The following issues were found

java/util/src/main/java/com/google/protobuf/util/Values.java
1 issues
Potential violation of Law of Demeter (object not created locally)
Design

Line: 80 

                public static Value of(Iterable<Value> values) {
    Value.Builder valueBuilder = Value.newBuilder();
    ListValue.Builder listValue = valueBuilder.getListValueBuilder();
    listValue.addAllValues(values);
    return valueBuilder.build();
  }

  private Values() {}
}

Reported by PMD.

src/google/protobuf/util/internal/protostream_objectwriter_test.cc
1 issues
syntax error
Error

Line: 166 

                ProtoStreamObjectWriter::Options options_;
};

MATCHER_P(HasObjectLocation, expected,
          "Verifies the expected object location") {
  std::string actual = std::get<0>(arg).ToString();
  if (actual == expected) return true;
  *result_listener << "actual location is: " << actual;
  return false;

Reported by Cppcheck.

src/google/protobuf/util/internal/utility.cc
1 issues
StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 141 Column: 10 CWE codes: 120 

              }

const std::string GetFullTypeWithUrl(StringPiece simple_type) {
  return StrCat(kTypeServiceBaseUrl, "/", simple_type);
}

const google::protobuf::Option* FindOptionOrNull(
    const RepeatedPtrField<google::protobuf::Option>& options,
    StringPiece option_name) {

Reported by FlawFinder.

src/google/protobuf/util/internal/utility.h
1 issues
StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 180 Column: 10 CWE codes: 120 

              // Convert from int32, int64, uint32, uint64, double or float to string.
template <typename T>
std::string ValueAsString(T value) {
  return StrCat(value);
}

template <>
inline std::string ValueAsString(float value) {
  return FloatAsString(value);

Reported by FlawFinder.

objectivec/GPBDescriptor_PackagePrivate.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 363 Column: 17 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  #define GPBInternalCompileAssertSymbolInner(line, msg) GPBInternalCompileAssert ## line ## __ ## msg
    #define GPBInternalCompileAssertSymbol(line, msg) GPBInternalCompileAssertSymbolInner(line, msg)
    #define GPBInternalCompileAssert(test, msg) \
        typedef char GPBInternalCompileAssertSymbol(__LINE__, msg) [ ((test) ? 1 : -1) ]
  #endif  // __has_feature(c_static_assert) || __has_extension(c_static_assert)
#endif // GPBInternalCompileAssert

// Sanity check that there isn't padding between the field description
// structures with and without a default.

Reported by FlawFinder.

objectivec/Tests/GPBTestUtilities.h
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 43 Column: 43 CWE codes: 126 

              @class GPBExtensionRegistry;

static inline NSData *DataFromCStr(const char *str) {
  return [NSData dataWithBytes:str length:strlen(str)];
}

// Helper for uses of C arrays in tests cases.
#ifndef GPBARRAYSIZE
#define GPBARRAYSIZE(a) ((sizeof(a) / sizeof((a[0]))))

Reported by FlawFinder.

php/ext/google/protobuf/arena.c
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 92 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                Arena_class_entry->create_object = Arena_Create;
  Arena_class_entry->ce_flags |= ZEND_ACC_FINAL;

  memcpy(&Arena_object_handlers, &std_object_handlers,
         sizeof(zend_object_handlers));
  Arena_object_handlers.free_obj = Arena_Free;
}

Reported by FlawFinder.

src/google/protobuf/util/message_differencer_unittest.cc
1 issues
syntax error
Error

Line: 90 

                EXPECT_TRUE(differencer->Compare(msg1, msg2));
}

TEST(MessageDifferencerTest, BasicEqualityTest) {
  // Create the testing protos
  unittest::TestAllTypes msg1;
  unittest::TestAllTypes msg2;

  TestUtil::SetAllFields(&msg1);

Reported by Cppcheck.

src/google/protobuf/generated_message_reflection_unittest.cc
1 issues
syntax error
Error

Line: 85 

                return result;
}

TEST(GeneratedMessageReflectionTest, Defaults) {
  // Check that all default values are set correctly in the initial message.
  unittest::TestAllTypes message;
  TestUtil::ReflectionTester reflection_tester(
      unittest::TestAllTypes::descriptor());

Reported by Cppcheck.

src/google/protobuf/field_mask.pb.cc
1 issues
There is an unknown macro here somewhere. Configuration is required. If PROTOBUF_NAMESPACE_OPEN is a macro then please configure it.
Error

Line: 269 

              
// @@protoc_insertion_point(namespace_scope)
PROTOBUF_NAMESPACE_CLOSE
PROTOBUF_NAMESPACE_OPEN
template<> PROTOBUF_NOINLINE ::PROTOBUF_NAMESPACE_ID::FieldMask* Arena::CreateMaybeMessage< ::PROTOBUF_NAMESPACE_ID::FieldMask >(Arena* arena) {
  return Arena::CreateMessageInternal< ::PROTOBUF_NAMESPACE_ID::FieldMask >(arena);
}
PROTOBUF_NAMESPACE_CLOSE

Reported by Cppcheck.