The following issues were found
src/google/protobuf/stubs/mutex.h
2 issues
Line: 82
Column: 27
CWE codes:
Suggestion:
Use InitializeCriticalSectionAndSpinCount instead
// XP SP3 and above.
class PROTOBUF_EXPORT CriticalSectionLock {
public:
CriticalSectionLock() { InitializeCriticalSection(&critical_section_); }
~CriticalSectionLock() { DeleteCriticalSection(&critical_section_); }
void lock() { EnterCriticalSection(&critical_section_); }
void unlock() { LeaveCriticalSection(&critical_section_); }
private:
Reported by FlawFinder.
Line: 113
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
std::once_flag flag_;
alignas(T) char buf_[sizeof(T)];
};
// Mutex is a natural type to wrap. As both google and other organization have
// specialized mutexes. gRPC also provides an injection mechanism for custom
// mutexes.
Reported by FlawFinder.
src/google/protobuf/stubs/stringpiece_unittest.cc
2 issues
Line: 102
// TODO(mec): StringPiece(const StringPiece&);
}
TEST(StringPiece, STLComparator) {
std::string s1("foo");
std::string s2("bar");
std::string s3("baz");
StringPiece p1(s1);
Reported by Cppcheck.
Line: 284
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
EXPECT_GE(a.max_size(), a.capacity());
EXPECT_GE(a.capacity(), a.size());
char buf[4] = { '%', '%', '%', '%' };
EXPECT_EQ(a.copy(buf, 4), 4);
EXPECT_EQ(buf[0], a[0]);
EXPECT_EQ(buf[1], a[1]);
EXPECT_EQ(buf[2], a[2]);
EXPECT_EQ(buf[3], a[3]);
Reported by FlawFinder.
src/google/protobuf/stubs/stringprintf_unittest.cc
2 issues
Line: 57
EXPECT_EQ("", StringPrintf("%s", ""));
}
TEST(StringPrintfTest, Misc) {
// MSVC and mingw does not support $ format specifier.
#if !defined(_MSC_VER) && !defined(__MINGW32__)
EXPECT_EQ("123hello w", StringPrintf("%3$d%2$s %1$c", 'w', "hello", 123));
#endif // !_MSC_VER
}
Reported by Cppcheck.
Line: 115
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const size_t n = 2048;
std::array<char, n+1> buf;
memset(&buf[0], ' ', n-3);
memcpy(&buf[0] + n - 3, kInvalidCodePoint, 4);
value = StringPrintf("%.*s", n, &buf[0]);
// See GRTEv2 vs. GRTEv3 comment above.
EXPECT_TRUE(value.empty() || value == &buf[0]);
setlocale(LC_CTYPE, old_locale.c_str());
Reported by FlawFinder.
src/google/protobuf/timestamp.pb.cc
2 issues
Line: 293
// @@protoc_insertion_point(namespace_scope)
PROTOBUF_NAMESPACE_CLOSE
PROTOBUF_NAMESPACE_OPEN
template<> PROTOBUF_NOINLINE ::PROTOBUF_NAMESPACE_ID::Timestamp* Arena::CreateMaybeMessage< ::PROTOBUF_NAMESPACE_ID::Timestamp >(Arena* arena) {
return Arena::CreateMessageInternal< ::PROTOBUF_NAMESPACE_ID::Timestamp >(arena);
}
PROTOBUF_NAMESPACE_CLOSE
Reported by Cppcheck.
Line: 97
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
Timestamp::Timestamp(const Timestamp& from)
: ::PROTOBUF_NAMESPACE_ID::Message() {
_internal_metadata_.MergeFrom<::PROTOBUF_NAMESPACE_ID::UnknownFieldSet>(from._internal_metadata_);
::memcpy(&seconds_, &from.seconds_,
static_cast<size_t>(reinterpret_cast<char*>(&nanos_) -
reinterpret_cast<char*>(&seconds_)) + sizeof(nanos_));
// @@protoc_insertion_point(copy_constructor:google.protobuf.Timestamp)
}
Reported by FlawFinder.
src/google/protobuf/type.pb.cc
2 issues
Line: 2066
// @@protoc_insertion_point(namespace_scope)
PROTOBUF_NAMESPACE_CLOSE
PROTOBUF_NAMESPACE_OPEN
template<> PROTOBUF_NOINLINE ::PROTOBUF_NAMESPACE_ID::Type* Arena::CreateMaybeMessage< ::PROTOBUF_NAMESPACE_ID::Type >(Arena* arena) {
return Arena::CreateMessageInternal< ::PROTOBUF_NAMESPACE_ID::Type >(arena);
}
template<> PROTOBUF_NOINLINE ::PROTOBUF_NAMESPACE_ID::Field* Arena::CreateMaybeMessage< ::PROTOBUF_NAMESPACE_ID::Field >(Arena* arena) {
return Arena::CreateMessageInternal< ::PROTOBUF_NAMESPACE_ID::Field >(arena);
Reported by Cppcheck.
Line: 764
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
default_value_.Set(::PROTOBUF_NAMESPACE_ID::internal::ArenaStringPtr::EmptyDefault{}, from._internal_default_value(),
GetArenaForAllocation());
}
::memcpy(&kind_, &from.kind_,
static_cast<size_t>(reinterpret_cast<char*>(&packed_) -
reinterpret_cast<char*>(&kind_)) + sizeof(packed_));
// @@protoc_insertion_point(copy_constructor:google.protobuf.Field)
}
Reported by FlawFinder.
src/google/protobuf/util/internal/json_escaping.cc
2 issues
Line: 54
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// For unicode code point ch < 0xa0:
// kCommonEscapes[ch] is the escaped string of ch, if escaping is needed;
// or an empty string, if escaping is not needed.
static const char kCommonEscapes[160][7] = {
// C0 (ASCII and derivatives) control characters
"\\u0000", "\\u0001", "\\u0002", "\\u0003", // 0x00
"\\u0004", "\\u0005", "\\u0006", "\\u0007", "\\b", "\\t", "\\n", "\\u000b",
"\\f", "\\r", "\\u000e", "\\u000f", "\\u0010", "\\u0011", "\\u0012",
"\\u0013", // 0x10
Reported by FlawFinder.
Line: 306
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void JsonEscaping::Escape(strings::ByteSource* input,
strings::ByteSink* output) {
char buffer[12] = "\\udead\\ubee";
uint32_t cp = 0; // Current unicode code point.
int num_left = 0; // Num of chars to read to complete the code point.
while (input->Available() > 0) {
StringPiece str = input->Peek();
StringPiece escaped;
Reported by FlawFinder.
conformance/conformance_test.cc
2 issues
Line: 132
Column: 10
CWE codes:
120
prototype_message_.GetDescriptor()->file()->syntax() ==
FileDescriptor::SYNTAX_PROTO3 ? "Proto3" : "Proto2";
return StrCat(ConformanceLevelToString(level_), ".", rname, ".",
InputFormatString(input_format_), ".", test_name_, ".",
OutputFormatString(output_format_));
}
string ConformanceTestSuite::ConformanceRequestSetting::
Reported by FlawFinder.
Line: 293
Column: 19
CWE codes:
120
GOOGLE_DCHECK_EQ(response.result_case(), ConformanceResponse::kProtobufPayload);
const string& protobuf_payload = response.protobuf_payload();
check = equivalent_wire_format == protobuf_payload;
differences = StrCat("Expect: ", ToOctString(equivalent_wire_format),
", but got: ", ToOctString(protobuf_payload));
} else {
check = differencer.Compare(*reference_message, *test_message);
}
Reported by FlawFinder.
src/google/protobuf/drop_unknown_fields_test.cc
1 issues
Line: 64
EXPECT_EQ(2, foo_with_extra_fields.extra_int32_value());
}
TEST(DropUnknownFieldsTest, DynamicMessage) {
FooWithExtraFields foo_with_extra_fields;
foo_with_extra_fields.set_int32_value(1);
foo_with_extra_fields.set_enum_value(FooWithExtraFields::QUX);
foo_with_extra_fields.set_extra_int32_value(2);
Reported by Cppcheck.
src/google/protobuf/descriptor_unittest.cc
1 issues
Line: 397
const FieldDescriptor* bar_extension_;
};
TEST_F(FileDescriptorTest, Name) {
EXPECT_EQ("foo.proto", foo_file_->name());
EXPECT_EQ("bar.proto", bar_file_->name());
EXPECT_EQ("baz.proto", baz_file_->name());
}
Reported by Cppcheck.
src/google/protobuf/compiler/ruby/ruby_generator_unittest.cc
1 issues
Line: 107
EXPECT_EQ(expected_output, output);
}
TEST(RubyGeneratorTest, Proto3GeneratorTest) {
RubyTest("/ruby_generated_code");
}
TEST(RubyGeneratorTest, Proto2GeneratorTest) {
RubyTest("/ruby_generated_code_proto2");
Reported by Cppcheck.