The following issues were found

deps/jemalloc/test/unit/prof_gdump.c
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 11 Column: 7 CWE codes: 362 

              
	did_prof_dump_open = true;

	fd = open("/dev/null", O_WRONLY);
	assert_d_ne(fd, -1, "Unexpected open() failure");

	return fd;
}

Reported by FlawFinder.

src/sds.h
1 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 234 Column: 27 CWE codes: 134
Suggestion: Use a constant for the format specification 

              sds sdscatvprintf(sds s, const char *fmt, va_list ap);
#ifdef __GNUC__
sds sdscatprintf(sds s, const char *fmt, ...)
    __attribute__((format(printf, 2, 3)));
#else
sds sdscatprintf(sds s, const char *fmt, ...);
#endif

sds sdscatfmt(sds s, char const *fmt, ...);

Reported by FlawFinder.

deps/jemalloc/test/unit/prof_accum.c
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 12 Column: 7 CWE codes: 362 

              prof_dump_open_intercept(bool propagate_err, const char *filename) {
	int fd;

	fd = open("/dev/null", O_WRONLY);
	assert_d_ne(fd, -1, "Unexpected open() failure");

	return fd;
}

Reported by FlawFinder.

deps/jemalloc/test/stress/microbench.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 22 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              compare_funcs(uint64_t nwarmup, uint64_t niter, const char *name_a,
    void (*func_a), const char *name_b, void (*func_b)) {
	timedelta_t timer_a, timer_b;
	char ratio_buf[6];
	void *p;

	p = mallocx(1, 0);
	if (p == NULL) {
		test_fail("Unexpected mallocx() failure");

Reported by FlawFinder.

deps/jemalloc/test/integration/posix_memalign.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 95 Column: 6 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              				err = posix_memalign(&ps[i],
				    alignment, size);
				if (err) {
					char buf[BUFERROR_BUF];

					buferror(get_errno(), buf, sizeof(buf));
					test_fail(
					    "Error for alignment=%zu, "
					    "size=%zu (%#zx): %s",

Reported by FlawFinder.

deps/jemalloc/src/zone.c
1 issues
memalign - On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct
Security

Line: 29 Column: 10 CWE codes: 676
Suggestion: Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient 

              	void (*batch_free)(struct _malloc_zone_t *, void **, unsigned);
	struct malloc_introspection_t *introspect;
	unsigned version;
	void *(*memalign)(struct _malloc_zone_t *, size_t, size_t);
	void (*free_definite_size)(struct _malloc_zone_t *, void *, size_t);
	size_t (*pressure_relief)(struct _malloc_zone_t *, size_t);
} malloc_zone_t;

typedef struct {

Reported by FlawFinder.

deps/jemalloc/src/sz.c
1 issues
There is an unknown macro here somewhere. Configuration is required. If JEMALLOC_ALIGNED is a macro then please configure it.
Error

Line: 4 

              #include "jemalloc/internal/jemalloc_preamble.h"
#include "jemalloc/internal/sz.h"

JEMALLOC_ALIGNED(CACHELINE)
const size_t sz_pind2sz_tab[NPSIZES+1] = {
#define PSZ_yes(lg_grp, ndelta, lg_delta)				\
	(((ZU(1)<<lg_grp) + (ZU(ndelta)<<lg_delta))),
#define PSZ_no(lg_grp, ndelta, lg_delta)
#define SC(index, lg_grp, lg_delta, ndelta, psz, bin, pgs, lg_delta_lookup) \

Reported by Cppcheck.

deps/jemalloc/src/rtree.c
1 issues
Uninitialized variable: node
Error

Line: 292 CWE codes: 908 

              		return &leaf[subkey];					\
	}
	if (RTREE_HEIGHT > 1) {
		RTREE_GET_CHILD(0)
	}
	if (RTREE_HEIGHT > 2) {
		RTREE_GET_CHILD(1)
	}
	if (RTREE_HEIGHT > 3) {

Reported by Cppcheck.

deps/hiredis/examples/example-ivykis.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 52 Column: 66 CWE codes: 126 

                  redisIvykisAttach(c);
    redisAsyncSetConnectCallback(c,connectCallback);
    redisAsyncSetDisconnectCallback(c,disconnectCallback);
    redisAsyncCommand(c, NULL, NULL, "SET key %b", argv[argc-1], strlen(argv[argc-1]));
    redisAsyncCommand(c, getCallback, (char*)"end-1", "GET key");

    iv_main();

    iv_deinit();

Reported by FlawFinder.

deps/jemalloc/src/nstime.c
1 issues
Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 81 CWE codes: 758 

              
void
nstime_imultiply(nstime_t *time, uint64_t multiplier) {
	assert((((time->ns | multiplier) & (UINT64_MAX << (sizeof(uint64_t) <<
	    2))) == 0) || ((time->ns * multiplier) / multiplier == time->ns));

	time->ns *= multiplier;
}

Reported by Cppcheck.