The following issues were found

site_scons/site_tools/mongo_unittest.py
8 issues
Unable to import 'SCons.Script'
Error

Line: 24 Column: 1

              #

"""Pseudo-builders for building and registering unit tests."""
from SCons.Script import Action

from site_scons.mongo import insort_wrapper

def exists(env):
    return True

            

Reported by Pylint.

Unable to import 'site_scons.mongo'
Error

Line: 26 Column: 1

              """Pseudo-builders for building and registering unit tests."""
from SCons.Script import Action

from site_scons.mongo import insort_wrapper

def exists(env):
    return True



            

Reported by Pylint.

Unused Action imported from SCons.Script
Error

Line: 24 Column: 1

              #

"""Pseudo-builders for building and registering unit tests."""
from SCons.Script import Action

from site_scons.mongo import insort_wrapper

def exists(env):
    return True

            

Reported by Pylint.

Unused argument 'env'
Error

Line: 28 Column: 12

              
from site_scons.mongo import insort_wrapper

def exists(env):
    return True


def build_cpp_unit_test(env, target, source, **kwargs):
    if not isinstance(target, list):

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 28 Column: 1

              
from site_scons.mongo import insort_wrapper

def exists(env):
    return True


def build_cpp_unit_test(env, target, source, **kwargs):
    if not isinstance(target, list):

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 32 Column: 1

                  return True


def build_cpp_unit_test(env, target, source, **kwargs):
    if not isinstance(target, list):
        target = [target]

    for t in target:
        if not t.endswith('_test'):

            

Reported by Pylint.

Variable name "t" doesn't conform to snake_case naming style
Error

Line: 36 Column: 9

                  if not isinstance(target, list):
        target = [target]

    for t in target:
        if not t.endswith('_test'):
            env.ConfError(f"CppUnitTest target `{t}' does not end in `_test'")

    if not kwargs.get("UNITTEST_HAS_CUSTOM_MAINLINE", False):
        libdeps = kwargs.get("LIBDEPS", env.get("LIBDEPS", [])).copy()

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 69 Column: 1

                  return result


def generate(env):
    env.TestList("$UNITTEST_LIST", source=[])
    env.AddMethod(build_cpp_unit_test, "CppUnitTest")
    env.Alias("$UNITTEST_ALIAS", "$UNITTEST_LIST")

            

Reported by Pylint.

src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid32_add.c
8 issues
Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 171 CWE codes: 758

              	  }
  }

    sign_ab = ((BID_SINT64)(sign_a ^ sign_b))<<32;
    sign_ab = ((BID_SINT64) sign_ab) >> 63;
    CB = ((BID_UINT64)coefficient_b + sign_ab) ^ sign_ab;

	SU = (BID_UINT64)coefficient_a * bid_power10_table_128[diff_dec_expon].w[0];
	S = SU + CB;

            

Reported by Cppcheck.

Shifting 32-bit value by 63 bits is undefined behaviour
Error

Line: 172 CWE codes: 758

                }

    sign_ab = ((BID_SINT64)(sign_a ^ sign_b))<<32;
    sign_ab = ((BID_SINT64) sign_ab) >> 63;
    CB = ((BID_UINT64)coefficient_b + sign_ab) ^ sign_ab;

	SU = (BID_UINT64)coefficient_a * bid_power10_table_128[diff_dec_expon].w[0];
	S = SU + CB;


            

Reported by Cppcheck.

Array '__bid_round_const_table[0][19]' accessed at index __bid_round_const_table[*][-7], which is out of bounds.
Error

Line: 221 CWE codes: 786

              
      // add a constant to P, depending on rounding mode
      // 0.5*10^(digits_p - 16) for round-to-nearest
      P += bid_round_const_table[rmode][extra_digits];
      __mul_64x64_to_128(Tmp, P, bid_reciprocals10_64[extra_digits]);

      // now get P/10^extra_digits: shift Q_high right by M[extra_digits]-64
      amount = bid_short_recip_scale[extra_digits];
	  Q = Tmp.w[1] >> amount;

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 222 CWE codes: 758

                    // add a constant to P, depending on rounding mode
      // 0.5*10^(digits_p - 16) for round-to-nearest
      P += bid_round_const_table[rmode][extra_digits];
      __mul_64x64_to_128(Tmp, P, bid_reciprocals10_64[extra_digits]);

      // now get P/10^extra_digits: shift Q_high right by M[extra_digits]-64
      amount = bid_short_recip_scale[extra_digits];
	  Q = Tmp.w[1] >> amount;


            

Reported by Cppcheck.

Array '__bid_reciprocals10_64[0]' accessed at index -7, which is out of bounds.
Error

Line: 222 CWE codes: 786

                    // add a constant to P, depending on rounding mode
      // 0.5*10^(digits_p - 16) for round-to-nearest
      P += bid_round_const_table[rmode][extra_digits];
      __mul_64x64_to_128(Tmp, P, bid_reciprocals10_64[extra_digits]);

      // now get P/10^extra_digits: shift Q_high right by M[extra_digits]-64
      amount = bid_short_recip_scale[extra_digits];
	  Q = Tmp.w[1] >> amount;


            

Reported by Cppcheck.

Array '__bid_short_recip_scale[0]' accessed at index -7, which is out of bounds.
Error

Line: 225 CWE codes: 786

                    __mul_64x64_to_128(Tmp, P, bid_reciprocals10_64[extra_digits]);

      // now get P/10^extra_digits: shift Q_high right by M[extra_digits]-64
      amount = bid_short_recip_scale[extra_digits];
	  Q = Tmp.w[1] >> amount;

	  // remainder
	  R = P - Q * bid_power10_table_128[extra_digits].w[0];
      if(R==bid_round_const_table[rmode][extra_digits])

            

Reported by Cppcheck.

Array '__bid_power10_table_128[0]' accessed at index -7, which is out of bounds.
Error

Line: 229 CWE codes: 786

              	  Q = Tmp.w[1] >> amount;

	  // remainder
	  R = P - Q * bid_power10_table_128[extra_digits].w[0];
      if(R==bid_round_const_table[rmode][extra_digits])
		  status = 0;
	  else status = BID_INEXACT_EXCEPTION;

#ifdef BID_SET_STATUS_FLAGS

            

Reported by Cppcheck.

Array '__bid_round_const_table[0][19]' accessed at index __bid_round_const_table[*][-7], which is out of bounds.
Error

Line: 230 CWE codes: 786

              
	  // remainder
	  R = P - Q * bid_power10_table_128[extra_digits].w[0];
      if(R==bid_round_const_table[rmode][extra_digits])
		  status = 0;
	  else status = BID_INEXACT_EXCEPTION;

#ifdef BID_SET_STATUS_FLAGS
      __set_status_flags (pfpsf, status);

            

Reported by Cppcheck.

src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid32_to_bid128.c
8 issues
Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 51 CWE codes: 758

                  __set_status_flags (pfpsf, BID_INVALID_EXCEPTION);
#endif
  res.w[0] = (coefficient_x & 0x000fffff);
  __mul_64x128_low (res, res.w[0], bid_power10_table_128[27]);
  res.w[1] |=
    ((((BID_UINT64) coefficient_x) << 32) & 0xfc00000000000000ull);

  BID_RETURN_NOFLAGS (res);
}

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 53 CWE codes: 758

                res.w[0] = (coefficient_x & 0x000fffff);
  __mul_64x128_low (res, res.w[0], bid_power10_table_128[27]);
  res.w[1] |=
    ((((BID_UINT64) coefficient_x) << 32) & 0xfc00000000000000ull);

  BID_RETURN_NOFLAGS (res);
}
}


            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 61 CWE codes: 758

              
new_coeff.w[0] = coefficient_x;
new_coeff.w[1] = 0;
bid_get_BID128_very_fast (&res, ((BID_UINT64) sign_x) << 32,
		      exponent_x + DECIMAL_EXPONENT_BIAS_128 -
		      DECIMAL_EXPONENT_BIAS_32, new_coeff);
BID_RETURN_NOFLAGS (res);
}	// convert_bid32_to_bid128


            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 90 CWE codes: 758

                    Tmp.w[1] = (CX.w[1] & 0x00003fffffffffffull);
      Tmp.w[0] = CX.w[0];
      TP128 = bid_reciprocals10_128[27];
      __mul_128x128_full (Qh, Ql, Tmp, TP128);
      amount = bid_recip_scale[27] - 64;
      res = ((CX.w[1] >> 32) & 0xfc000000) | (Qh.w[1] >> amount);
#ifdef BID_SET_STATUS_FLAGS
      if ((x.w[1] & SNAN_MASK64) == SNAN_MASK64)	// sNaN
	__set_status_flags (pfpsf, BID_INVALID_EXCEPTION);

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 92 CWE codes: 758

                    TP128 = bid_reciprocals10_128[27];
      __mul_128x128_full (Qh, Ql, Tmp, TP128);
      amount = bid_recip_scale[27] - 64;
      res = ((CX.w[1] >> 32) & 0xfc000000) | (Qh.w[1] >> amount);
#ifdef BID_SET_STATUS_FLAGS
      if ((x.w[1] & SNAN_MASK64) == SNAN_MASK64)	// sNaN
	__set_status_flags (pfpsf, BID_INVALID_EXCEPTION);
#endif
      BID_RETURN_VAL (res);

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 106 CWE codes: 758

                    exponent_x = 0;
    if (exponent_x > DECIMAL_MAX_EXPON_32)
      exponent_x = DECIMAL_MAX_EXPON_32;
    res = (sign_x >> 32) | (exponent_x << 23);
    BID_RETURN_VAL (res);

  }

  if (CX.w[1] || (CX.w[0] >= 10000000)) {

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 169 CWE codes: 758

                  CX.w[1] = CX.w[1] + T128.w[1] + carry;

    TP128 = bid_reciprocals10_128[extra_digits];
    __mul_128x128_full (Qh, Ql, CX, TP128);
    amount = bid_recip_scale[extra_digits];

    if (amount >= 64) {
      CX.w[0] = Qh.w[1] >> (amount - 64);
      CX.w[1] = 0;

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 252 CWE codes: 758

                }

  res =
    get_BID32 ((BID_UINT32) (sign_x >> 32),
	       exponent_x - DECIMAL_EXPONENT_BIAS_128 +
	       DECIMAL_EXPONENT_BIAS_32, CX.w[0], rnd_mode, pfpsf);
  BID_RETURN_VAL (res);

}

            

Reported by Cppcheck.

site_scons/site_tools/mongo_benchmark.py
8 issues
Unable to import 'SCons.Script'
Error

Line: 26 Column: 1

              """
Pseudo-builders for building and registering benchmarks.
"""
from SCons.Script import Action

from site_scons.mongo import insort_wrapper

def exists(env):
    return True

            

Reported by Pylint.

Unable to import 'site_scons.mongo'
Error

Line: 28 Column: 1

              """
from SCons.Script import Action

from site_scons.mongo import insort_wrapper

def exists(env):
    return True



            

Reported by Pylint.

Unused Action imported from SCons.Script
Error

Line: 26 Column: 1

              """
Pseudo-builders for building and registering benchmarks.
"""
from SCons.Script import Action

from site_scons.mongo import insort_wrapper

def exists(env):
    return True

            

Reported by Pylint.

Unused argument 'env'
Error

Line: 30 Column: 12

              
from site_scons.mongo import insort_wrapper

def exists(env):
    return True


def build_benchmark(env, target, source, **kwargs):


            

Reported by Pylint.

Missing function or method docstring
Error

Line: 30 Column: 1

              
from site_scons.mongo import insort_wrapper

def exists(env):
    return True


def build_benchmark(env, target, source, **kwargs):


            

Reported by Pylint.

Missing function or method docstring
Error

Line: 34 Column: 1

                  return True


def build_benchmark(env, target, source, **kwargs):

    bmEnv = env.Clone()
    bmEnv.InjectThirdParty(libraries=["benchmark"])

    if bmEnv.TargetOSIs("windows"):

            

Reported by Pylint.

Variable name "bmEnv" doesn't conform to snake_case naming style
Error

Line: 36 Column: 5

              
def build_benchmark(env, target, source, **kwargs):

    bmEnv = env.Clone()
    bmEnv.InjectThirdParty(libraries=["benchmark"])

    if bmEnv.TargetOSIs("windows"):
        bmEnv.Append(LIBS=["ShLwApi"])


            

Reported by Pylint.

Missing function or method docstring
Error

Line: 70 Column: 1

                  return result


def generate(env):
    env.TestList("$BENCHMARK_LIST", source=[])
    env.AddMethod(build_benchmark, "Benchmark")
    env.Alias("$BENCHMARK_ALIAS", "$BENCHMARK_LIST")

            

Reported by Pylint.

src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid64_minmax.c
8 issues
Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 222 CWE codes: 758

                if (exp_x > exp_y) {	// to simplify the loop below,

    // otherwise adjust the x significand upwards
    __mul_64x64_to_128MACH (sig_n_prime, sig_x,
			    bid_mult_factor[exp_x - exp_y]);
    // if postitive, return whichever significand is larger 
    // (converse if negative)
    if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_y)) {
      res = y;

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 237 CWE codes: 758

                  BID_RETURN (res);
  }
  // adjust the y significand upwards
  __mul_64x64_to_128MACH (sig_n_prime, sig_y,
			  bid_mult_factor[exp_y - exp_x]);

  // if postitive, return whichever significand is larger (converse if negative)
  if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_x)) {
    res = y;

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 406 CWE codes: 758

                // if |exp_x - exp_y| < 15, it comes down to the compensated significand
  if (exp_x > exp_y) {	// to simplify the loop below,
    // otherwise adjust the x significand upwards
    __mul_64x64_to_128MACH (sig_n_prime, sig_x,
			    bid_mult_factor[exp_x - exp_y]);
    // now, sig_n_prime has: sig_x * 10^(exp_x-exp_y), this is 
    // the compensated signif.
    if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_y)) {
      // two numbers are equal, return minNum(x,y)

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 421 CWE codes: 758

                  BID_RETURN (res);
  }
  // exp_y must be greater than exp_x, thus adjust the y significand upwards
  __mul_64x64_to_128MACH (sig_n_prime, sig_y,
			  bid_mult_factor[exp_y - exp_x]);

  if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_x)) {
    res = ((y & MASK_SIGN) == MASK_SIGN) ? y : x;
    // two numbers are equal, return either

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 615 CWE codes: 758

                // if |exp_x - exp_y| < 15, it comes down to the compensated significand
  if (exp_x > exp_y) {	// to simplify the loop below,
    // otherwise adjust the x significand upwards
    __mul_64x64_to_128MACH (sig_n_prime, sig_x,
			    bid_mult_factor[exp_x - exp_y]);
    // if postitive, return whichever significand is larger 
    // (converse if negative)
    if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_y)) {
      res = y;

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 629 CWE codes: 758

                  BID_RETURN (res);
  }
  // adjust the y significand upwards
  __mul_64x64_to_128MACH (sig_n_prime, sig_y,
			  bid_mult_factor[exp_y - exp_x]);

  // if postitive, return whichever significand is larger (converse if negative)
  if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_x)) {
    res = y;

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 798 CWE codes: 758

                // if |exp_x - exp_y| < 15, it comes down to the compensated significand
  if (exp_x > exp_y) {	// to simplify the loop below,
    // otherwise adjust the x significand upwards
    __mul_64x64_to_128MACH (sig_n_prime, sig_x,
			    bid_mult_factor[exp_x - exp_y]);
    // now, sig_n_prime has: sig_x * 10^(exp_x-exp_y), 
    // this is the compensated signif.
    if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_y)) {
      // two numbers are equal, return maxNum(x,y)

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 813 CWE codes: 758

                  BID_RETURN (res);
  }
  // exp_y must be greater than exp_x, thus adjust the y significand upwards
  __mul_64x64_to_128MACH (sig_n_prime, sig_y,
			  bid_mult_factor[exp_y - exp_x]);

  if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_x)) {
    res = ((y & MASK_SIGN) == MASK_SIGN) ? x : y;
    // two numbers are equal, return either

            

Reported by Cppcheck.

src/third_party/mozjs-60/extract/js/src/jit/shared/Assembler-shared.h
8 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1006 Column: 36 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                  void append(wasm::CallFarJump jmp) {
        enoughMemory_ &= callFarJumps_.append(jmp);
    }
    void append(wasm::MemoryAccess access) {
        enoughMemory_ &= memoryAccesses_.append(access);
    }
    void append(const wasm::MemoryAccessDesc& access, size_t codeOffset, size_t framePushed) {
        if (access.hasTrap()) {
            // If a memory access is trapping (wasm, SIMD.js, Atomics), create a

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1007 Column: 49 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      enoughMemory_ &= callFarJumps_.append(jmp);
    }
    void append(wasm::MemoryAccess access) {
        enoughMemory_ &= memoryAccesses_.append(access);
    }
    void append(const wasm::MemoryAccessDesc& access, size_t codeOffset, size_t framePushed) {
        if (access.hasTrap()) {
            // If a memory access is trapping (wasm, SIMD.js, Atomics), create a
            // OldTrapSite now which will generate a trap out-of-line path at the end

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1009 Column: 47 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                  void append(wasm::MemoryAccess access) {
        enoughMemory_ &= memoryAccesses_.append(access);
    }
    void append(const wasm::MemoryAccessDesc& access, size_t codeOffset, size_t framePushed) {
        if (access.hasTrap()) {
            // If a memory access is trapping (wasm, SIMD.js, Atomics), create a
            // OldTrapSite now which will generate a trap out-of-line path at the end
            // of the function which will *then* append a MemoryAccess.
            wasm::OldTrapDesc trap(access.trapOffset(), wasm::Trap::OutOfBounds, framePushed,

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1010 Column: 13 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      enoughMemory_ &= memoryAccesses_.append(access);
    }
    void append(const wasm::MemoryAccessDesc& access, size_t codeOffset, size_t framePushed) {
        if (access.hasTrap()) {
            // If a memory access is trapping (wasm, SIMD.js, Atomics), create a
            // OldTrapSite now which will generate a trap out-of-line path at the end
            // of the function which will *then* append a MemoryAccess.
            wasm::OldTrapDesc trap(access.trapOffset(), wasm::Trap::OutOfBounds, framePushed,
                                   wasm::OldTrapSite::MemoryAccess);

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1014 Column: 36 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                          // If a memory access is trapping (wasm, SIMD.js, Atomics), create a
            // OldTrapSite now which will generate a trap out-of-line path at the end
            // of the function which will *then* append a MemoryAccess.
            wasm::OldTrapDesc trap(access.trapOffset(), wasm::Trap::OutOfBounds, framePushed,
                                   wasm::OldTrapSite::MemoryAccess);
            append(wasm::OldTrapSite(trap, codeOffset));
        } else {
            // Otherwise, this is a plain asm.js access. On WASM_HUGE_MEMORY
            // platforms, asm.js uses signal handlers to remove bounds checks

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1021 Column: 24 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                          // Otherwise, this is a plain asm.js access. On WASM_HUGE_MEMORY
            // platforms, asm.js uses signal handlers to remove bounds checks
            // and thus requires a MemoryAccess.
            MOZ_ASSERT(access.isPlainAsmJS());
#ifdef WASM_HUGE_MEMORY
            append(wasm::MemoryAccess(codeOffset));
#endif
        }
    }

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1027 Column: 38 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              #endif
        }
    }
    void append(wasm::SymbolicAccess access) {
        enoughMemory_ &= symbolicAccesses_.append(access);
    }

    wasm::CallSiteVector& callSites() { return callSites_; }
    wasm::CallSiteTargetVector& callSiteTargets() { return callSiteTargets_; }

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1028 Column: 51 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      }
    }
    void append(wasm::SymbolicAccess access) {
        enoughMemory_ &= symbolicAccesses_.append(access);
    }

    wasm::CallSiteVector& callSites() { return callSites_; }
    wasm::CallSiteTargetVector& callSiteTargets() { return callSiteTargets_; }
    wasm::TrapSiteVectorArray& trapSites() { return trapSites_; }

            

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/mips32/CodeGenerator-mips32.cpp
8 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 322 Column: 26 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      ptrScratch = ToRegister(lir->ptrCopy());
    }

    if (IsUnaligned(mir->access())) {
        masm.wasmUnalignedLoadI64(mir->access(), HeapReg, ToRegister(lir->ptr()),
                                  ptrScratch, ToOutRegister64(lir), ToRegister(lir->getTemp(1)));
    } else {
        masm.wasmLoadI64(mir->access(), HeapReg, ToRegister(lir->ptr()), ptrScratch,
                         ToOutRegister64(lir));

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 323 Column: 40 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                  }

    if (IsUnaligned(mir->access())) {
        masm.wasmUnalignedLoadI64(mir->access(), HeapReg, ToRegister(lir->ptr()),
                                  ptrScratch, ToOutRegister64(lir), ToRegister(lir->getTemp(1)));
    } else {
        masm.wasmLoadI64(mir->access(), HeapReg, ToRegister(lir->ptr()), ptrScratch,
                         ToOutRegister64(lir));
    }

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 326 Column: 31 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      masm.wasmUnalignedLoadI64(mir->access(), HeapReg, ToRegister(lir->ptr()),
                                  ptrScratch, ToOutRegister64(lir), ToRegister(lir->getTemp(1)));
    } else {
        masm.wasmLoadI64(mir->access(), HeapReg, ToRegister(lir->ptr()), ptrScratch,
                         ToOutRegister64(lir));
    }
}

void

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 354 Column: 26 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      ptrScratch = ToRegister(lir->ptrCopy());
    }

    if (IsUnaligned(mir->access())) {
        masm.wasmUnalignedStoreI64(mir->access(), ToRegister64(lir->value()), HeapReg,
                                   ToRegister(lir->ptr()), ptrScratch, ToRegister(lir->getTemp(1)));
    } else {
        masm.wasmStoreI64(mir->access(), ToRegister64(lir->value()), HeapReg,
                          ToRegister(lir->ptr()), ptrScratch);

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 355 Column: 41 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                  }

    if (IsUnaligned(mir->access())) {
        masm.wasmUnalignedStoreI64(mir->access(), ToRegister64(lir->value()), HeapReg,
                                   ToRegister(lir->ptr()), ptrScratch, ToRegister(lir->getTemp(1)));
    } else {
        masm.wasmStoreI64(mir->access(), ToRegister64(lir->value()), HeapReg,
                          ToRegister(lir->ptr()), ptrScratch);
    }

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 358 Column: 32 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      masm.wasmUnalignedStoreI64(mir->access(), ToRegister64(lir->value()), HeapReg,
                                   ToRegister(lir->ptr()), ptrScratch, ToRegister(lir->getTemp(1)));
    } else {
        masm.wasmStoreI64(mir->access(), ToRegister64(lir->value()), HeapReg,
                          ToRegister(lir->ptr()), ptrScratch);
    }
}

void

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 593 Column: 35 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              {
    Register ptr = ToRegister(lir->ptr());
    Register64 output = ToOutRegister64(lir);
    uint32_t offset = lir->mir()->access().offset();

    BaseIndex addr(HeapReg, ptr, TimesOne, offset);

    masm.atomicLoad64(Synchronization::Full(), addr, Register64::Invalid(), output);
}

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 606 Column: 35 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                  Register ptr = ToRegister(lir->ptr());
    Register64 value = ToRegister64(lir->value());
    Register tmp = ToRegister(lir->tmp());
    uint32_t offset = lir->mir()->access().offset();

    BaseIndex addr(HeapReg, ptr, TimesOne, offset);

    masm.atomicStore64(addr, tmp, value);
}

            

Reported by FlawFinder.

src/mongo/util/shell_exec.cpp
8 issues
popen - This causes a new program to execute and is difficult to use safely
Security

Line: 209 Column: 17 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available

              class ProcessStream {
public:
    ProcessStream(const std::string& cmd) {
        _fp = ::popen(cmd.c_str(), "r");
        uassert(ErrorCodes::OperationFailed,
                str::stream() << "Unable to launch command: " << errnoWithDescription(),
                _fp);
        _fd = fileno(_fp);
    }

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 157 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                          return;
        }

        char buf[kExecBufferSizeBytes];
        DWORD read = 0;
        uassert(ErrorCodes::OperationFailed,
                str::stream() << "Failed reading from subprocess: " << errnoWithDescription(),
                ReadFile(_stdout, buf, std::min<size_t>(sizeof(buf), len), &read, nullptr));


            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 246 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  }

    void read(StringBuilder& sb, size_t len) {
        char buf[kExecBufferSizeBytes];
        len = fread(buf, 1, std::min<size_t>(sizeof(buf), len), _fp);
        sb << StringData(buf, len);
    }

    ~ProcessStream() {

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 151 Column: 10 CWE codes: 120 20

                      }
    }

    void read(StringBuilder& sb, size_t len) {
        constexpr DWORD kPipeReadyTimeoutMS = 10;
        if (!_stdout || (WAIT_OBJECT_0 != WaitForSingleObject(_stdout, kPipeReadyTimeoutMS))) {
            return;
        }


            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 161 Column: 77 CWE codes: 120 20

                      DWORD read = 0;
        uassert(ErrorCodes::OperationFailed,
                str::stream() << "Failed reading from subprocess: " << errnoWithDescription(),
                ReadFile(_stdout, buf, std::min<size_t>(sizeof(buf), len), &read, nullptr));

        if (read == 0) {
            CloseHandle(_stdout);
            _stdout = nullptr;
        } else {

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 167 Column: 35 CWE codes: 120 20

                          CloseHandle(_stdout);
            _stdout = nullptr;
        } else {
            sb << StringData(buf, read);
        }
    }

    ~ProcessStream() {
        if (_startup.hStdInput) {

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 245 Column: 10 CWE codes: 120 20

                      }
    }

    void read(StringBuilder& sb, size_t len) {
        char buf[kExecBufferSizeBytes];
        len = fread(buf, 1, std::min<size_t>(sizeof(buf), len), _fp);
        sb << StringData(buf, len);
    }


            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 285 Column: 17 CWE codes: 120 20

                          return status;
        }

        process.read(sb, maxlen - sb.len());
        if (static_cast<size_t>(sb.len()) >= maxlen) {
            // Truncate at maxlen
            break;
        }
    }

            

Reported by FlawFinder.

site_scons/site_tools/jsheader.py
8 issues
Unable to import 'SCons.Script'
Error

Line: 23 Column: 1

              # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#

from SCons.Script import Action


def jsToH(env, target, source):
    return env.Command(
        target=target,

            

Reported by Pylint.

Unused argument 'kw'
Error

Line: 34 Column: 1

                  )


def generate(env, **kw):
    env.AddMethod(jsToH, "JSHeader")


def exists(env):
    return True

            

Reported by Pylint.

Unused argument 'env'
Error

Line: 38 Column: 12

                  env.AddMethod(jsToH, "JSHeader")


def exists(env):
    return True

            

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1

              # Copyright 2020 MongoDB Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 26 Column: 1

              from SCons.Script import Action


def jsToH(env, target, source):
    return env.Command(
        target=target,
        source=["#site_scons/site_tools/jstoh.py"] + source,
        action=Action("$PYTHON ${SOURCES[0]} $TARGET ${SOURCES[1:]}"),
    )

            

Reported by Pylint.

Function name "jsToH" doesn't conform to snake_case naming style
Error

Line: 26 Column: 1

              from SCons.Script import Action


def jsToH(env, target, source):
    return env.Command(
        target=target,
        source=["#site_scons/site_tools/jstoh.py"] + source,
        action=Action("$PYTHON ${SOURCES[0]} $TARGET ${SOURCES[1:]}"),
    )

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 34 Column: 1

                  )


def generate(env, **kw):
    env.AddMethod(jsToH, "JSHeader")


def exists(env):
    return True

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 38 Column: 1

                  env.AddMethod(jsToH, "JSHeader")


def exists(env):
    return True

            

Reported by Pylint.

src/third_party/mozjs-60/extract/js/src/jit/mips-shared/Assembler-mips-shared.h
8 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1578 Column: 43 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              };

inline bool
IsUnaligned(const wasm::MemoryAccessDesc& access)
{
    if (!access.align())
        return false;

#ifdef JS_CODEGEN_MIPS32

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1580 Column: 10 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              inline bool
IsUnaligned(const wasm::MemoryAccessDesc& access)
{
    if (!access.align())
        return false;

#ifdef JS_CODEGEN_MIPS32
    if (access.type() == Scalar::Int64 && access.align() >= 4)
        return false;

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1584 Column: 9 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      return false;

#ifdef JS_CODEGEN_MIPS32
    if (access.type() == Scalar::Int64 && access.align() >= 4)
        return false;
#endif

    return access.align() < access.byteSize();
}

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1584 Column: 43 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      return false;

#ifdef JS_CODEGEN_MIPS32
    if (access.type() == Scalar::Int64 && access.align() >= 4)
        return false;
#endif

    return access.align() < access.byteSize();
}

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1588 Column: 29 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      return false;
#endif

    return access.align() < access.byteSize();
}

} // namespace jit
} // namespace js


            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1588 Column: 12 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      return false;
#endif

    return access.align() < access.byteSize();
}

} // namespace jit
} // namespace js


            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 750 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                          return;

        for (Slice* cur = head; cur != nullptr; cur = cur->getNext()) {
            memcpy(buffer, &cur->instructions, cur->length());
            buffer += cur->length();
        }
    }

    bool appendRawCode(const uint8_t* code, size_t numBytes) {

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 954 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  MOZ_COLD void spew(const char* fmt, va_list va) MOZ_FORMAT_PRINTF(2, 0) {
        // Buffer to hold the formatted string. Note that this may contain
        // '%' characters, so do not pass it directly to printf functions.
        char buf[200];

        int i = VsprintfLiteral(buf, fmt, va);
        if (i > -1) {
            if (printer)
                printer->printf("%s\n", buf);

            

Reported by FlawFinder.