The following issues were found
deps/jemalloc/test/unit/decay.c
2 issues
Line: 259
CWE codes:
401
assert_u32_ne(tick1, tick0, "Expected ticker to tick during realloc()");
/* Reallocate. */
tick0 = ticker_read(decay_ticker);
p = realloc(p, large0);
assert_ptr_not_null(p, "Unexpected realloc() failure");
tick1 = ticker_read(decay_ticker);
assert_u32_ne(tick1, tick0, "Expected ticker to tick during realloc()");
/* Deallocate. */
tick0 = ticker_read(decay_ticker);
Reported by Cppcheck.
Line: 265
CWE codes:
771
assert_u32_ne(tick1, tick0, "Expected ticker to tick during realloc()");
/* Deallocate. */
tick0 = ticker_read(decay_ticker);
realloc(p, 0);
tick1 = ticker_read(decay_ticker);
assert_u32_ne(tick1, tick0, "Expected ticker to tick during realloc()");
/*
* Test the *allocx() APIs using large and small size classes, with
Reported by Cppcheck.
deps/jemalloc/test/unit/emitter.c
2 issues
Line: 71
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
assert_emit_output(void (*emit_fn)(emitter_t *),
const char *expected_json_output, const char *expected_table_output) {
emitter_t emitter;
char buf[MALLOC_PRINTF_BUFSIZE];
buf_descriptor_t buf_descriptor;
buf_descriptor.buf = buf;
buf_descriptor.len = MALLOC_PRINTF_BUFSIZE;
buf_descriptor.mid_quote = false;
Reported by FlawFinder.
Line: 61
Column: 24
CWE codes:
126
size_t written = malloc_snprintf(buf_descriptor->buf,
buf_descriptor->len, "%s", str);
assert_zu_eq(written, strlen(str), "Buffer overflow!");
buf_descriptor->buf += written;
buf_descriptor->len -= written;
assert_zu_gt(buf_descriptor->len, 0, "Buffer out of space!");
}
Reported by FlawFinder.
deps/jemalloc/test/unit/fork.c
2 issues
Line: 78
CWE codes:
771
#ifndef _WIN32
static void *
do_fork_thd(void *arg) {
malloc(1);
int pid = fork();
if (pid == -1) {
/* Error. */
test_fail("Unexpected fork() failure");
} else if (pid == 0) {
Reported by Cppcheck.
Line: 86
Column: 3
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
} else if (pid == 0) {
/* Child. */
char *args[] = {"true", NULL};
execvp(args[0], args);
test_fail("Exec failed");
} else {
/* Parent */
wait_for_child_exit(pid);
}
Reported by FlawFinder.
deps/jemalloc/test/unit/mallctl.c
2 issues
Line: 12
Column: 54
CWE codes:
126
assert_d_eq(mallctl("no_such_name", NULL, NULL, NULL, 0), ENOENT,
"mallctl() should return ENOENT for non-existent names");
assert_d_eq(mallctl("version", NULL, NULL, "0.0.0", strlen("0.0.0")),
EPERM, "mallctl() should return EPERM on attempt to write "
"read-only value");
assert_d_eq(mallctl("epoch", NULL, NULL, (void *)&epoch,
sizeof(epoch)-1), EINVAL,
Reported by FlawFinder.
Line: 53
Column: 6
CWE codes:
126
"Unexpected mallctlnametomib() failure");
assert_d_eq(mallctlbymib(mib, miblen, NULL, NULL, "0.0.0",
strlen("0.0.0")), EPERM, "mallctl() should return EPERM on "
"attempt to write read-only value");
miblen = sizeof(mib)/sizeof(size_t);
assert_d_eq(mallctlnametomib("epoch", mib, &miblen), 0,
"Unexpected mallctlnametomib() failure");
Reported by FlawFinder.
deps/jemalloc/test/unit/prof_reset.c
2 issues
Line: 7
Column: 7
CWE codes:
362
prof_dump_open_intercept(bool propagate_err, const char *filename) {
int fd;
fd = open("/dev/null", O_WRONLY);
assert_d_ne(fd, -1, "Unexpected open() failure");
return fd;
}
Reported by FlawFinder.
Line: 90
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
prof_dump_header_intercept(tsdn_t *tsdn, bool propagate_err,
const prof_cnt_t *cnt_all) {
prof_dump_header_intercepted = true;
memcpy(&cnt_all_copy, cnt_all, sizeof(prof_cnt_t));
return false;
}
TEST_BEGIN(test_prof_reset_cleanup) {
Reported by FlawFinder.
deps/jemalloc/test/unit/stats.c
2 issues
Line: 225
Column: 2
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
static void
gen_mallctl_str(char *cmd, char *name, unsigned arena_ind) {
sprintf(cmd, "stats.arenas.%u.bins.0.%s", arena_ind, name);
}
TEST_BEGIN(test_stats_arenas_bins) {
void *p;
size_t sz, curslabs, curregs;
Reported by FlawFinder.
Line: 257
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
assert_d_eq(mallctl("epoch", NULL, NULL, (void *)&epoch, sizeof(epoch)),
0, "Unexpected mallctl() failure");
char cmd[128];
sz = sizeof(uint64_t);
gen_mallctl_str(cmd, "nmalloc", arena_ind);
assert_d_eq(mallctl(cmd, (void *)&nmalloc, &sz, NULL, 0), expected,
"Unexpected mallctl() result");
gen_mallctl_str(cmd, "ndalloc", arena_ind);
Reported by FlawFinder.
deps/jemalloc/test/unit/stats_print.c
2 issues
Line: 101
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (buf == NULL) {
return true;
}
memcpy(&buf[parser->len], str, len + 1);
parser->buf = buf;
parser->len += len;
return false;
}
Reported by FlawFinder.
Line: 94
Column: 15
CWE codes:
126
static bool
parser_append(parser_t *parser, const char *str) {
size_t len = strlen(str);
char *buf = (parser->buf == NULL) ? mallocx(len + 1,
MALLOCX_TCACHE_NONE) : rallocx(parser->buf, parser->len + len + 1,
MALLOCX_TCACHE_NONE);
if (buf == NULL) {
return true;
Reported by FlawFinder.
deps/lua/src/llex.c
2 issues
Line: 103
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void luaX_lexerror (LexState *ls, const char *msg, int token) {
char buff[MAXSRC];
luaO_chunkid(buff, getstr(ls->source), MAXSRC);
msg = luaO_pushfstring(ls->L, "%s:%d: %s", buff, ls->linenumber, msg);
if (token)
luaO_pushfstring(ls->L, "%s near " LUA_QS, msg, txtToken(ls, token));
luaD_throw(ls->L, LUA_ERRSYNTAX);
Reported by FlawFinder.
Line: 69
Column: 16
CWE codes:
126
for (i=0; i<NUM_RESERVED; i++) {
TString *ts = luaS_new(L, luaX_tokens[i]);
luaS_fix(ts); /* reserved words are never collected */
lua_assert(strlen(luaX_tokens[i])+1 <= TOKEN_LEN);
ts->tsv.reserved = cast_byte(i+1); /* reserved word */
}
}
Reported by FlawFinder.
deps/lua/src/lua.h
2 issues
Line: 94
** generic extra include file
*/
#if defined(LUA_USER_H)
#include LUA_USER_H
#endif
/* type of numbers in Lua */
typedef LUA_NUMBER lua_Number;
Reported by Cppcheck.
Line: 356
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int nups; /* (u) number of upvalues */
int linedefined; /* (S) */
int lastlinedefined; /* (S) */
char short_src[LUA_IDSIZE]; /* (S) */
/* private part */
int i_ci; /* active function */
};
/* }====================================================================== */
Reported by FlawFinder.
deps/lua/src/print.c
2 issues
Line: 60
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
printf("nil");
break;
case LUA_TBOOLEAN:
printf(bvalue(o) ? "true" : "false");
break;
case LUA_TNUMBER:
printf(LUA_NUMBER_FMT,nvalue(o));
break;
case LUA_TSTRING:
Reported by FlawFinder.
Line: 63
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
printf(bvalue(o) ? "true" : "false");
break;
case LUA_TNUMBER:
printf(LUA_NUMBER_FMT,nvalue(o));
break;
case LUA_TSTRING:
PrintString(rawtsvalue(o));
break;
default: /* cannot happen */
Reported by FlawFinder.