The following issues were found

src/third_party/wiredtiger/test/csuite/wt6185_modify_ts/main.c
4 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 48 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              } list[MAX_OPS];
static u_int lnext;

static char *tlist[MAX_OPS * 100]; /* List of traced operations. */
static u_int tnext;

static uint64_t ts; /* Current timestamp. */

static char keystr[100], modify_repl[256], tmp[4 * 1024];

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 53 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static uint64_t ts; /* Current timestamp. */

static char keystr[100], modify_repl[256], tmp[4 * 1024];
static uint64_t keyrecno;

static bool use_columns = false;

/*

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 184 Column: 12 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      entries[i].size = (size_t)mmrand(0, 10);
        trace("modify %d: off=%" WT_SIZET_FMT ", size=%" WT_SIZET_FMT ", data=\"%.*s\"", tag,
          entries[i].offset, entries[i].size, (int)entries[i].data.size,
          (char *)entries[i].data.data);
    }

    *nentriesp = (int)nentries;
}

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 318 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  WT_SESSION *session;
    u_int i, j;
    int ch;
    char path[1024], table_config[128], value[VALUE_SIZE];
    const char *home, *v;
    bool no_checkpoint, no_eviction;

    (void)testutil_set_progname(argv);
    custom_die = trace_die;

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/JitOptions.cpp
4 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 44 Column: 17 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              
template<typename T>
T overrideDefault(const char* param, T dflt) {
    char* str = getenv(param);
    if (!str)
        return dflt;
    if (IsBool<T>::value) {
        if (strcmp(str, "true") == 0 || strcmp(str, "yes") == 0)
            return true;

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 209 Column: 27 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                  // a function with the highest ionmonkey optimization level.
    // (i.e. OptimizationLevel_Normal)
    const char* forcedDefaultIonWarmUpThresholdEnv = "JIT_OPTION_forcedDefaultIonWarmUpThreshold";
    if (const char* env = getenv(forcedDefaultIonWarmUpThresholdEnv)) {
        Maybe<int> value = ParseInt(env);
        if (value.isSome())
            forcedDefaultIonWarmUpThreshold.emplace(value.ref());
        else
            Warn(forcedDefaultIonWarmUpThresholdEnv, env);

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 220 Column: 27 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                  // Same but for compiling small functions.
    const char* forcedDefaultIonSmallFunctionWarmUpThresholdEnv =
        "JIT_OPTION_forcedDefaultIonSmallFunctionWarmUpThreshold";
    if (const char* env = getenv(forcedDefaultIonSmallFunctionWarmUpThresholdEnv)) {
        Maybe<int> value = ParseInt(env);
        if (value.isSome())
            forcedDefaultIonSmallFunctionWarmUpThreshold.emplace(value.ref());
        else
            Warn(forcedDefaultIonSmallFunctionWarmUpThresholdEnv, env);

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 231 Column: 27 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                  // Force the used register allocator instead of letting the optimization
    // pass decide.
    const char* forcedRegisterAllocatorEnv = "JIT_OPTION_forcedRegisterAllocator";
    if (const char* env = getenv(forcedRegisterAllocatorEnv)) {
        forcedRegisterAllocator = LookupRegisterAllocator(env);
        if (!forcedRegisterAllocator.isSome())
            Warn(forcedRegisterAllocatorEnv, env);
    }

Reported by FlawFinder.

buildscripts/idl/idl/errors.py
4 issues
Attempted relative import beyond top-level package
Error

Line: 43 Column: 1 

              from yaml import nodes
import yaml

from . import common

# Public error Codes used by IDL Compiler.
# Used by tests cases to validate expected errors are thrown in negative tests.
# Error codes must be unique, validated  _assert_unique_error_messages on file load.
#

Reported by Pylint.

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Security

Line: 368
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html 

                  def get_bool(self, node):
        # type: (Union[yaml.nodes.MappingNode, yaml.nodes.ScalarNode, yaml.nodes.SequenceNode]) -> bool
        """Convert a scalar to a bool."""
        assert self.is_scalar_bool_node(node, "unknown")

        if node.value == "true":
            return True
        return False

Reported by Bandit.

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Security

Line: 377
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html 

                  def get_list(self, node):
        # type: (Union[yaml.nodes.MappingNode, yaml.nodes.ScalarNode, yaml.nodes.SequenceNode]) -> List[str]
        """Get a YAML scalar or sequence node as a list of strings."""
        assert self.is_scalar_sequence_or_scalar_node(node, "unknown")
        if node.id == "scalar":
            return [node.value]
        # Unzip the list of ScalarNode
        return [v.value for v in node.value]

Reported by Bandit.

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Security

Line: 770
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html 

                  def get_non_negative_int(self, node):
        # type: (Union[yaml.nodes.MappingNode, yaml.nodes.ScalarNode, yaml.nodes.SequenceNode]) -> int
        """Convert a scalar to an int."""
        assert self.is_scalar_non_negative_int_node(node, "unknown")

        return int(node.value)

    def add_duplicate_comparison_order_field_error(self, location, struct_name, comparison_order):
        # type: (common.SourceLocation, str, int) -> None

Reported by Bandit.

src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid128_exp10.c
4 issues
Shifting 32-bit value by 49 bits is undefined behaviour
Error

Line: 110 CWE codes: 758 

                      k2 = k>>1;  k -= k2;
		k2l = (BID_SINT64)k2;  kl = (BID_SINT64)k;

		res.w[BID_HIGH_128W] += (k2l<<49);  // first scaling

		tmp.w[BID_HIGH_128W] = 0x3040000000000000ull + (kl<<49);
		tmp.w[BID_LOW_128W] = 1;
		// second scaling will set flags and result correctly
		BIDECIMAL_CALL2 (bid128_mul, res, res, tmp);

Reported by Cppcheck.

Shifting 32-bit value by 49 bits is undefined behaviour
Error

Line: 112 CWE codes: 758 

              
		res.w[BID_HIGH_128W] += (k2l<<49);  // first scaling

		tmp.w[BID_HIGH_128W] = 0x3040000000000000ull + (kl<<49);
		tmp.w[BID_LOW_128W] = 1;
		// second scaling will set flags and result correctly
		BIDECIMAL_CALL2 (bid128_mul, res, res, tmp);

		BID_RETURN (res);

Reported by Cppcheck.

Shifting 32-bit value by 63 bits is undefined behaviour
Error

Line: 137 CWE codes: 758 

              
   kl = (BID_SINT64)k;
   // set correct sign of kl
   scorr = (BID_SINT64)sign_x;  scorr >>= 63;
   kl = scorr ^ (kl + scorr);
   res.w[BID_HIGH_128W] += (kl<<49);

   BID_RETURN (res);
}

Reported by Cppcheck.

Shifting 32-bit value by 49 bits is undefined behaviour
Error

Line: 139 CWE codes: 758 

                 // set correct sign of kl
   scorr = (BID_SINT64)sign_x;  scorr >>= 63;
   kl = scorr ^ (kl + scorr);
   res.w[BID_HIGH_128W] += (kl<<49);

   BID_RETURN (res);
}

Reported by Cppcheck.

src/third_party/wiredtiger/test/csuite/wt4117_checksum/main.c
4 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 75 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  check(crc32c, (uint32_t)0x48674bc7, len, "nul x4");

    len = strlen("123456789");
    memcpy(data, "123456789", len);
    crc32c = func(data, len);
    check(crc32c, (uint32_t)0xe3069283, len, "known string #1");

    len = strlen("The quick brown fox jumps over the lazy dog");
    memcpy(data, "The quick brown fox jumps over the lazy dog", len);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 80 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  check(crc32c, (uint32_t)0xe3069283, len, "known string #1");

    len = strlen("The quick brown fox jumps over the lazy dog");
    memcpy(data, "The quick brown fox jumps over the lazy dog", len);
    crc32c = func(data, len);
    check(crc32c, (uint32_t)0x22620404, len, "known string #2");

    free(data);
}

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 74 Column: 11 CWE codes: 126 

                  crc32c = func(data, len);
    check(crc32c, (uint32_t)0x48674bc7, len, "nul x4");

    len = strlen("123456789");
    memcpy(data, "123456789", len);
    crc32c = func(data, len);
    check(crc32c, (uint32_t)0xe3069283, len, "known string #1");

    len = strlen("The quick brown fox jumps over the lazy dog");

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 79 Column: 11 CWE codes: 126 

                  crc32c = func(data, len);
    check(crc32c, (uint32_t)0xe3069283, len, "known string #1");

    len = strlen("The quick brown fox jumps over the lazy dog");
    memcpy(data, "The quick brown fox jumps over the lazy dog", len);
    crc32c = func(data, len);
    check(crc32c, (uint32_t)0x22620404, len, "known string #2");

    free(data);

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/gc/Tracer.cpp
4 issues
There is an unknown macro here somewhere. Configuration is required. If JS_PUBLIC_API is a macro then please configure it.
Error

Line: 104 

              
/*** Public Tracing API **************************************************************************/

JS_PUBLIC_API(void)
JS::TraceChildren(JSTracer* trc, GCCellPtr thing)
{
    js::TraceChildren(trc, thing.asCell(), thing.kind());
}

Reported by Cppcheck.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 392 Column: 9 CWE codes: 126 

                      break;
    }

    n = strlen(name);
    if (n > bufsize - 1)
        n = bufsize - 1;
    js_memcpy(buf, name, n + 1);
    buf += n;
    bufsize -= n;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 435 Column: 71 CWE codes: 126 

              
            if (str->isLinear()) {
                const char* header = StringKindHeader(str);
                bool willFit = str->length() + strlen("<length > ") + strlen(header) +
                               CountDecimalDigits(str->length()) < bufsize;

                n = snprintf(buf, bufsize, "<%slength %zu%s> ",
                             header, str->length(),
                             willFit ? "" : " (truncated)");

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 435 Column: 48 CWE codes: 126 

              
            if (str->isLinear()) {
                const char* header = StringKindHeader(str);
                bool willFit = str->length() + strlen("<length > ") + strlen(header) +
                               CountDecimalDigits(str->length()) < bufsize;

                n = snprintf(buf, bufsize, "<%slength %zu%s> ",
                             header, str->length(),
                             willFit ? "" : " (truncated)");

Reported by FlawFinder.

src/third_party/wiredtiger/test/csuite/wt2695_checksum/main.c
4 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 92 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  check(sw, (uint32_t)0x48674bc7, len, "nul x4: software");

    len = strlen("123456789");
    memcpy(data, "123456789", len);
    hw = __wt_checksum(data, len);
    check(hw, (uint32_t)0xe3069283, len, "known string #1: hardware");
    sw = __wt_checksum_sw(data, len);
    check(sw, (uint32_t)0xe3069283, len, "known string #1: software");

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 99 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  check(sw, (uint32_t)0xe3069283, len, "known string #1: software");

    len = strlen("The quick brown fox jumps over the lazy dog");
    memcpy(data, "The quick brown fox jumps over the lazy dog", len);
    hw = __wt_checksum(data, len);
    check(hw, (uint32_t)0x22620404, len, "known string #2: hardware");
    sw = __wt_checksum_sw(data, len);
    check(sw, (uint32_t)0x22620404, len, "known string #2: software");

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 91 Column: 11 CWE codes: 126 

                  sw = __wt_checksum_sw(data, len);
    check(sw, (uint32_t)0x48674bc7, len, "nul x4: software");

    len = strlen("123456789");
    memcpy(data, "123456789", len);
    hw = __wt_checksum(data, len);
    check(hw, (uint32_t)0xe3069283, len, "known string #1: hardware");
    sw = __wt_checksum_sw(data, len);
    check(sw, (uint32_t)0xe3069283, len, "known string #1: software");

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 98 Column: 11 CWE codes: 126 

                  sw = __wt_checksum_sw(data, len);
    check(sw, (uint32_t)0xe3069283, len, "known string #1: software");

    len = strlen("The quick brown fox jumps over the lazy dog");
    memcpy(data, "The quick brown fox jumps over the lazy dog", len);
    hw = __wt_checksum(data, len);
    check(hw, (uint32_t)0x22620404, len, "known string #2: hardware");
    sw = __wt_checksum_sw(data, len);
    check(sw, (uint32_t)0x22620404, len, "known string #2: software");

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/frontend/Parser.cpp
4 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1071 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  anyChars.srcCoords.lineNumAndColumnIndex(openedPos, &line, &column);

    const size_t MaxWidth = sizeof("4294967295");
    char columnNumber[MaxWidth];
    SprintfLiteral(columnNumber, "%" PRIu32, column);
    char lineNumber[MaxWidth];
    SprintfLiteral(lineNumber, "%" PRIu32, line);

    if (!notes->addNoteASCII(pc->sc()->context,

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1073 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  const size_t MaxWidth = sizeof("4294967295");
    char columnNumber[MaxWidth];
    SprintfLiteral(columnNumber, "%" PRIu32, column);
    char lineNumber[MaxWidth];
    SprintfLiteral(lineNumber, "%" PRIu32, line);

    if (!notes->addNoteASCII(pc->sc()->context,
                             getFilename(), line, column,
                             GetErrorMessage, nullptr,

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1112 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  anyChars.srcCoords.lineNumAndColumnIndex(prevPos, &line, &column);

    const size_t MaxWidth = sizeof("4294967295");
    char columnNumber[MaxWidth];
    SprintfLiteral(columnNumber, "%" PRIu32, column);
    char lineNumber[MaxWidth];
    SprintfLiteral(lineNumber, "%" PRIu32, line);

    if (!notes->addNoteASCII(pc->sc()->context,

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1114 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  const size_t MaxWidth = sizeof("4294967295");
    char columnNumber[MaxWidth];
    SprintfLiteral(columnNumber, "%" PRIu32, column);
    char lineNumber[MaxWidth];
    SprintfLiteral(lineNumber, "%" PRIu32, line);

    if (!notes->addNoteASCII(pc->sc()->context,
                             getFilename(), line, column,
                             GetErrorMessage, nullptr,

Reported by FlawFinder.

src/third_party/wiredtiger/test/csuite/wt2592_join_schema/main.c
4 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 116 Column: 9 CWE codes: 134
Suggestion: Use a constant for the format specification 

                  while ((ret = join_cursor->next(join_cursor)) == 0) {
        testutil_check(join_cursor->get_key(join_cursor, &recno));
        testutil_check(join_cursor->get_value(join_cursor, &country, &year, &population));
        printf("ID %" PRIu64, recno);
        printf(
          ": country %s, year %" PRIu16 ", population %" PRIu64 "\n", country, year, population);
        count++;
    }
    testutil_assert(ret == WT_NOTFOUND);

Reported by FlawFinder.

printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 162 Column: 9 CWE codes: 134
Suggestion: Use a constant for the format specification 

                  while ((ret = join_cursor->next(join_cursor)) == 0) {
        testutil_check(join_cursor->get_key(join_cursor, &recno));
        testutil_check(join_cursor->get_value(join_cursor, &country, &year, &population));
        printf("ID %" PRIu64, recno);
        printf(
          ": country %s, year %" PRIu16 ", population %" PRIu64 "\n", country, year, population);
        count++;
    }
    testutil_assert(ret == WT_NOTFOUND);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 39 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
/* The C struct for the data we are storing in a WiredTiger table. */
typedef struct {
    char country[5];
    uint16_t year;
    uint64_t population;
} POP_RECORD;

static POP_RECORD pop_data[] = {{"AU", 1900, 4000000}, {"AU", 1950, 8267337},

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 58 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                    *year_cursor;
    WT_SESSION *session;
    const char *country, *tablename;
    char countryuri[256], joinuri[256], yearuri[256];
    uint64_t population, recno;
    uint16_t year;
    int count, ret;

    opts = &_opts;

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/ds/LifoAlloc.h
4 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 919 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      if (MOZ_UNLIKELY(!n))
            return nullptr;
        MOZ_ASSERT(!(oldSize & mozilla::tl::MulOverflowMask<sizeof(T)>::value));
        memcpy(n, p, Min(oldSize * sizeof(T), newSize * sizeof(T)));
        return n;
    }
    template <typename T>
    T* pod_malloc(size_t numElems) {
        return maybe_pod_malloc<T>(numElems);

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 835 Column: 12 CWE codes: 120 20 

              
        // Move the read position forward by the size of one T.
        template <typename T>
        T* read(size_t size = sizeof(T)) {
            return reinterpret_cast<T*>(read(size));
        }

        // Return a pointer to the item at the current position. This returns a
        // pointer to the inline storage, not a copy, and moves the read-head by

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 836 Column: 41 CWE codes: 120 20 

                      // Move the read position forward by the size of one T.
        template <typename T>
        T* read(size_t size = sizeof(T)) {
            return reinterpret_cast<T*>(read(size));
        }

        // Return a pointer to the item at the current position. This returns a
        // pointer to the inline storage, not a copy, and moves the read-head by
        // the requested |size|.

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 842 Column: 15 CWE codes: 120 20 

                      // Return a pointer to the item at the current position. This returns a
        // pointer to the inline storage, not a copy, and moves the read-head by
        // the requested |size|.
        void* read(size_t size) {
            return seekBaseAndAdvanceBy(size);
        }
    };
};

Reported by FlawFinder.