The following issues were found
src/third_party/icu4c-57.1/source/common/ucnv_lmb.c
4 issues
Line: 235
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define ULMBCS_GRP_LAST 0x13 /* last LMBCS group that has a converter */
static const char * const OptGroupByteToCPName[ULMBCS_GRP_LAST + 1] = {
/* 0x0000 */ "lmb-excp", /* internal home for the LOTUS exceptions list */
/* 0x0001 */ "ibm-850",
/* 0x0002 */ "ibm-851",
/* 0x0003 */ "windows-1255",
/* 0x0004 */ "windows-1256",
Reported by FlawFinder.
Line: 1205
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* The non-optimizable oddballs where there is an explicit byte
* AND the second byte is not in the upper ascii range
*/
char bytes[2];
extraInfo = (UConverterDataLMBCS *) args->converter->extraInfo;
cnv = extraInfo->OptGrpConverter [ULMBCS_GRP_EXCEPT];
/* Lookup value must include opt group */
Reported by FlawFinder.
Line: 1256
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
_LMBCSToUnicodeWithOffsets(UConverterToUnicodeArgs* args,
UErrorCode* err)
{
char LMBCS [ULMBCS_CHARSIZE_MAX];
UChar uniChar; /* one output UNICODE char */
const char * saveSource; /* beginning of current code point */
const char * pStartLMBCS = args->source; /* beginning of whole string */
const char * errSource = NULL; /* pointer to actual input in case an error occurs */
int8_t savebytes = 0;
Reported by FlawFinder.
Line: 550
Column: 55
CWE codes:
126
if (*pTable->LocaleID == *LocaleID) /* Check only first char for speed */
{
/* First char matches - check whole name, for entry-length */
if (uprv_strncmp(pTable->LocaleID, LocaleID, strlen(pTable->LocaleID)) == 0)
return pTable->OptGroup;
}
else
if (*pTable->LocaleID > *LocaleID) /* Sorted alphabetically - exit */
break;
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/common/ucnv_bld.cpp
4 issues
Line: 206
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#if !U_CHARSET_IS_UTF8
/* This contains the resolved converter name. So no further alias lookup is needed again. */
static char gDefaultConverterNameBuffer[UCNV_MAX_CONVERTER_NAME_LENGTH + 1]; /* +1 for NULL */
static const char *gDefaultConverterName = NULL;
/*
If the default converter is an algorithmic converter, this is the cached value.
We don't cache a full UConverter and clone it because ucnv_clone doesn't have
Reported by FlawFinder.
Line: 381
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint32_t mid, start, limit;
uint32_t lastMid;
int result;
char strippedName[UCNV_MAX_CONVERTER_NAME_LENGTH];
/* Lower case and remove ignoreable characters. */
ucnv_io_stripForCompare(strippedName, realName);
/* do a binary search for the alias */
Reported by FlawFinder.
Line: 1009
Column: 37
CWE codes:
362
myUConverter->toUCallbackReason = UCNV_ILLEGAL; /* default reason to invoke (*fromCharErrorBehaviour) */
}
if(mySharedConverterData->impl->open != NULL) {
mySharedConverterData->impl->open(myUConverter, pArgs, err);
if(U_FAILURE(*err) && !pArgs->onlyTestIsLoadable) {
/* don't ucnv_close() if onlyTestIsLoadable because not fully initialized */
ucnv_close(myUConverter);
return NULL;
Reported by FlawFinder.
Line: 1010
Column: 38
CWE codes:
362
}
if(mySharedConverterData->impl->open != NULL) {
mySharedConverterData->impl->open(myUConverter, pArgs, err);
if(U_FAILURE(*err) && !pArgs->onlyTestIsLoadable) {
/* don't ucnv_close() if onlyTestIsLoadable because not fully initialized */
ucnv_close(myUConverter);
return NULL;
}
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/common/locid.cpp
4 issues
Line: 228
U_CFUNC const char *
locale_get_default(void)
{
U_NAMESPACE_USE
return Locale::getDefault().getName();
}
U_NAMESPACE_BEGIN
Reported by Cppcheck.
Line: 172
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
canonicalize = TRUE; // always canonicalize host ID
}
char localeNameBuf[512];
if (canonicalize) {
uloc_canonicalize(id, localeNameBuf, sizeof(localeNameBuf)-1, &status);
} else {
uloc_getName(id, localeNameBuf, sizeof(localeNameBuf)-1, &status);
Reported by FlawFinder.
Line: 496
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// without goto and without another function
do {
char *separator;
char *field[5] = {0};
int32_t fieldLen[5] = {0};
int32_t fieldIdx;
int32_t variantField;
int32_t length;
UErrorCode err;
Reported by FlawFinder.
Line: 1006
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
StringEnumeration *
Locale::createKeywords(UErrorCode &status) const
{
char keywords[256];
int32_t keywordCapacity = 256;
StringEnumeration *result = NULL;
const char* variantStart = uprv_strchr(fullName, '@');
const char* assignment = uprv_strchr(fullName, '=');
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/common/umapfile.c
4 issues
Line: 177
Column: 12
CWE codes:
362
length=mystat.st_size;
/* open the file */
fd=open(path, O_RDONLY);
if(fd==-1) {
return FALSE;
}
/* get a view of the mapping */
Reported by FlawFinder.
Line: 239
Column: 14
CWE codes:
362
UDataMemory_init(pData); /* Clear the output struct. */
/* open the input file */
file=fopen(path, "rb");
if(file==NULL) {
return FALSE;
}
/* get the file length */
Reported by FlawFinder.
Line: 363
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
U_CFUNC UBool uprv_mapFile(UDataMemory *pData, const char *path) {
const char *inBasename;
char *basename;
char pathBuffer[1024];
const DataHeader *pHeader;
dllhandle *handle;
void *val=0;
inBasename=uprv_strrchr(path, U_FILE_SEP_CHAR);
Reported by FlawFinder.
Line: 390
Column: 16
CWE codes:
362
length=mystat.st_size;
/* open the file */
fd=open(path, O_RDONLY);
if(fd==-1) {
return FALSE;
}
/* get a view of the mapping */
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/i18n/coll.cpp
4 issues
Line: 861
CollationLocaleListEnumeration::~CollationLocaleListEnumeration() {}
UOBJECT_DEFINE_RTTI_IMPLEMENTATION(CollationLocaleListEnumeration)
// -------------------------------------
StringEnumeration* U_EXPORT2
Reported by Cppcheck.
Line: 292
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{ "upper", UCOL_UPPER_FIRST }
};
static const char *collReorderCodes[UCOL_REORDER_CODE_LIMIT - UCOL_REORDER_CODE_FIRST] = {
"space", "punct", "symbol", "currency", "digit"
};
int32_t getReorderCode(const char *s) {
for (int32_t i = 0; i < UPRV_LENGTHOF(collReorderCodes); ++i) {
Reported by FlawFinder.
Line: 324
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// No keywords.
return;
}
char value[1024]; // The reordering value could be long.
// Check for collation keywords that were already deprecated
// before any were supported in createInstance() (except for "collation").
int32_t length = loc.getKeywordValue("colHiraganaQuaternary", value, UPRV_LENGTHOF(value), errorCode);
if (U_FAILURE(errorCode)) {
errorCode = U_ILLEGAL_ARGUMENT_ERROR;
Reported by FlawFinder.
Line: 906
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
Collator::getFunctionalEquivalent(const char* keyword, const Locale& locale,
UBool& isAvailable, UErrorCode& status) {
// This is a wrapper over ucol_getFunctionalEquivalent
char loc[ULOC_FULLNAME_CAPACITY];
/*int32_t len =*/ ucol_getFunctionalEquivalent(loc, sizeof(loc),
keyword, locale.getName(), &isAvailable, &status);
if (U_FAILURE(status)) {
*loc = 0; // root
}
Reported by FlawFinder.
src/third_party/gperftools/dist/src/windows/preamble_patcher_with_stub.cc
4 issues
Line: 189
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
stub_bytes += mov_bytes;
} else {
memcpy(reinterpret_cast<void*>(preamble_stub + stub_bytes),
reinterpret_cast<void*>(target + preamble_bytes), cur_bytes);
stub_bytes += cur_bytes;
}
} else {
SIDESTEP_ASSERT(false &&
Reported by FlawFinder.
Line: 232
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// jmp (Jump near, relative, displacement relative to next instruction)
preamble_stub[stub_bytes] = ASM_JMP32REL;
// copy the address
memcpy(reinterpret_cast<void*>(preamble_stub + stub_bytes + 1),
reinterpret_cast<void*>(&relative_offset_to_target_rest), 4);
if (kIs64BitBinary && required_trampoline_bytes != 0) {
// Construct the trampoline
unsigned int trampoline_pos = stub_bytes + kRequiredStubJumpBytes;
Reported by FlawFinder.
Line: 241
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
preamble_stub[trampoline_pos] = ASM_NOP;
preamble_stub[trampoline_pos + 1] = ASM_REXW;
preamble_stub[trampoline_pos + 2] = ASM_MOVRAX_IMM;
memcpy(reinterpret_cast<void*>(preamble_stub + trampoline_pos + 3),
reinterpret_cast<void*>(&replacement_function),
sizeof(void *));
preamble_stub[trampoline_pos + 11] = ASM_JMP;
preamble_stub[trampoline_pos + 12] = ASM_JMP_RAX;
Reported by FlawFinder.
Line: 272
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#pragma warning(pop)
#endif
// complete the jmp instruction
memcpy(reinterpret_cast<void*>(target + 1),
reinterpret_cast<void*>(&offset_to_replacement_function), 4);
// Set any remaining bytes that were moved to the preamble-stub to INT3 so
// as not to cause confusion (otherwise you might see some strange
// instructions if you look at the disassembly, or even invalid
Reported by FlawFinder.
src/third_party/gperftools/dist/src/windows/addr2line-pdb.c
4 issues
Line: 117
Column: 5
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
SymCleanup(process);
return 1;
}
strcat(search, ";" WEBSYM);
} else {
error = GetLastError();
fprintf(stderr, "SymGetSearchPath returned error : %lu\n", error);
rv = 1; /* An error, but not a fatal one */
strcpy(search, WEBSYM); /* Use a default value */
Reported by FlawFinder.
Line: 122
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
error = GetLastError();
fprintf(stderr, "SymGetSearchPath returned error : %lu\n", error);
rv = 1; /* An error, but not a fatal one */
strcpy(search, WEBSYM); /* Use a default value */
}
if (!SymSetSearchPath(process, search)) {
error = GetLastError();
fprintf(stderr, "SymSetSearchPath returned error : %lu\n", error);
rv = 1; /* An error, but not a fatal one */
Reported by FlawFinder.
Line: 72
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ULONG64 module_base;
int i;
char* search;
char buf[256]; /* Enough to hold one hex address, I trust! */
int rv = 0;
/* We may add SYMOPT_UNDNAME if --demangle is specified: */
DWORD symopts = SYMOPT_DEFERRED_LOADS | SYMOPT_DEBUG | SYMOPT_LOAD_LINES;
char* filename = "a.out"; /* The default if -e isn't specified */
int print_function_name = 0; /* Set to 1 if -f is specified */
Reported by FlawFinder.
Line: 112
Column: 9
CWE codes:
126
search = malloc(SEARCH_CAP);
if (SymGetSearchPath(process, search, SEARCH_CAP)) {
if (strlen(search) + sizeof(";" WEBSYM) > SEARCH_CAP) {
fprintf(stderr, "Search path too long\n");
SymCleanup(process);
return 1;
}
strcat(search, ";" WEBSYM);
Reported by FlawFinder.
src/third_party/gperftools/dist/src/tests/raw_printer_test.cc
4 issues
Line: 19
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define RUN_TEST(a, b) TEST_##a##_##b()
TEST(RawPrinter, Empty) {
char buffer[1];
base::RawPrinter printer(buffer, arraysize(buffer));
CHECK_EQ(0, printer.length());
CHECK_EQ(string(""), buffer);
CHECK_EQ(0, printer.space_left());
printer.Printf("foo");
Reported by FlawFinder.
Line: 31
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
TEST(RawPrinter, PartiallyFilled) {
char buffer[100];
base::RawPrinter printer(buffer, arraysize(buffer));
printer.Printf("%s %s", "hello", "world");
CHECK_EQ(string("hello world"), string(buffer));
CHECK_EQ(11, printer.length());
CHECK_LT(0, printer.space_left());
Reported by FlawFinder.
Line: 40
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
TEST(RawPrinter, Truncated) {
char buffer[3];
base::RawPrinter printer(buffer, arraysize(buffer));
printer.Printf("%d", 12345678);
CHECK_EQ(string("12"), string(buffer));
CHECK_EQ(2, printer.length());
CHECK_EQ(0, printer.space_left());
Reported by FlawFinder.
Line: 49
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
TEST(RawPrinter, ExactlyFilled) {
char buffer[12];
base::RawPrinter printer(buffer, arraysize(buffer));
printer.Printf("%s %s", "hello", "world");
CHECK_EQ(string("hello world"), string(buffer));
CHECK_EQ(11, printer.length());
CHECK_EQ(0, printer.space_left());
Reported by FlawFinder.
src/third_party/gperftools/dist/src/tests/profiledata_unittest.cc
4 issues
Line: 120
Column: 26
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
class ProfileDataChecker {
public:
ProfileDataChecker() {
const char* tmpdir = getenv("TMPDIR");
if (tmpdir == NULL)
tmpdir = "/tmp";
mkdir(tmpdir, 0755); // if necessary
filename_ = string(tmpdir) + "/profiledata_unittest.tmp";
}
Reported by FlawFinder.
Line: 166
Column: 21
CWE codes:
362
string ProfileDataChecker::CheckWithSkips(const ProfileDataSlot* slots,
int num_slots, const int* skips,
int num_skips) {
FileDescriptor fd(open(filename_.c_str(), O_RDONLY));
if (fd.get() < 0)
return "file open error";
scoped_array<ProfileDataSlot> filedata(new ProfileDataSlot[num_slots]);
size_t expected_bytes = num_slots * sizeof filedata[0];
Reported by FlawFinder.
Line: 189
Column: 21
CWE codes:
362
}
string ProfileDataChecker::ValidateProfile() {
FileDescriptor fd(open(filename_.c_str(), O_RDONLY));
if (fd.get() < 0)
return "file open error";
struct stat statbuf;
if (fstat(fd.get(), &statbuf) != 0)
Reported by FlawFinder.
Line: 81
Column: 19
CWE codes:
120
20
ssize_t num_bytes = 0;
while (num_bytes < count) {
ssize_t len;
NO_INTR(len = read(fd, buf0 + num_bytes, count - num_bytes));
if (len < 0) { // There was an error other than EINTR.
return -1;
}
if (len == 0) { // Reached EOF.
break;
Reported by FlawFinder.
src/third_party/gperftools/dist/src/tests/heap-profiler_unittest.cc
4 issues
Line: 159
Column: 16
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
printf("FORK failed!\n");
return 1;
case 0: // child
return execl(argv[0], argv[0], NULL); // run child with no args
default:
wait(NULL); // we'll let the kids run one at a time
}
}
Reported by FlawFinder.
Line: 89
Column: 26
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
// If you run this with whole-program heap-profiling on, than
// IsHeapProfilerRunning should return true.
if (!IsHeapProfilerRunning()) {
const char* tmpdir = getenv("TMPDIR");
if (tmpdir == NULL)
tmpdir = "/tmp";
mkdir(tmpdir, 0755); // if necessary
HeapProfilerStart((string(tmpdir) + "/start_stop").c_str());
CHECK(IsHeapProfilerRunning());
Reported by FlawFinder.
Line: 108
Column: 26
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
// If you run this with whole-program heap-profiling on, than
// IsHeapProfilerRunning should return true.
if (!IsHeapProfilerRunning()) {
const char* tmpdir = getenv("TMPDIR");
if (tmpdir == NULL)
tmpdir = "/tmp";
mkdir(tmpdir, 0755); // if necessary
HeapProfilerStart((string(tmpdir) + "/dump").c_str());
CHECK(IsHeapProfilerRunning());
Reported by FlawFinder.
Line: 132
Column: 17
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
int num_forks = 0;
if (argc == 2) {
num_forks = atoi(argv[1]);
}
TestHeapProfilerStartStopIsRunning();
TestDumpHeapProfiler();
Reported by FlawFinder.