The following issues were found
src/third_party/pcre-8.42/pcreposix.c
5 issues
Line: 227
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
if (errbuf_size > 0)
{
if (addlength > 0 && errbuf_size >= length + addlength)
sprintf(errbuf, "%s%s%-6d", message, addmessage, (int)preg->re_erroffset);
else
{
strncpy(errbuf, message, errbuf_size - 1);
errbuf[errbuf_size-1] = 0;
}
Reported by FlawFinder.
Line: 218
Column: 10
CWE codes:
126
message = (errcode >= (int)(sizeof(pstring)/sizeof(char *)))?
"unknown error code" : pstring[errcode];
length = strlen(message) + 1;
addmessage = " at offset ";
addlength = (preg != NULL && (int)preg->re_erroffset != -1)?
strlen(addmessage) + 6 : 0;
Reported by FlawFinder.
Line: 222
Column: 3
CWE codes:
126
addmessage = " at offset ";
addlength = (preg != NULL && (int)preg->re_erroffset != -1)?
strlen(addmessage) + 6 : 0;
if (errbuf_size > 0)
{
if (addlength > 0 && errbuf_size >= length + addlength)
sprintf(errbuf, "%s%s%-6d", message, addmessage, (int)preg->re_erroffset);
Reported by FlawFinder.
Line: 230
Column: 5
CWE codes:
120
sprintf(errbuf, "%s%s%-6d", message, addmessage, (int)preg->re_erroffset);
else
{
strncpy(errbuf, message, errbuf_size - 1);
errbuf[errbuf_size-1] = 0;
}
}
return length + addlength;
Reported by FlawFinder.
Line: 375
Column: 13
CWE codes:
126
else
{
so = 0;
eo = (int)strlen(string);
}
rc = pcre_exec((const pcre *)preg->re_pcre, NULL, string + so, (eo - so),
0, options, ovector, (int)(nmatch * 3));
Reported by FlawFinder.
src/third_party/pcre-8.42/pcre_internal.h
5 issues
Line: 99
Column: 20
CWE codes:
134
Suggestion:
Use a constant for the format specification
#undef DPRINTF
#ifdef PCRE_DEBUG
#define DPRINTF(p) printf p
#else
#define DPRINTF(p) /* Nothing */
#endif
Reported by FlawFinder.
Line: 372
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#define strlen(s) _strlen(s)
#define strncmp(s1,s2,m) _strncmp(s1,s2,m)
#define memcmp(s,c,n) _memcmp(s,c,n)
#define memcpy(d,s,n) _memcpy(d,s,n)
#define memmove(d,s,n) _memmove(d,s,n)
#define memset(s,c,n) _memset(s,c,n)
#else /* VPCOMPAT */
/* To cope with SunOS4 and other systems that lack memmove() but have bcopy(),
Reported by FlawFinder.
Line: 385
Column: 26
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifndef HAVE_MEMMOVE
#undef memmove /* some systems may have a macro */
#ifdef HAVE_BCOPY
#define memmove(a, b, c) bcopy(b, a, c)
#else /* HAVE_BCOPY */
static void *
pcre_memmove(void *d, const void *s, size_t n)
{
size_t i;
Reported by FlawFinder.
Line: 369
Column: 9
CWE codes:
126
option on the command line. */
#ifdef VPCOMPAT
#define strlen(s) _strlen(s)
#define strncmp(s1,s2,m) _strncmp(s1,s2,m)
#define memcmp(s,c,n) _memcmp(s,c,n)
#define memcpy(d,s,n) _memcpy(d,s,n)
#define memmove(d,s,n) _memmove(d,s,n)
#define memset(s,c,n) _memset(s,c,n)
Reported by FlawFinder.
Line: 2695
Column: 24
CWE codes:
126
strncmp((char *)(str1), (char *)(str2), (num))
#define STRNCMP_UC_C8(str1, str2, num) \
strncmp((char *)(str1), (str2), (num))
#define STRLEN_UC(str) strlen((const char *)str)
#elif defined COMPILE_PCRE16 || defined COMPILE_PCRE32
extern int PRIV(strcmp_uc_uc)(const pcre_uchar *,
const pcre_uchar *);
Reported by FlawFinder.
src/third_party/pcre-8.42/pcre_jit_test.c
5 issues
Line: 865
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char *default_tables;
#if defined SUPPORT_PCRE8
pcre *regex;
char null_str[1] = { 0 };
#elif defined SUPPORT_PCRE16
pcre16 *regex;
PCRE_UCHAR16 null_str[1] = { 0 };
#elif defined SUPPORT_PCRE32
pcre32 *regex;
Reported by FlawFinder.
Line: 914
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!tables_copy)
return NULL;
memcpy(tables_copy, default_tables, 1088);
return tables_copy;
}
#ifdef SUPPORT_PCRE8
static pcre_jit_stack* callback8(void *arg)
Reported by FlawFinder.
Line: 1365
Column: 63
CWE codes:
126
if ((counter & 0x1) != 0) {
setstack8(extra8);
return_value8[0] = pcre_exec(re8, extra8, current->input, strlen(current->input), current->start_offset & OFFSET_MASK,
current->flags & (PCRE_NOTBOL | PCRE_NOTEOL | PCRE_NOTEMPTY | PCRE_NOTEMPTY_ATSTART | PCRE_PARTIAL_SOFT | PCRE_PARTIAL_HARD | PCRE_NO_UTF8_CHECK), ovector8_1, 32);
} else
return_value8[0] = pcre_jit_exec(re8, extra8, current->input, strlen(current->input), current->start_offset & OFFSET_MASK,
current->flags & (PCRE_NOTBOL | PCRE_NOTEOL | PCRE_NOTEMPTY | PCRE_NOTEMPTY_ATSTART | PCRE_PARTIAL_SOFT | PCRE_PARTIAL_HARD | PCRE_NO_UTF8_CHECK), ovector8_1, 32, getstack8());
memset(&dummy_extra8, 0, sizeof(pcre_extra));
Reported by FlawFinder.
Line: 1368
Column: 67
CWE codes:
126
return_value8[0] = pcre_exec(re8, extra8, current->input, strlen(current->input), current->start_offset & OFFSET_MASK,
current->flags & (PCRE_NOTBOL | PCRE_NOTEOL | PCRE_NOTEMPTY | PCRE_NOTEMPTY_ATSTART | PCRE_PARTIAL_SOFT | PCRE_PARTIAL_HARD | PCRE_NO_UTF8_CHECK), ovector8_1, 32);
} else
return_value8[0] = pcre_jit_exec(re8, extra8, current->input, strlen(current->input), current->start_offset & OFFSET_MASK,
current->flags & (PCRE_NOTBOL | PCRE_NOTEOL | PCRE_NOTEMPTY | PCRE_NOTEMPTY_ATSTART | PCRE_PARTIAL_SOFT | PCRE_PARTIAL_HARD | PCRE_NO_UTF8_CHECK), ovector8_1, 32, getstack8());
memset(&dummy_extra8, 0, sizeof(pcre_extra));
dummy_extra8.flags = PCRE_EXTRA_MARK;
if (current->start_offset & F_STUDY) {
dummy_extra8.flags |= PCRE_EXTRA_STUDY_DATA;
Reported by FlawFinder.
Line: 1377
Column: 69
CWE codes:
126
dummy_extra8.study_data = extra8->study_data;
}
dummy_extra8.mark = &mark8_2;
return_value8[1] = pcre_exec(re8, &dummy_extra8, current->input, strlen(current->input), current->start_offset & OFFSET_MASK,
current->flags & (PCRE_NOTBOL | PCRE_NOTEOL | PCRE_NOTEMPTY | PCRE_NOTEMPTY_ATSTART | PCRE_PARTIAL_SOFT | PCRE_PARTIAL_HARD | PCRE_NO_UTF8_CHECK), ovector8_2, 32);
}
#endif
#ifdef SUPPORT_PCRE16
Reported by FlawFinder.
src/third_party/mozjs-60/include/mozilla/Variant.h
5 issues
Line: 500
Column: 38
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static constexpr size_t RawDataSize = tl::Max<sizeof(Ts)...>::value;
// Raw storage for the contained variant value.
alignas(RawDataAlignment) unsigned char rawData[RawDataSize];
// Each type is given a unique tag value that lets us keep track of the
// contained variant value's type.
Tag tag;
Reported by FlawFinder.
Line: 182
Column: 3
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
template<typename Variant>
static bool
equal(const Variant& aLhs, const Variant& aRhs) {
return aLhs.template as<N>() == aRhs.template as<N>();
}
template<typename Matcher, typename ConcreteVariant>
static auto
Reported by FlawFinder.
Line: 235
Column: 15
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
}
template<typename Variant>
static bool equal(const Variant& aLhs, const Variant& aRhs) {
if (aLhs.template is<N>()) {
MOZ_ASSERT(aRhs.template is<N>());
return aLhs.template as<N>() == aRhs.template as<N>();
} else {
return Next::equal(aLhs, aRhs);
Reported by FlawFinder.
Line: 240
Column: 20
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MOZ_ASSERT(aRhs.template is<N>());
return aLhs.template as<N>() == aRhs.template as<N>();
} else {
return Next::equal(aLhs, aRhs);
}
}
template<typename Matcher, typename ConcreteVariant>
static auto
Reported by FlawFinder.
Line: 644
Column: 37
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
* implementation if the rhs is tagged as the same type as this one.
*/
bool operator==(const Variant& aRhs) const {
return tag == aRhs.tag && Impl::equal(*this, aRhs);
}
/**
* Operator != overload that defers to the negation of the variant type's
* operator== implementation if the rhs is tagged as the same type as this
Reported by FlawFinder.
src/third_party/wiredtiger/test/3rdparty/testscenarios-0.4/doc/test_sample.py
5 issues
Line: 1
Column: 1
# testscenarios: extensions to python unittest to allow declarative
# dependency injection ('scenarios') by tests.
#
# Copyright (c) 2009, Robert Collins <robertc@robertcollins.net>
#
# Licensed under either the Apache License, Version 2.0 or the BSD 3-clause
# license at the users choice. A copy of both licenses are available in the
# project source as Apache-2.0 and BSD. You may not use this file except in
# compliance with one of these two licences.
Reported by Pylint.
Line: 5
Column: 2
# dependency injection ('scenarios') by tests.
#
# Copyright (c) 2009, Robert Collins <robertc@robertcollins.net>
#
# Licensed under either the Apache License, Version 2.0 or the BSD 3-clause
# license at the users choice. A copy of both licenses are available in the
# project source as Apache-2.0 and BSD. You may not use this file except in
# compliance with one of these two licences.
#
Reported by Pylint.
Line: 10
Column: 2
# license at the users choice. A copy of both licenses are available in the
# project source as Apache-2.0 and BSD. You may not use this file except in
# compliance with one of these two licences.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under these licenses is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# license you chose for the specific language governing permissions and
# limitations under that license.
Reported by Pylint.
Line: 19
Column: 1
import unittest
class TestSample(unittest.TestCase):
def test_so_easy(self):
pass
Reported by Pylint.
Line: 21
Column: 5
class TestSample(unittest.TestCase):
def test_so_easy(self):
pass
Reported by Pylint.
src/third_party/mozjs-60/extract/mfbt/Variant.h
5 issues
Line: 500
Column: 38
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static constexpr size_t RawDataSize = tl::Max<sizeof(Ts)...>::value;
// Raw storage for the contained variant value.
alignas(RawDataAlignment) unsigned char rawData[RawDataSize];
// Each type is given a unique tag value that lets us keep track of the
// contained variant value's type.
Tag tag;
Reported by FlawFinder.
Line: 182
Column: 3
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
template<typename Variant>
static bool
equal(const Variant& aLhs, const Variant& aRhs) {
return aLhs.template as<N>() == aRhs.template as<N>();
}
template<typename Matcher, typename ConcreteVariant>
static auto
Reported by FlawFinder.
Line: 235
Column: 15
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
}
template<typename Variant>
static bool equal(const Variant& aLhs, const Variant& aRhs) {
if (aLhs.template is<N>()) {
MOZ_ASSERT(aRhs.template is<N>());
return aLhs.template as<N>() == aRhs.template as<N>();
} else {
return Next::equal(aLhs, aRhs);
Reported by FlawFinder.
Line: 240
Column: 20
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
MOZ_ASSERT(aRhs.template is<N>());
return aLhs.template as<N>() == aRhs.template as<N>();
} else {
return Next::equal(aLhs, aRhs);
}
}
template<typename Matcher, typename ConcreteVariant>
static auto
Reported by FlawFinder.
Line: 644
Column: 37
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
* implementation if the rhs is tagged as the same type as this one.
*/
bool operator==(const Variant& aRhs) const {
return tag == aRhs.tag && Impl::equal(*this, aRhs);
}
/**
* Operator != overload that defers to the negation of the variant type's
* operator== implementation if the rhs is tagged as the same type as this
Reported by FlawFinder.
buildscripts/idl/idl/syntax.py
5 issues
Line: 39
Column: 1
import itertools
from typing import Any, Dict, Iterator, List, Optional, Tuple, Union, cast
from . import common
from . import errors
class IDLParsedSpec(object):
"""A parsed IDL document or a set of errors if parsing failed."""
Reported by Pylint.
Line: 40
Column: 1
from typing import Any, Dict, Iterator, List, Optional, Tuple, Union, cast
from . import common
from . import errors
class IDLParsedSpec(object):
"""A parsed IDL document or a set of errors if parsing failed."""
Reported by Pylint.
Line: 49
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def __init__(self, spec, error_collection):
# type: (IDLSpec, errors.ParserErrorCollection) -> None
"""Must specify either an IDL document or errors, not both."""
assert (spec is None and error_collection is not None) or (spec is not None
and error_collection is None)
self.spec = spec
self.errors = error_collection
Reported by Bandit.
Line: 288
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
return ArrayType(element_type)
assert isinstance(field_type, FieldTypeSingle)
type_name = field_type.type_name
if type_name.startswith('array<'):
# The caller should've already stripped "array<...>" from type_name, this may be an
# illegal nested array like "array<array<...>>".
ctxt.add_bad_array_type_name_error(location, field_name, type_name)
Reported by Bandit.
Line: 389
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
self.name = f'array<{element_type.name}>'
self.element_type = element_type
if isinstance(element_type, Type):
assert element_type.cpp_type
self.cpp_type = f'std::vector<{element_type.cpp_type}>'
class VariantType(Type):
"""Stores all type information about an IDL variant type."""
Reported by Bandit.
src/mongo/db/storage/devnull/ephemeral_catalog_record_store.cpp
5 issues
Line: 378
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const auto insertSingleFn = [this, opCtx](Record* record) {
stdx::lock_guard<stdx::recursive_mutex> lock(_data->recordsMutex);
EphemeralForTestRecord rec(record->data.size());
memcpy(rec.data.get(), record->data.data(), record->data.size());
RecordId loc;
if (_data->isOplog) {
StatusWith<RecordId> status =
extractAndCheckLocForOplog(lock, record->data.data(), record->data.size());
Reported by FlawFinder.
Line: 420
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
invariant(!_isCapped || len == oldLen);
EphemeralForTestRecord newRecord(len);
memcpy(newRecord.data.get(), data, len);
opCtx->recoveryUnit()->registerChange(
std::make_unique<RemoveChange>(opCtx, _data, loc, *oldRecord));
_data->dataSize += len - oldLen;
*oldRecord = newRecord;
Reported by FlawFinder.
Line: 466
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// First copies all bytes before the damage from the old record.
// Bytes between the current location in the oldRecord and the start of the damage.
auto oldSize = (where->targetOffset - diffSize) - oldOffset;
std::memcpy(root + curSize, old + oldOffset, oldSize);
// Then copies from the damage source according to the damage event info.
const char* sourcePtr = damageSource + where->sourceOffset;
char* targetPtr = root + where->targetOffset;
std::memcpy(targetPtr, sourcePtr, where->sourceSize);
Reported by FlawFinder.
Line: 471
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// Then copies from the damage source according to the damage event info.
const char* sourcePtr = damageSource + where->sourceOffset;
char* targetPtr = root + where->targetOffset;
std::memcpy(targetPtr, sourcePtr, where->sourceSize);
// Moves after the current damaged area in the old record. Updates the size difference due
// to the current damage. Increases the current size in the new record.
oldOffset = where->targetOffset - diffSize + where->targetSize;
diffSize += where->sourceSize - where->targetSize;
Reported by FlawFinder.
Line: 480
Column: 10
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
curSize += oldSize + where->sourceSize;
}
// Copies the rest of the old record.
std::memcpy(root + curSize, old + oldOffset, oldRecord->size - oldOffset);
*oldRecord = newRecord;
return newRecord.toRecordData();
}
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/vm/SavedStacks.cpp
5 issues
Line: 651
return GetFirstMatchedFrame(cx, SavedFrameSubsumedByCaller, frame, selfHosted, skippedAsync);
}
JS_FRIEND_API(JSObject*)
GetFirstSubsumedSavedFrame(JSContext* cx, HandleObject savedFrame,
JS::SavedFrameSelfHosted selfHosted)
{
if (!savedFrame)
return nullptr;
Reported by Cppcheck.
Line: 1482
Column: 66
CWE codes:
126
// Atomize the async cause string. There should only be a few
// different strings used.
const char* cause = activation.asyncCause();
RootedAtom causeAtom(cx, AtomizeUTF8Chars(cx, cause, strlen(cause)));
if (!causeAtom)
return false;
// Translate our capture into a frame count limit for
// adoptAsyncStack, which will impose further limits.
Reported by FlawFinder.
Line: 1708
Column: 55
CWE codes:
126
locationp.setSource(AtomizeChars(cx, displayURL, js_strlen(displayURL)));
} else {
const char* filename = iter.filename() ? iter.filename() : "";
locationp.setSource(Atomize(cx, filename, strlen(filename)));
}
if (!locationp.source())
return false;
uint32_t column = 0;
Reported by FlawFinder.
Line: 1734
Column: 44
CWE codes:
126
source = AtomizeChars(cx, displayURL, js_strlen(displayURL));
} else {
const char* filename = script->filename() ? script->filename() : "";
source = Atomize(cx, filename, strlen(filename));
}
if (!source)
return false;
uint32_t column;
Reported by FlawFinder.
Line: 1838
Column: 30
CWE codes:
126
return UTF8CharsZ();
char* chars = JS_EncodeStringToUTF8(cx, stackStr);
return UTF8CharsZ(chars, strlen(chars));
}
} /* namespace js */
namespace JS {
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/vm/Printer.cpp
5 issues
Line: 69
Column: 17
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
bool
GenericPrinter::printf(const char* fmt, ...)
{
va_list va;
va_start(va, fmt);
bool r = vprintf(fmt, va);
va_end(va);
Reported by FlawFinder.
Line: 73
Column: 14
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
va_list va;
va_start(va, fmt);
bool r = vprintf(fmt, va);
va_end(va);
return r;
}
bool
Reported by FlawFinder.
Line: 79
Column: 17
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
bool
GenericPrinter::vprintf(const char* fmt, va_list ap)
{
// Simple shortcut to avoid allocating strings.
if (strchr(fmt, '%') == nullptr)
return put(fmt);
Reported by FlawFinder.
Line: 273
Column: 14
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_list ap;
va_start(ap, format);
bool r = vprintf(format, ap);
va_end(ap);
return r;
}
Reported by FlawFinder.
Line: 414
Column: 13
CWE codes:
362
Fprinter::init(const char* path)
{
MOZ_ASSERT(!file_);
file_ = fopen(path, "w");
if (!file_)
return false;
init_ = true;
return true;
}
Reported by FlawFinder.