The following issues were found
src/third_party/mozjs-60/include/double-conversion/utils.h
4 issues
Line: 312
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Compile time assertion: sizeof(Dest) == sizeof(Source)
// A compile error here means your Dest and Source have different sizes.
DOUBLE_CONVERSION_UNUSED
typedef char VerifySizesAreEqual[sizeof(Dest) == sizeof(Source) ? 1 : -1];
Dest dest;
memmove(&dest, &source, sizeof(dest));
return dest;
}
Reported by FlawFinder.
Line: 160
Column: 19
CWE codes:
126
inline int StrLength(const char* string) {
size_t length = strlen(string);
ASSERT(length == static_cast<size_t>(static_cast<int>(length)));
return static_cast<int>(length);
}
// This is a simplified version of V8's Vector class.
Reported by FlawFinder.
Line: 248
Column: 38
CWE codes:
126
// builder. The input string must have enough characters.
void AddSubstring(const char* s, int n) {
ASSERT(!is_finalized() && position_ + n < buffer_.length());
ASSERT(static_cast<size_t>(n) <= strlen(s));
memmove(&buffer_[position_], s, n * kCharSize);
position_ += n;
}
Reported by FlawFinder.
Line: 268
Column: 12
CWE codes:
126
buffer_[position_] = '\0';
// Make sure nobody managed to add a 0-character to the
// buffer while building the string.
ASSERT(strlen(buffer_.start()) == static_cast<size_t>(position_));
position_ = -1;
ASSERT(is_finalized());
return buffer_.start();
}
Reported by FlawFinder.
src/third_party/mozjs-60/extract/mfbt/double-conversion/double-conversion/utils.h
4 issues
Line: 312
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Compile time assertion: sizeof(Dest) == sizeof(Source)
// A compile error here means your Dest and Source have different sizes.
DOUBLE_CONVERSION_UNUSED
typedef char VerifySizesAreEqual[sizeof(Dest) == sizeof(Source) ? 1 : -1];
Dest dest;
memmove(&dest, &source, sizeof(dest));
return dest;
}
Reported by FlawFinder.
Line: 160
Column: 19
CWE codes:
126
inline int StrLength(const char* string) {
size_t length = strlen(string);
ASSERT(length == static_cast<size_t>(static_cast<int>(length)));
return static_cast<int>(length);
}
// This is a simplified version of V8's Vector class.
Reported by FlawFinder.
Line: 248
Column: 38
CWE codes:
126
// builder. The input string must have enough characters.
void AddSubstring(const char* s, int n) {
ASSERT(!is_finalized() && position_ + n < buffer_.length());
ASSERT(static_cast<size_t>(n) <= strlen(s));
memmove(&buffer_[position_], s, n * kCharSize);
position_ += n;
}
Reported by FlawFinder.
Line: 268
Column: 12
CWE codes:
126
buffer_[position_] = '\0';
// Make sure nobody managed to add a 0-character to the
// buffer while building the string.
ASSERT(strlen(buffer_.start()) == static_cast<size_t>(position_));
position_ = -1;
ASSERT(is_finalized());
return buffer_.start();
}
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/wasm/WasmDebug.cpp
4 issues
Line: 626
Column: 54
CWE codes:
126
js::StringBuffer filenamePrefix(cx);
// EncodeURI returns false due to invalid chars or OOM -- fail only
// during OOM.
if (!EncodeURI(cx, filenamePrefix, filename, strlen(filename))) {
if (!cx->isExceptionPending())
return nullptr;
cx->clearPendingException(); // ignore invalid URI
} else if (!result.append(filenamePrefix.finishString())) {
return nullptr;
Reported by FlawFinder.
Line: 661
Column: 13
CWE codes:
126
for (const CustomSection& customSection : metadata().customSections) {
const NameInBytecode& sectionName = customSection.name;
if (strlen(SourceMappingURLSectionName) != sectionName.length ||
memcmp(SourceMappingURLSectionName, maybeBytecode_->begin() + sectionName.offset,
sectionName.length) != 0)
{
continue;
}
Reported by FlawFinder.
Line: 690
Column: 25
CWE codes:
126
// Check presence of "SourceMap:" HTTP response header.
char* sourceMapURL = metadata().sourceMapURL.get();
if (sourceMapURL && strlen(sourceMapURL)) {
UTF8Chars utf8Chars(sourceMapURL, strlen(sourceMapURL));
JSString* str = JS_NewStringCopyUTF8N(cx, utf8Chars);
if (!str)
return false;
result.set(str);
Reported by FlawFinder.
Line: 691
Column: 43
CWE codes:
126
// Check presence of "SourceMap:" HTTP response header.
char* sourceMapURL = metadata().sourceMapURL.get();
if (sourceMapURL && strlen(sourceMapURL)) {
UTF8Chars utf8Chars(sourceMapURL, strlen(sourceMapURL));
JSString* str = JS_NewStringCopyUTF8N(cx, utf8Chars);
if (!str)
return false;
result.set(str);
}
Reported by FlawFinder.
src/mongo/db/exec/sbe/stages/spool.cpp
4 issues
Line: 76
Column: 31
CWE codes:
362
return ctx.getAccessor(slot);
}
void SpoolEagerProducerStage::open(bool reOpen) {
auto optTimer(getOptTimer(_opCtx));
_commonStats.opens++;
_children[0]->open(reOpen);
Reported by FlawFinder.
Line: 80
Column: 19
CWE codes:
362
auto optTimer(getOptTimer(_opCtx));
_commonStats.opens++;
_children[0]->open(reOpen);
if (reOpen) {
_buffer->clear();
}
Reported by FlawFinder.
Line: 217
Column: 30
CWE codes:
362
return ctx.getAccessor(slot);
}
void SpoolLazyProducerStage::open(bool reOpen) {
auto optTimer(getOptTimer(_opCtx));
_commonStats.opens++;
_children[0]->open(reOpen);
Reported by FlawFinder.
Line: 221
Column: 19
CWE codes:
362
auto optTimer(getOptTimer(_opCtx));
_commonStats.opens++;
_children[0]->open(reOpen);
if (reOpen) {
_buffer->clear();
}
}
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/wasm/WasmGenerator.cpp
4 issues
Line: 638
Column: 32
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (!AppendForEach(&metadataTier_->memoryAccesses, code.memoryAccesses, memoryOp))
return false;
for (const SymbolicAccess& access : code.symbolicAccesses) {
uint32_t patchAt = offsetInModule + access.patchAt.offset();
if (!linkDataTier_->symbolicLinks[access.target].append(patchAt))
return false;
}
Reported by FlawFinder.
Line: 639
Column: 45
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return false;
for (const SymbolicAccess& access : code.symbolicAccesses) {
uint32_t patchAt = offsetInModule + access.patchAt.offset();
if (!linkDataTier_->symbolicLinks[access.target].append(patchAt))
return false;
}
for (const CodeLabel& codeLabel : code.codeLabels) {
Reported by FlawFinder.
Line: 640
Column: 43
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
for (const SymbolicAccess& access : code.symbolicAccesses) {
uint32_t patchAt = offsetInModule + access.patchAt.offset();
if (!linkDataTier_->symbolicLinks[access.target].append(patchAt))
return false;
}
for (const CodeLabel& codeLabel : code.codeLabels) {
LinkDataTier::InternalLink link;
Reported by FlawFinder.
Line: 952
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mozilla::SHA1Sum sha1Sum;
sha1Sum.update(bytecode.begin(), bytecode.length());
sha1Sum.finish(hash);
memcpy(metadata_->debugHash, hash, sizeof(ModuleHash));
}
return true;
}
Reported by FlawFinder.
src/mongo/db/exec/sbe/stages/scan.cpp
4 issues
Line: 224
Column: 17
CWE codes:
362
_tracker = tracker;
}
void ScanStage::open(bool reOpen) {
auto optTimer(getOptTimer(_opCtx));
_commonStats.opens++;
invariant(_opCtx);
Reported by FlawFinder.
Line: 664
Column: 25
CWE codes:
362
}
}
void ParallelScanStage::open(bool reOpen) {
auto optTimer(getOptTimer(_opCtx));
invariant(_opCtx);
invariant(!reOpen, "parallel scan is not restartable");
Reported by FlawFinder.
Line: 331
Column: 53
CWE codes:
120
20
auto fieldsToMatch = _fieldAccessors.size();
auto rawBson = nextRecord->data.data();
auto be = rawBson + 4;
auto end = rawBson + ConstDataView(rawBson).read<LittleEndian<uint32_t>>();
for (auto& [name, accessor] : _fieldAccessors) {
accessor->reset();
}
while (*be != 0) {
auto sv = bson::fieldNameView(be);
Reported by FlawFinder.
Line: 798
Column: 53
CWE codes:
120
20
auto fieldsToMatch = _fieldAccessors.size();
auto rawBson = nextRecord->data.data();
auto be = rawBson + 4;
auto end = rawBson + ConstDataView(rawBson).read<LittleEndian<uint32_t>>();
for (auto& [name, accessor] : _fieldAccessors) {
accessor->reset();
}
while (*be != 0) {
auto sv = bson::fieldNameView(be);
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/vm/TypedArrayObject-inl.h
4 issues
Line: 169
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
template<typename T>
static void memcpy(SharedMem<T*> dest, SharedMem<T*> src, size_t size) {
js::jit::AtomicOperations::memcpySafeWhenRacy(dest, src, size);
}
template<typename T>
static void memmove(SharedMem<T*> dest, SharedMem<T*> src, size_t size) {
Reported by FlawFinder.
Line: 207
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
template<typename T>
static void memcpy(SharedMem<T*> dest, SharedMem<T*> src, size_t size) {
::memcpy(dest.unwrapUnshared(), src.unwrapUnshared(), size);
}
template<typename T>
static void memmove(SharedMem<T*> dest, SharedMem<T*> src, size_t size) {
Reported by FlawFinder.
Line: 208
Column: 11
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
template<typename T>
static void memcpy(SharedMem<T*> dest, SharedMem<T*> src, size_t size) {
::memcpy(dest.unwrapUnshared(), src.unwrapUnshared(), size);
}
template<typename T>
static void memmove(SharedMem<T*> dest, SharedMem<T*> src, size_t size) {
::memmove(dest.unwrapUnshared(), src.unwrapUnshared(), size);
Reported by FlawFinder.
Line: 483
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void* data = target->zone()->template pod_malloc<uint8_t>(sourceByteLen);
if (!data)
return false;
Ops::memcpy(SharedMem<void*>::unshared(data),
source->viewDataEither(),
sourceByteLen);
switch (source->type()) {
case Scalar::Int8: {
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/vm/StringType.h
4 issues
Line: 1065
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
protected: /* to fool clang into not warning this is unused */
union {
char inlineStorageExtensionLatin1[INLINE_EXTENSION_CHARS_LATIN1];
char16_t inlineStorageExtensionTwoByte[INLINE_EXTENSION_CHARS_TWO_BYTE];
};
public:
template <js::AllowGC allowGC>
Reported by FlawFinder.
Line: 1212
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
class FatInlineAtom : public JSAtom
{
protected: // Silence Clang unused-field warning.
char inlineStorage_[sizeof(JSFatInlineString) - sizeof(JSString)];
HashNumber hash_;
uint32_t padding_; // Ensure the size is a multiple of gc::CellAlignBytes.
public:
HashNumber hash() const {
Reported by FlawFinder.
Line: 1485
Column: 43
CWE codes:
126
inline JSFlatString*
NewStringCopyZ(JSContext* cx, const char* s)
{
return NewStringCopyN<allowGC>(cx, s, strlen(s));
}
template <js::AllowGC allowGC>
extern JSFlatString*
NewStringCopyUTF8N(JSContext* cx, const JS::UTF8Chars utf8);
Reported by FlawFinder.
Line: 1496
Column: 72
CWE codes:
126
inline JSFlatString*
NewStringCopyUTF8Z(JSContext* cx, const JS::ConstUTF8CharsZ utf8)
{
return NewStringCopyUTF8N<allowGC>(cx, JS::UTF8Chars(utf8.c_str(), strlen(utf8.c_str())));
}
JSString*
NewMaybeExternalString(JSContext* cx, const char16_t* s, size_t n, const JSStringFinalizer* fin,
bool* allocatedExternal);
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/vm/SelfHosting.cpp
4 issues
Line: 2897
}
Rooted<ShapeVector> shapes(cx, ShapeVector(cx));
for (Shape::Range<NoGC> range(selfHostedObject->lastProperty()); !range.empty(); range.popFront()) {
Shape& shape = range.front();
if (shape.enumerable() && !shapes.append(&shape))
return false;
}
Reported by Cppcheck.
Line: 542
Column: 37
CWE codes:
126
ScopedJSFreePtr<char> str(DecompileArgument(cx, args[0].toInt32(), value));
if (!str)
return false;
JSAtom* atom = Atomize(cx, str, strlen(str));
if (!atom)
return false;
args.rval().setString(atom);
return true;
}
Reported by FlawFinder.
Line: 1735
Column: 46
CWE codes:
126
js::CallSelfHostedFunction(JSContext* cx, const char* name, HandleValue thisv,
const AnyInvokeArgs& args, MutableHandleValue rval)
{
RootedAtom funAtom(cx, Atomize(cx, name, strlen(name)));
if (!funAtom)
return false;
RootedPropertyName funName(cx, funAtom->asPropertyName());
return CallSelfHostedFunction(cx, funName, thisv, args, rval);
}
Reported by FlawFinder.
Line: 1860
Column: 26
CWE codes:
126
return false;
bool equals;
if (str->length() == strlen(locale)) {
JS::AutoCheckCannotGC nogc;
const Latin1Char* latin1Locale = reinterpret_cast<const Latin1Char*>(locale);
equals = str->hasLatin1Chars()
? EqualChars(str->latin1Chars(nogc), latin1Locale, str->length())
: EqualChars(str->twoByteChars(nogc), latin1Locale, str->length());
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/vm/BytecodeUtil.h
4 issues
Line: 153
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SET_UINT16(jsbytecode* pc, uint16_t i)
{
#if MOZ_LITTLE_ENDIAN
memcpy(pc + 1, &i, sizeof(i));
#else
pc[1] = UINT16_LO(i);
pc[2] = UINT16_HI(i);
#endif
}
Reported by FlawFinder.
Line: 174
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// Do a single 32-bit load (for opcode and operand), then shift off the
// opcode.
uint32_t result;
memcpy(&result, pc, 4);
return result >> 8;
#else
return unsigned((pc[3] << 16) | (pc[2] << 8) | pc[1]);
#endif
}
Reported by FlawFinder.
Line: 187
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MOZ_ASSERT(i < (1 << 24));
#if MOZ_LITTLE_ENDIAN
memcpy(pc + 1, &i, 3);
#else
pc[1] = jsbytecode(i);
pc[2] = jsbytecode(i >> 8);
pc[3] = jsbytecode(i >> 16);
#endif
Reported by FlawFinder.
Line: 220
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
SET_UINT32(jsbytecode* pc, uint32_t u)
{
#if MOZ_LITTLE_ENDIAN
memcpy(pc + 1, &u, sizeof(u));
#else
pc[1] = jsbytecode(u);
pc[2] = jsbytecode(u >> 8);
pc[3] = jsbytecode(u >> 16);
pc[4] = jsbytecode(u >> 24);
Reported by FlawFinder.