The following issues were found
src/third_party/mozjs-60/extract/js/src/builtin/Stream.cpp
6 issues
Line: 5457
return CreateReadableStreamBYOBReader(cx, stream);
}
JS_FRIEND_API(JSObject*)
js::UnwrapReadableStream(JSObject* obj)
{
if (JSObject* unwrapped = CheckedUnwrap(obj))
return unwrapped->is<ReadableStream>() ? unwrapped : nullptr;
return nullptr;
Reported by Cppcheck.
Line: 1097
Column: 63
CWE codes:
120
20
// handler which takes the argument result and performs the
// following steps:
Rooted<ReadableStreamDefaultReader*> reader(cx, teeState->reader());
RootedObject readPromise(cx, ReadableStreamDefaultReader::read(cx, reader));
if (!readPromise)
return nullptr;
RootedObject onFulfilled(cx, NewHandler(cx, TeeReaderReadHandler, teeState));
if (!onFulfilled)
Reported by FlawFinder.
Line: 1722
Column: 58
CWE codes:
120
20
}
// Step 3: Return ! ReadableStreamDefaultReaderRead(this).
JSObject* readPromise = ReadableStreamDefaultReader::read(cx, reader);
if (!readPromise)
return false;
args.rval().setObject(*readPromise);
return true;
}
Reported by FlawFinder.
Line: 1938
Column: 55
CWE codes:
120
20
}
// Step 6: Return ! ReadableStreamBYOBReaderRead(this, view).
JSObject* readPromise = ReadableStreamBYOBReader::read(cx, reader, view);
if (!readPromise)
return false;
args.rval().setObject(*readPromise);
return true;
}
Reported by FlawFinder.
Line: 2113
Column: 27
CWE codes:
120
20
// Streams spec, 3.7.6. ReadableStreamBYOBReaderRead ( reader, view )
/* static */ MOZ_MUST_USE JSObject*
ReadableStreamBYOBReader::read(JSContext* cx, Handle<ReadableStreamBYOBReader*> reader,
Handle<ArrayBufferViewObject*> view)
{
MOZ_ASSERT(reader->is<ReadableStreamBYOBReader>());
// Step 1: Let stream be reader.[[ownerReadableStream]].
Reported by FlawFinder.
Line: 2143
Column: 30
CWE codes:
120
20
// Streams spec, 3.7.7. ReadableStreamDefaultReaderRead ( reader )
MOZ_MUST_USE JSObject*
ReadableStreamDefaultReader::read(JSContext* cx, Handle<ReadableStreamDefaultReader*> reader)
{
// Step 1: Let stream be reader.[[ownerReadableStream]].
// Step 2: Assert: stream is not undefined.
Rooted<ReadableStream*> stream(cx, StreamFromReader(reader));
Reported by FlawFinder.
buildscripts/mongosymb.py
6 issues
Line: 23
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess
import json
import argparse
import os
import subprocess
import sys
def parse_input(trace_doc, dbg_path_resolver):
"""Return a list of frame dicts from an object of {backtrace: list(), processInfo: dict()}."""
Reported by Bandit.
Line: 83
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
symbolizer_args = [symbolizer_path]
for dh in dsym_hint:
symbolizer_args.append("-dsym-hint={}".format(dh))
symbolizer_process = subprocess.Popen(args=symbolizer_args, close_fds=True,
stdin=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=open("/dev/null"))
def extract_symbols(stdin):
"""Extract symbol information from the output of llvm-symbolizer.
Reported by Bandit.
Line: 187
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html
def _get_from_s3(self, build_id):
"""Download debug symbols from S3."""
subprocess.check_call(
['wget', 'https://s3.amazonaws.com/{}/{}.debug.gz'.format(self._s3_bucket, build_id)],
cwd=self._cache_dir)
subprocess.check_call(['gunzip', build_id + ".debug.gz"], cwd=self._cache_dir)
Reported by Bandit.
Line: 187
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
def _get_from_s3(self, build_id):
"""Download debug symbols from S3."""
subprocess.check_call(
['wget', 'https://s3.amazonaws.com/{}/{}.debug.gz'.format(self._s3_bucket, build_id)],
cwd=self._cache_dir)
subprocess.check_call(['gunzip', build_id + ".debug.gz"], cwd=self._cache_dir)
Reported by Bandit.
Line: 190
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
subprocess.check_call(
['wget', 'https://s3.amazonaws.com/{}/{}.debug.gz'.format(self._s3_bucket, build_id)],
cwd=self._cache_dir)
subprocess.check_call(['gunzip', build_id + ".debug.gz"], cwd=self._cache_dir)
def classic_output(frames, outfile, **kwargs): # pylint: disable=unused-argument
"""Provide classic output."""
for frame in frames:
Reported by Bandit.
Line: 190
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html
subprocess.check_call(
['wget', 'https://s3.amazonaws.com/{}/{}.debug.gz'.format(self._s3_bucket, build_id)],
cwd=self._cache_dir)
subprocess.check_call(['gunzip', build_id + ".debug.gz"], cwd=self._cache_dir)
def classic_output(frames, outfile, **kwargs): # pylint: disable=unused-argument
"""Provide classic output."""
for frame in frames:
Reported by Bandit.
src/third_party/wiredtiger/dist/docs.py
6 issues
Line: 1
Column: 1
# Read and verify the documentation data to make sure path names are valid.
import os, sys
import docs_data
def check_sort(got, msg, keyfunc=None):
if keyfunc:
expect = sorted(got, key=keyfunc)
else:
Reported by Pylint.
Line: 3
Column: 1
# Read and verify the documentation data to make sure path names are valid.
import os, sys
import docs_data
def check_sort(got, msg, keyfunc=None):
if keyfunc:
expect = sorted(got, key=keyfunc)
else:
Reported by Pylint.
Line: 6
Column: 1
import os, sys
import docs_data
def check_sort(got, msg, keyfunc=None):
if keyfunc:
expect = sorted(got, key=keyfunc)
else:
expect = sorted(got)
if got != expect:
Reported by Pylint.
Line: 17
Column: 1
print(' expect: ' + str(expect))
# An include filename will be sorted first.
def inc_first(f):
if '/include/' in f:
return '_' + f
else:
return f
Reported by Pylint.
Line: 17
Column: 1
print(' expect: ' + str(expect))
# An include filename will be sorted first.
def inc_first(f):
if '/include/' in f:
return '_' + f
else:
return f
Reported by Pylint.
Line: 18
Column: 5
# An include filename will be sorted first.
def inc_first(f):
if '/include/' in f:
return '_' + f
else:
return f
top_dir = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
Reported by Pylint.
src/third_party/wiredtiger/dist/api_data.py
6 issues
Line: 1
Column: 1
# This file is a python script that describes the WiredTiger API.
class Method:
def __init__(self, config):
# Deal with duplicates: with complex configurations (like
# WT_SESSION::create), it's simpler to deal with duplicates once than
# manually as configurations are defined
self.config = []
lastname = None
Reported by Pylint.
Line: 1
Column: 1
# This file is a python script that describes the WiredTiger API.
class Method:
def __init__(self, config):
# Deal with duplicates: with complex configurations (like
# WT_SESSION::create), it's simpler to deal with duplicates once than
# manually as configurations are defined
self.config = []
lastname = None
Reported by Pylint.
Line: 3
Column: 1
# This file is a python script that describes the WiredTiger API.
class Method:
def __init__(self, config):
# Deal with duplicates: with complex configurations (like
# WT_SESSION::create), it's simpler to deal with duplicates once than
# manually as configurations are defined
self.config = []
lastname = None
Reported by Pylint.
Line: 3
Column: 1
# This file is a python script that describes the WiredTiger API.
class Method:
def __init__(self, config):
# Deal with duplicates: with complex configurations (like
# WT_SESSION::create), it's simpler to deal with duplicates once than
# manually as configurations are defined
self.config = []
lastname = None
Reported by Pylint.
Line: 10
Column: 13
# manually as configurations are defined
self.config = []
lastname = None
for c in sorted(config):
if '.' in c.name:
raise "Bad config key '%s'" % c.name
if c.name == lastname:
continue
lastname = c.name
Reported by Pylint.
Line: 18
Column: 1
lastname = c.name
self.config.append(c)
class Config:
def __init__(self, name, default, desc, subconfig=None, **flags):
self.name = name
self.default = default
self.desc = desc
self.subconfig = subconfig
Reported by Pylint.
src/third_party/icu4c-57.1/source/i18n/usearch.cpp
6 issues
Line: 3847
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
// TODO: reject search patterns beginning with a combining char.
#ifdef USEARCH_DEBUG
if (getenv("USEARCH_DEBUG") != NULL) {
printf("Pattern CEs\n");
for (int ii=0; ii<strsrch->pattern.cesLength; ii++) {
printf(" %8x", strsrch->pattern.ces[ii]);
}
printf("\n");
Reported by FlawFinder.
Line: 4079
Column: 13
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
}
#ifdef USEARCH_DEBUG
if (getenv("USEARCH_DEBUG") != NULL) {
printf("minLimit, maxLimit, mLimit = %d, %d, %d\n", minLimit, maxLimit, mLimit);
}
#endif
if (!allowMidclusterMatch) {
Reported by FlawFinder.
Line: 4106
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
}
#ifdef USEARCH_DEBUG
if (getenv("USEARCH_DEBUG") != NULL) {
printf("Target CEs [%d .. %d]\n", ceb.firstIx, ceb.limitIx);
int32_t lastToPrint = ceb.limitIx+2;
for (int ii=ceb.firstIx; ii<lastToPrint; ii++) {
printf("%8x@%d ", ceb.get(ii)->ce, ceb.get(ii)->srcIndex);
}
Reported by FlawFinder.
Line: 4147
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
// TODO: reject search patterns beginning with a combining char.
#ifdef USEARCH_DEBUG
if (getenv("USEARCH_DEBUG") != NULL) {
printf("Pattern CEs\n");
for (int ii=0; ii<strsrch->pattern.cesLength; ii++) {
printf(" %8x", strsrch->pattern.ces[ii]);
}
printf("\n");
Reported by FlawFinder.
Line: 4373
Column: 13
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
}
#ifdef USEARCH_DEBUG
if (getenv("USEARCH_DEBUG") != NULL) {
printf("minLimit, maxLimit, mLimit = %d, %d, %d\n", minLimit, maxLimit, mLimit);
}
#endif
Reported by FlawFinder.
Line: 4389
Column: 9
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
}
#ifdef USEARCH_DEBUG
if (getenv("USEARCH_DEBUG") != NULL) {
printf("Target CEs [%d .. %d]\n", ceb.firstIx, ceb.limitIx);
int32_t lastToPrint = ceb.limitIx+2;
for (int ii=ceb.firstIx; ii<lastToPrint; ii++) {
printf("%8x@%d ", ceb.get(ii)->ce, ceb.get(ii)->srcIndex);
}
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/i18n/ucol_sit.cpp
6 issues
Line: 91
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* collator instance
*/
struct CollatorSpec {
char locElements[locElementCount][locElementCapacity];
char locale[loc3066Capacity];
char provider[locProviderCapacity];
UColAttributeValue options[UCOL_ATTRIBUTE_COUNT];
uint32_t variableTopValue;
UChar variableTopString[locElementCapacity];
Reported by FlawFinder.
Line: 92
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct CollatorSpec {
char locElements[locElementCount][locElementCapacity];
char locale[loc3066Capacity];
char provider[locProviderCapacity];
UColAttributeValue options[UCOL_ATTRIBUTE_COUNT];
uint32_t variableTopValue;
UChar variableTopString[locElementCapacity];
int32_t variableTopStringLen;
Reported by FlawFinder.
Line: 93
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct CollatorSpec {
char locElements[locElementCount][locElementCapacity];
char locale[loc3066Capacity];
char provider[locProviderCapacity];
UColAttributeValue options[UCOL_ATTRIBUTE_COUNT];
uint32_t variableTopValue;
UChar variableTopString[locElementCapacity];
int32_t variableTopStringLen;
UBool variableTopSet;
Reported by FlawFinder.
Line: 456
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ucol_sit_readSpecs(&s, definition, parseError, status);
ucol_sit_calculateWholeLocale(&s);
char buffer[internalBufferSize];
uprv_memset(buffer, 0, internalBufferSize);
uloc_canonicalize(s.locale, buffer, internalBufferSize, status);
UResourceBundle *b = ures_open(U_ICUDATA_COLL, buffer, status);
/* we try to find stuff from keyword */
Reported by FlawFinder.
Line: 464
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* we try to find stuff from keyword */
UResourceBundle *collations = ures_getByKey(b, "collations", NULL, status);
UResourceBundle *collElem = NULL;
char keyBuffer[256];
// if there is a keyword, we pick it up and try to get elements
if(!uloc_getKeywordValue(buffer, "collation", keyBuffer, 256, status)) {
// no keyword. we try to find the default setting, which will give us the keyword value
UResourceBundle *defaultColl = ures_getByKeyWithFallback(collations, "default", NULL, status);
if(U_SUCCESS(*status)) {
Reported by FlawFinder.
Line: 520
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
string = ucol_sit_readSpecs(&s, definition, parseError, status);
ucol_sit_calculateWholeLocale(&s);
char buffer[internalBufferSize];
uprv_memset(buffer, 0, internalBufferSize);
uloc_canonicalize(s.locale, buffer, internalBufferSize, status);
UCollator *result = ucol_open(buffer, status);
int32_t i = 0;
Reported by FlawFinder.
buildscripts/idl/idl/parser.py
6 issues
Line: 42
Column: 1
import yaml
from yaml import nodes
from . import common
from . import cpp_types
from . import errors
from . import syntax
Reported by Pylint.
Line: 43
Column: 1
from yaml import nodes
from . import common
from . import cpp_types
from . import errors
from . import syntax
class _RuleDesc(object):
Reported by Pylint.
Line: 44
Column: 1
from . import common
from . import cpp_types
from . import errors
from . import syntax
class _RuleDesc(object):
"""
Reported by Pylint.
Line: 45
Column: 1
from . import common
from . import cpp_types
from . import errors
from . import syntax
class _RuleDesc(object):
"""
Describe a simple parser rule for the generic YAML node parser.
Reported by Pylint.
Line: 71
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
sequence_parser_func=None):
# type: (str, int, Callable[[errors.ParserContext,yaml.nodes.MappingNode], Any], Callable[[errors.ParserContext,yaml.nodes.SequenceNode], Any]) -> None
"""Construct a parser rule description."""
assert required in (_RuleDesc.REQUIRED, _RuleDesc.OPTIONAL)
self.node_type = node_type # type: str
self.required = required # type: int
self.mapping_parser_func = mapping_parser_func # type: Callable[[errors.ParserContext,yaml.nodes.MappingNode], Any]
default_seq_parser = lambda ctxt, node: ctxt.get_list(node)
Reported by Bandit.
Line: 332
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
{"variant": _RuleDesc("sequence", sequence_parser_func=_parse_variant_alternatives)})
return variant
else:
assert node.id == "scalar"
single = syntax.FieldTypeSingle(ctxt.file_name, node.start_mark.line,
node.start_mark.column)
if node.value.startswith('array<'):
single.type_name = syntax.parse_array_type(node.value)
Reported by Bandit.
src/third_party/icu4c-57.1/source/i18n/tznames_impl.cpp
6 issues
Line: 732
UVector *fLocalVector;
};
UOBJECT_DEFINE_RTTI_IMPLEMENTATION(MetaZoneIDsEnumeration)
MetaZoneIDsEnumeration::MetaZoneIDsEnumeration()
: fLen(0), fPos(0), fMetaZoneIDs(NULL), fLocalVector(NULL) {
}
Reported by Cppcheck.
Line: 1183
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return;
}
char mzIdChar[ZID_KEY_MAX + 1];
int32_t keyLen;
int32_t prefixLen = uprv_strlen(gMZPrefix);
keyLen = mzID.extract(0, mzID.length(), mzIdChar, ZID_KEY_MAX + 1, US_INV);
uprv_memcpy((void *)result, (void *)gMZPrefix, prefixLen);
uprv_memcpy((void *)(result + prefixLen), (void *)mzIdChar, keyLen);
Reported by FlawFinder.
Line: 1211
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *cacheVal = uhash_get(fMZNamesMap, mzIDKey);
if (cacheVal == NULL) {
char key[ZID_KEY_MAX + 1];
mergeTimeZoneKey(mzID, key);
znames = ZNames::createInstance(fZoneStrings, key);
if (znames == NULL) {
cacheVal = (void *)EMPTY;
Reported by FlawFinder.
Line: 1281
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *cacheVal = uhash_get(fTZNamesMap, tzIDKey);
if (cacheVal == NULL) {
char key[ZID_KEY_MAX + 1];
UErrorCode status = U_ZERO_ERROR;
// Replace "/" with ":".
UnicodeString uKey(tzID);
for (int32_t i = 0; i < uKey.length(); i++) {
if (uKey.charAt(i) == (UChar)0x2F) {
Reported by FlawFinder.
Line: 1857
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int32_t regionLen = uprv_strlen(region);
if (regionLen == 0) {
UErrorCode status = U_ZERO_ERROR;
char loc[ULOC_FULLNAME_CAPACITY];
uloc_addLikelySubtags(fLocale.getName(), loc, sizeof(loc), &status);
regionLen = uloc_getCountry(loc, fRegion, sizeof(fRegion), &status);
if (U_SUCCESS(status) && regionLen < (int32_t)sizeof(fRegion)) {
useWorld = FALSE;
}
Reported by FlawFinder.
Line: 1974
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
UResourceBundle *zoneStringsRes = ures_openDirect(U_ICUDATA_ZONE, "tzdbNames", &status);
zoneStringsRes = ures_getByKey(zoneStringsRes, gZoneStrings, zoneStringsRes, &status);
if (U_SUCCESS(status)) {
char key[ZID_KEY_MAX + 1];
mergeTimeZoneKey(mzID, key);
tzdbNames = TZDBNames::createInstance(zoneStringsRes, key);
if (tzdbNames == NULL) {
cacheVal = (void *)EMPTY;
Reported by FlawFinder.
src/third_party/wiredtiger/test/suite/test_lsm04.py
6 issues
Line: 29
Column: 1
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
import wiredtiger, wttest
# test_lsm_key_format
# LSM doesn't current support column-store keys.
class test_lsm_key_format(wttest.WiredTigerTestCase):
def test_lsm_key_format(self):
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled
Reported by Pylint.
Line: 29
Column: 1
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
import wiredtiger, wttest
# test_lsm_key_format
# LSM doesn't current support column-store keys.
class test_lsm_key_format(wttest.WiredTigerTestCase):
def test_lsm_key_format(self):
Reported by Pylint.
Line: 33
Column: 1
# test_lsm_key_format
# LSM doesn't current support column-store keys.
class test_lsm_key_format(wttest.WiredTigerTestCase):
def test_lsm_key_format(self):
self.assertRaisesWithMessage(wiredtiger.WiredTigerError,
lambda: self.session.create(
"table:A", "key_format=r,value_format=S,type=lsm"),
'/key_format/')
Reported by Pylint.
Line: 33
Column: 1
# test_lsm_key_format
# LSM doesn't current support column-store keys.
class test_lsm_key_format(wttest.WiredTigerTestCase):
def test_lsm_key_format(self):
self.assertRaisesWithMessage(wiredtiger.WiredTigerError,
lambda: self.session.create(
"table:A", "key_format=r,value_format=S,type=lsm"),
'/key_format/')
Reported by Pylint.
Line: 34
Column: 5
# test_lsm_key_format
# LSM doesn't current support column-store keys.
class test_lsm_key_format(wttest.WiredTigerTestCase):
def test_lsm_key_format(self):
self.assertRaisesWithMessage(wiredtiger.WiredTigerError,
lambda: self.session.create(
"table:A", "key_format=r,value_format=S,type=lsm"),
'/key_format/')
Reported by Pylint.
src/third_party/icu4c-57.1/source/common/wintz.c
6 issues
Line: 122
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static LONG openTZRegKey(HKEY *hkey, const char *winid)
{
char subKeyName[110]; /* TODO: why 96?? */
char *name;
LONG result;
/* This isn't thread safe, but it's good enough because the result should be constant per system. */
if (gWinType <= 0) {
Reported by FlawFinder.
Line: 277
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
UErrorCode status = U_ZERO_ERROR;
UResourceBundle* bundle = NULL;
char* icuid = NULL;
char apiStdName[MAX_LENGTH_ID];
char regStdName[MAX_LENGTH_ID];
char tmpid[MAX_LENGTH_ID];
int32_t len;
int id;
int errorCode;
Reported by FlawFinder.
Line: 278
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
UResourceBundle* bundle = NULL;
char* icuid = NULL;
char apiStdName[MAX_LENGTH_ID];
char regStdName[MAX_LENGTH_ID];
char tmpid[MAX_LENGTH_ID];
int32_t len;
int id;
int errorCode;
UChar ISOcodeW[3]; /* 2 letter iso code in UTF-16*/
Reported by FlawFinder.
Line: 279
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char* icuid = NULL;
char apiStdName[MAX_LENGTH_ID];
char regStdName[MAX_LENGTH_ID];
char tmpid[MAX_LENGTH_ID];
int32_t len;
int id;
int errorCode;
UChar ISOcodeW[3]; /* 2 letter iso code in UTF-16*/
char ISOcodeA[3]; /* 2 letter iso code in ansi */
Reported by FlawFinder.
Line: 284
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int id;
int errorCode;
UChar ISOcodeW[3]; /* 2 letter iso code in UTF-16*/
char ISOcodeA[3]; /* 2 letter iso code in ansi */
LONG result;
TZI tziKey;
TZI tziReg;
TIME_ZONE_INFORMATION apiTZI;
Reported by FlawFinder.
Line: 132
Column: 24
CWE codes:
126
}
uprv_strcpy(subKeyName, TZ_REGKEY[(gWinType != WIN_9X_ME_TYPE)]);
name = &subKeyName[strlen(subKeyName)];
uprv_strcat(subKeyName, winid);
if (gWinType == WIN_9X_ME_TYPE) {
/* Remove " Standard Time" */
char *pStd = uprv_strstr(subKeyName, STANDARD_TIME_REGKEY);
Reported by FlawFinder.