The following issues were found
src/google/protobuf/compiler/java/java_message_builder.cc
3 issues
Line: 127
Column: 27
CWE codes:
120
vars["oneof_name"] = context_->GetOneofGeneratorInfo(oneof)->name;
vars["oneof_capitalized_name"] =
context_->GetOneofGeneratorInfo(oneof)->capitalized_name;
vars["oneof_index"] = StrCat(oneof->index());
// oneofCase_ and oneof_
printer->Print(vars,
"private int $oneof_name$Case_ = 0;\n"
"private java.lang.Object $oneof_name$_;\n");
// oneofCase() and clearOneof()
Reported by FlawFinder.
Line: 231
Column: 21
CWE codes:
120
printer->Print(
"case $number$:\n"
" return internalGet$capitalized_name$();\n",
"number", StrCat(field->number()), "capitalized_name",
info->capitalized_name);
}
printer->Print(
"default:\n"
" throw new RuntimeException(\n"
Reported by FlawFinder.
Line: 256
Column: 21
CWE codes:
120
printer->Print(
"case $number$:\n"
" return internalGetMutable$capitalized_name$();\n",
"number", StrCat(field->number()), "capitalized_name",
info->capitalized_name);
}
printer->Print(
"default:\n"
" throw new RuntimeException(\n"
Reported by FlawFinder.
conformance/conformance_test_runner.cc
3 issues
Line: 305
Column: 26
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
argv.push_back(nullptr);
// Never returns.
GOOGLE_CHECK_SYSCALL(execv(executable.get(), const_cast<char **>(argv.data())));
}
}
void ForkPipeRunner::CheckedWrite(int fd, const void *buf, size_t len) {
if (static_cast<size_t>(write(fd, buf, len)) != len) {
Reported by FlawFinder.
Line: 295
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
GOOGLE_CHECK_SYSCALL(close(fromproc_pipe_fd[0]));
std::unique_ptr<char[]> executable(new char[executable_.size() + 1]);
memcpy(executable.get(), executable_.c_str(), executable_.size());
executable[executable_.size()] = '\0';
std::vector<const char *> argv;
argv.push_back(executable.get());
for (size_t i = 0; i < executable_args_.size(); ++i) {
Reported by FlawFinder.
Line: 319
Column: 26
CWE codes:
120
20
bool ForkPipeRunner::TryRead(int fd, void *buf, size_t len) {
size_t ofs = 0;
while (len > 0) {
ssize_t bytes_read = read(fd, (char*)buf + ofs, len);
if (bytes_read == 0) {
GOOGLE_LOG(ERROR) << current_test_name_ << ": unexpected EOF from test program";
return false;
} else if (bytes_read < 0) {
Reported by FlawFinder.
src/google/protobuf/descriptor_database.cc
3 issues
Line: 54
Column: 33
CWE codes:
120
GOOGLE_CHECK(desc_proto.has_name());
std::string full_name = prefix.empty()
? desc_proto.name()
: StrCat(prefix, ".", desc_proto.name());
output->insert(full_name);
for (const auto& d : desc_proto.nested_type()) {
RecordMessageNames(d, full_name, output);
}
Reported by FlawFinder.
Line: 481
Column: 14
CWE codes:
120
std::string AsString(const DescriptorIndex& index) const {
auto p = package(index);
return StrCat(p, p.empty() ? "" : ".", symbol(index));
}
};
struct SymbolCompare {
const DescriptorIndex& index;
Reported by FlawFinder.
Line: 568
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
bool EncodedDescriptorDatabase::AddCopy(const void* encoded_file_descriptor,
int size) {
void* copy = operator new(size);
memcpy(copy, encoded_file_descriptor, size);
files_to_delete_.push_back(copy);
return Add(copy, size);
}
bool EncodedDescriptorDatabase::FindFileByName(const std::string& filename,
Reported by FlawFinder.
java/core/src/main/java/com/google/protobuf/UnknownFieldSetLiteSchema.java
3 issues
Line: 36
import java.io.IOException;
class UnknownFieldSetLiteSchema
extends UnknownFieldSchema<UnknownFieldSetLite, UnknownFieldSetLite> {
UnknownFieldSetLiteSchema() {}
@Override
boolean shouldDiscardUnknownFields(Reader reader) {
Reported by PMD.
Line: 97
UnknownFieldSetLite unknownFields = getFromMessage(message);
// When parsing into a lite message object, its UnknownFieldSet is either the default instance
// or mutable. It can't be in a state where it's immutable but not default instance.
if (unknownFields == UnknownFieldSetLite.getDefaultInstance()) {
unknownFields = UnknownFieldSetLite.newInstance();
setToMessage(message, unknownFields);
}
return unknownFields;
}
Reported by PMD.
Line: 111
@Override
void makeImmutable(Object message) {
getFromMessage(message).makeImmutable();
}
@Override
void writeTo(UnknownFieldSetLite fields, Writer writer) throws IOException {
fields.writeTo(writer);
Reported by PMD.
src/google/protobuf/compiler/java/java_primitive_field.cc
3 issues
Line: 117
Column: 7
CWE codes:
120
(*variables)["capitalized_type"] =
GetCapitalizedType(descriptor, /* immutable = */ true);
(*variables)["tag"] =
StrCat(static_cast<int32_t>(WireFormat::MakeTag(descriptor)));
(*variables)["tag_size"] = StrCat(
WireFormat::TagSize(descriptor->number(), GetType(descriptor)));
if (IsReferenceType(GetJavaType(descriptor))) {
(*variables)["null_check"] =
" if (value == null) {\n"
Reported by FlawFinder.
Line: 118
Column: 30
CWE codes:
120
GetCapitalizedType(descriptor, /* immutable = */ true);
(*variables)["tag"] =
StrCat(static_cast<int32_t>(WireFormat::MakeTag(descriptor)));
(*variables)["tag_size"] = StrCat(
WireFormat::TagSize(descriptor->number(), GetType(descriptor)));
if (IsReferenceType(GetJavaType(descriptor))) {
(*variables)["null_check"] =
" if (value == null) {\n"
" throw new NullPointerException();\n"
Reported by FlawFinder.
Line: 139
Column: 34
CWE codes:
120
: "";
int fixed_size = FixedSize(GetType(descriptor));
if (fixed_size != -1) {
(*variables)["fixed_size"] = StrCat(fixed_size);
}
(*variables)["on_changed"] = "onChanged();";
if (HasHasbit(descriptor)) {
// For singular messages and builders, one bit is used for the hasField bit.
Reported by FlawFinder.
src/google/protobuf/compiler/java/java_primitive_field_lite.cc
3 issues
Line: 83
Column: 7
CWE codes:
120
(*variables)["capitalized_type"] =
GetCapitalizedType(descriptor, /* immutable = */ true);
(*variables)["tag"] =
StrCat(static_cast<int32_t>(WireFormat::MakeTag(descriptor)));
(*variables)["tag_size"] = StrCat(
WireFormat::TagSize(descriptor->number(), GetType(descriptor)));
(*variables)["required"] = descriptor->is_required() ? "true" : "false";
std::string capitalized_type = UnderscoresToCamelCase(
Reported by FlawFinder.
Line: 84
Column: 30
CWE codes:
120
GetCapitalizedType(descriptor, /* immutable = */ true);
(*variables)["tag"] =
StrCat(static_cast<int32_t>(WireFormat::MakeTag(descriptor)));
(*variables)["tag_size"] = StrCat(
WireFormat::TagSize(descriptor->number(), GetType(descriptor)));
(*variables)["required"] = descriptor->is_required() ? "true" : "false";
std::string capitalized_type = UnderscoresToCamelCase(
PrimitiveTypeName(javaType), true /* cap_next_letter */);
Reported by FlawFinder.
Line: 148
Column: 34
CWE codes:
120
: "";
int fixed_size = FixedSize(GetType(descriptor));
if (fixed_size != -1) {
(*variables)["fixed_size"] = StrCat(fixed_size);
}
if (HasHasbit(descriptor)) {
// For singular messages and builders, one bit is used for the hasField bit.
(*variables)["get_has_field_bit_message"] = GenerateGetBit(messageBitIndex);
Reported by FlawFinder.
java/core/src/main/java/com/google/protobuf/RpcUtil.java
3 issues
Line: 91
@SuppressWarnings("unchecked")
private static <Type extends Message> Type copyAsType(
final Type typeDefaultInstance, final Message source) {
return (Type) typeDefaultInstance.newBuilderForType().mergeFrom(source).build();
}
/**
* Creates a callback which can only be called once. This may be useful for security, when passing
* a callback to untrusted code: most callbacks do not expect to be called more than once, so
Reported by PMD.
Line: 91
@SuppressWarnings("unchecked")
private static <Type extends Message> Type copyAsType(
final Type typeDefaultInstance, final Message source) {
return (Type) typeDefaultInstance.newBuilderForType().mergeFrom(source).build();
}
/**
* Creates a callback which can only be called once. This may be useful for security, when passing
* a callback to untrusted code: most callbacks do not expect to be called more than once, so
Reported by PMD.
Line: 102
public static <ParameterType> RpcCallback<ParameterType> newOneTimeCallback(
final RpcCallback<ParameterType> originalCallback) {
return new RpcCallback<ParameterType>() {
private boolean alreadyCalled = false;
@Override
public void run(final ParameterType parameter) {
synchronized (this) {
if (alreadyCalled) {
Reported by PMD.
src/google/protobuf/compiler/objectivec/objectivec_message.cc
3 issues
Line: 455
Column: 31
CWE codes:
120
"typedef struct $classname$__storage_ {\n"
" uint32_t _has_storage_[$sizeof_has_storage$];\n",
"classname", class_name_,
"sizeof_has_storage", StrCat(sizeof_has_storage));
printer->Indent();
for (int i = 0; i < descriptor_->field_count(); i++) {
field_generators_.get(size_order_fields[i])
.GenerateFieldStorageDeclaration(printer);
Reported by FlawFinder.
Line: 576
Column: 33
CWE codes:
120
" static const GPBExtensionRange ranges[] = {\n");
for (int i = 0; i < sorted_extensions.size(); i++) {
printer->Print(" { .start = $start$, .end = $end$ },\n",
"start", StrCat(sorted_extensions[i]->start),
"end", StrCat(sorted_extensions[i]->end));
}
printer->Print(
" };\n"
" [localDescriptor setupExtensionRanges:ranges\n"
Reported by FlawFinder.
Line: 577
Column: 31
CWE codes:
120
for (int i = 0; i < sorted_extensions.size(); i++) {
printer->Print(" { .start = $start$, .end = $end$ },\n",
"start", StrCat(sorted_extensions[i]->start),
"end", StrCat(sorted_extensions[i]->end));
}
printer->Print(
" };\n"
" [localDescriptor setupExtensionRanges:ranges\n"
" count:(uint32_t)(sizeof(ranges) / sizeof(GPBExtensionRange))];\n");
Reported by FlawFinder.
src/google/protobuf/compiler/objectivec/objectivec_oneof.cc
3 issues
Line: 49
Column: 29
CWE codes:
120
variables_["enum_name"] = OneofEnumName(descriptor_);
variables_["name"] = OneofName(descriptor_);
variables_["capitalized_name"] = OneofNameCapitalized(descriptor_);
variables_["raw_index"] = StrCat(descriptor_->index());
const Descriptor* msg_descriptor = descriptor_->containing_type();
variables_["owning_message_class"] = ClassName(msg_descriptor);
std::string comments;
SourceLocation location;
Reported by FlawFinder.
Line: 68
Column: 25
CWE codes:
120
void OneofGenerator::SetOneofIndexBase(int index_base) {
int index = descriptor_->index() + index_base;
// Flip the sign to mark it as a oneof.
variables_["index"] = StrCat(-index);
}
void OneofGenerator::GenerateCaseEnum(io::Printer* printer) {
printer->Print(
variables_,
Reported by FlawFinder.
Line: 87
Column: 25
CWE codes:
120
"$enum_name$_$field_name$ = $field_number$,\n",
"enum_name", enum_name,
"field_name", field_name,
"field_number", StrCat(field->number()));
}
printer->Outdent();
printer->Print(
"};\n"
"\n");
Reported by FlawFinder.
src/google/protobuf/compiler/php/php_generator.cc
3 issues
Line: 901
Column: 21
CWE codes:
120
"field", field->name(),
"key", ToUpper(key->type_name()),
"value", ToUpper(val->type_name()),
"number", StrCat(field->number()),
"other", EnumOrMessageSuffix(val, true));
} else if (!field->real_containing_oneof()) {
printer->Print(
"->^label^('^field^', "
"\\Google\\Protobuf\\Internal\\GPBType::^type^, ^number^^other^)\n",
Reported by FlawFinder.
Line: 910
Column: 21
CWE codes:
120
"field", field->name(),
"label", LabelForField(field),
"type", ToUpper(field->type_name()),
"number", StrCat(field->number()),
"other", EnumOrMessageSuffix(field, true));
}
}
// oneofs.
Reported by FlawFinder.
Line: 928
Column: 21
CWE codes:
120
"\\Google\\Protobuf\\Internal\\GPBType::^type^, ^number^^other^)\n",
"field", field->name(),
"type", ToUpper(field->type_name()),
"number", StrCat(field->number()),
"other", EnumOrMessageSuffix(field, true));
}
printer->Print("->finish()\n");
Outdent(printer);
}
Reported by FlawFinder.