*variables)["tag_size"] = StrCat(
internal::WireFormat::TagSize(descriptor->number(), GetType(descriptor)));
// TODO(birdo): Add @deprecated javadoc when generating javadoc is supported
// by the proto compiler
(*variables)["deprecation"] =
descriptor->options().deprecated() ? "@java.lang.Deprecated " : "";
Reported by FlawFinder.
src/google/protobuf/compiler/java/java_enum_lite.cc
3 issues
Line: 91
Column: 22
CWE codes:
120
for (int i = 0; i < canonical_values_.size(); i++) {
std::map<std::string, std::string> vars;
vars["name"] = canonical_values_[i]->name();
vars["number"] = StrCat(canonical_values_[i]->number());
WriteEnumValueDocComment(printer, canonical_values_[i]);
if (canonical_values_[i]->options().deprecated()) {
printer->Print("@java.lang.Deprecated\n");
}
printer->Print(vars, "$name$($number$),\n");
Reported by FlawFinder.
Line: 125
Column: 22
CWE codes:
120
for (int i = 0; i < descriptor_->value_count(); i++) {
std::map<std::string, std::string> vars;
vars["name"] = descriptor_->value(i)->name();
vars["number"] = StrCat(descriptor_->value(i)->number());
vars["{"] = "";
vars["}"] = "";
vars["deprecation"] = descriptor_->value(i)->options().deprecated()
? "@java.lang.Deprecated "
: "";
Reported by FlawFinder.
Line: 175
Column: 20
CWE codes:
120
for (int i = 0; i < canonical_values_.size(); i++) {
printer->Print("case $number$: return $name$;\n", "name",
canonical_values_[i]->name(), "number",
StrCat(canonical_values_[i]->number()));
}
printer->Outdent();
printer->Outdent();
printer->Print(
Reported by FlawFinder.
src/google/protobuf/compiler/java/java_extension.cc
3 issues
Line: 72
Column: 20
CWE codes:
120
vars["name"] = UnderscoresToCamelCaseCheckReserved(descriptor);
vars["containing_type"] =
name_resolver->GetClassName(descriptor->containing_type(), immutable);
vars["number"] = StrCat(descriptor->number());
vars["constant_name"] = FieldConstantName(descriptor);
vars["index"] = StrCat(descriptor->index());
vars["default"] = descriptor->is_repeated()
? ""
: DefaultValue(descriptor, immutable, name_resolver);
Reported by FlawFinder.
Line: 74
Column: 19
CWE codes:
120
name_resolver->GetClassName(descriptor->containing_type(), immutable);
vars["number"] = StrCat(descriptor->number());
vars["constant_name"] = FieldConstantName(descriptor);
vars["index"] = StrCat(descriptor->index());
vars["default"] = descriptor->is_repeated()
? ""
: DefaultValue(descriptor, immutable, name_resolver);
vars["type_constant"] = FieldTypeName(GetType(descriptor));
vars["packed"] = descriptor->is_packed() ? "true" : "false";
Reported by FlawFinder.
Line: 156
Column: 9
CWE codes:
120
printer->Print(
"$name$.internalInit(descriptor.getExtensions().get($index$));\n",
"name", UnderscoresToCamelCaseCheckReserved(descriptor_), "index",
StrCat(descriptor_->index()));
bytecode_estimate += 21;
}
return bytecode_estimate;
}
Reported by FlawFinder.
src/google/protobuf/generated_message_tctable_lite.cc
3 issues
Line: 89
std::memcpy(Offset(msg, data.offset()), ptr, sizeof(LayoutType));
ptr += sizeof(LayoutType);
// TailCall syncs any pending hasbits:
PROTOBUF_MUSTTAIL return TailCall(PROTOBUF_TC_PARAM_PASS);
}
template <typename LayoutType, typename TagType>
const char* TcParserBase::RepeatedFixed(PROTOBUF_TC_PARAM_DECL) {
if (PROTOBUF_PREDICT_FALSE(data.coded_tag<TagType>() != 0)) {
Reported by Cppcheck.
Line: 86
Column: 8
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
ptr += sizeof(TagType); // Consume tag
hasbits |= (uint64_t{1} << data.hasbit_idx());
std::memcpy(Offset(msg, data.offset()), ptr, sizeof(LayoutType));
ptr += sizeof(LayoutType);
// TailCall syncs any pending hasbits:
PROTOBUF_MUSTTAIL return TailCall(PROTOBUF_TC_PARAM_PASS);
}
Reported by FlawFinder.
Line: 114
Column: 10
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
auto expected_tag = UnalignedLoad<TagType>(ptr);
do {
ptr += sizeof(TagType);
std::memcpy(elem + (idx++), ptr, sizeof(LayoutType));
ptr += sizeof(LayoutType);
if (idx >= space) break;
if (!ctx->DataAvailable(ptr)) break;
} while (UnalignedLoad<TagType>(ptr) == expected_tag);
field.AddNAlreadyReserved(idx - 1);
Reported by FlawFinder.
java/core/src/main/java/com/google/protobuf/UnknownFieldSchema.java
3 issues
Line: 36
import java.io.IOException;
@ExperimentalApi
abstract class UnknownFieldSchema<T, B> {
/** Whether unknown fields should be dropped. */
abstract boolean shouldDiscardUnknownFields(Reader reader);
/** Adds a varint value to the unknown fields. */
Reported by PMD.
Line: 81
abstract void makeImmutable(Object message);
/** Merges one field into the unknown fields. */
final boolean mergeOneFieldFrom(B unknownFields, Reader reader) throws IOException {
int tag = reader.getTag();
int fieldNumber = WireFormat.getTagFieldNumber(tag);
switch (WireFormat.getTagWireType(tag)) {
case WireFormat.WIRETYPE_VARINT:
addVarint(unknownFields, fieldNumber, reader.readInt64());
Reported by PMD.
Line: 83
/** Merges one field into the unknown fields. */
final boolean mergeOneFieldFrom(B unknownFields, Reader reader) throws IOException {
int tag = reader.getTag();
int fieldNumber = WireFormat.getTagFieldNumber(tag);
switch (WireFormat.getTagWireType(tag)) {
case WireFormat.WIRETYPE_VARINT:
addVarint(unknownFields, fieldNumber, reader.readInt64());
return true;
case WireFormat.WIRETYPE_FIXED32:
Reported by PMD.
java/core/src/main/java/com/google/protobuf/ProtobufArrayList.java
3 issues
Line: 52
return (ProtobufArrayList<E>) EMPTY_LIST;
}
private E[] array;
private int size;
@SuppressWarnings("unchecked")
ProtobufArrayList() {
this((E[]) new Object[DEFAULT_CAPACITY], 0);
Reported by PMD.
Line: 53
}
private E[] array;
private int size;
@SuppressWarnings("unchecked")
ProtobufArrayList() {
this((E[]) new Object[DEFAULT_CAPACITY], 0);
}
Reported by PMD.
Line: 53
}
private E[] array;
private int size;
@SuppressWarnings("unchecked")
ProtobufArrayList() {
this((E[]) new Object[DEFAULT_CAPACITY], 0);
}
Reported by PMD.
src/google/protobuf/io/zero_copy_stream_impl_lite.cc
3 issues
Line: 183
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// ===================================================================
int CopyingInputStream::Skip(int count) {
char junk[4096];
int skipped = 0;
while (skipped < count) {
int bytes = Read(junk, std::min(count - skipped,
implicit_cast<int>(sizeof(junk))));
if (bytes <= 0) {
Reported by FlawFinder.
Line: 363
Column: 12
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (size <= out_size) {
std::memcpy(out, data, size);
BackUp(out_size - size);
return true;
}
std::memcpy(out, data, out_size);
Reported by FlawFinder.
Line: 368
Column: 10
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return true;
}
std::memcpy(out, data, out_size);
data = static_cast<const char*>(data) + out_size;
size -= out_size;
}
return true;
}
Reported by FlawFinder.