The following issues were found

src/third_party/wiredtiger/src/os_common/os_fhandle.c
3 issues
There is an unknown macro here somewhere. Configuration is required. If WT_TAILQ_SAFE_REMOVE_END is a macro then please configure it.
Error

Line: 484 

                  {
        WT_TRET(__handle_close(session, fh, false));
    }
    WT_TAILQ_SAFE_REMOVE_END
    return (ret);
}

/*
 * __wt_file_zero --

Reported by Cppcheck.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 60 Column: 35 CWE codes: 126 

                  conn = S2C(session);
    found = false;

    hash = __wt_hash_city64(name, strlen(name));
    bucket = hash & (conn->hash_size - 1);

    __wt_spin_lock(session, &conn->fh_lock);

    TAILQ_FOREACH (fh, &conn->fhhash[bucket], hashq)

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 94 Column: 35 CWE codes: 126 

                  conn = S2C(session);
    found = false;

    hash = __wt_hash_city64(name, strlen(name));
    bucket = hash & (conn->hash_size - 1);

    __wt_spin_lock(session, &conn->fh_lock);

    /*

Reported by FlawFinder.

src/third_party/unwind/dist/src/coredump/_UCD_access_mem.c
3 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 72 Column: 12 CWE codes: 120 20 

                    filename = phdr->backing_filename;
      fileofs = addr - phdr->p_vaddr;
      fd = phdr->backing_fd;
      goto read;
    }

  filename = ui->coredump_filename;
  fileofs = phdr->p_offset + (addr - phdr->p_vaddr);
  fd = ui->coredump_fd;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 78 Column: 2 CWE codes: 120 20 

                filename = ui->coredump_filename;
  fileofs = phdr->p_offset + (addr - phdr->p_vaddr);
  fd = ui->coredump_fd;
 read:
  if (lseek(fd, fileofs, SEEK_SET) != fileofs)
    goto read_error;
  if (read(fd, val, sizeof(*val)) != sizeof(*val))
    goto read_error;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 81 Column: 7 CWE codes: 120 20 

               read:
  if (lseek(fd, fileofs, SEEK_SET) != fileofs)
    goto read_error;
  if (read(fd, val, sizeof(*val)) != sizeof(*val))
    goto read_error;

  Debug(1, "0x%llx <- [addr:0x%llx fileofs:0x%llx]\n",
        (unsigned long long)(*val),
        (unsigned long long)addr,

Reported by FlawFinder.

src/third_party/unwind/dist/include/libunwind_i.h
3 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 286 Column: 7 CWE codes: 134
Suggestion: Use a constant for the format specification 

                    if (_n > 16)                                                      \
        _n = 16;                                                        \
      fprintf (stderr, "%*c>%s: ", _n, ' ', __FUNCTION__);              \
      fprintf (stderr, format);                                         \
    }                                                                   \
} while (0)
# define Dprintf(format...)         fprintf (stderr, format)
#else
# define Debug(level,format...)

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 289 Column: 37 CWE codes: 134
Suggestion: Use a constant for the format specification 

                    fprintf (stderr, format);                                         \
    }                                                                   \
} while (0)
# define Dprintf(format...)         fprintf (stderr, format)
#else
# define Debug(level,format...)
# define Dprintf(format...)
#endif

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 298 Column: 28 CWE codes: 126 

              static ALWAYS_INLINE int
print_error (const char *string)
{
  return write (2, string, strlen (string));
}

#define mi_init         UNWI_ARCH_OBJ(mi_init)

extern void mi_init (void);     /* machine-independent initializations */

Reported by FlawFinder.

src/third_party/unwind/dist/src/dwarf/Gparser.c
3 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 874 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      }
    }

  memcpy(c->loc, new_loc, sizeof(new_loc));

  c->cfa = cfa;
  /* DWARF spec says undefined return address location means end of stack. */
  if (DWARF_IS_NULL_LOC (c->loc[rs->ret_addr_column]))
    {

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 921 Column: 7 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                    /* update hint; no locking needed: single-word writes are atomic */
      unsigned short index = rs - cache->buckets;
      c->use_prev_instr = ! cache->links[index].signal_frame;
      memcpy (&sr->rs_current, rs, sizeof (*rs));
    }
  else
    {
      ret = fetch_proc_info (c, c->ip);
      int next_use_prev_instr = c->use_prev_instr;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 942 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	{
	  rs = rs_new (cache, c);
	  cache->links[rs - cache->buckets].hint = 0;
	  memcpy(rs, &sr->rs_current, sizeof(*rs));
	}
    }

  unsigned short index = -1;
  if (cache)

Reported by FlawFinder.

src/third_party/tomcrypt-1.18.2/src/hashes/sha1.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 250 Column: 16 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               #else
  static const struct {
      const char *msg;
      unsigned char hash[20];
  } tests[] = {
    { "abc",
      { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a,
        0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
        0x9c, 0xd0, 0xd8, 0x9d }

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 265 Column: 12 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                };

  int i;
  unsigned char tmp[20];
  hash_state md;

  for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0]));  i++) {
      sha1_init(&md);
      sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 270 Column: 70 CWE codes: 126 

              
  for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0]));  i++) {
      sha1_init(&md);
      sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
      sha1_done(&md, tmp);
      if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA1", i)) {
         return CRYPT_FAIL_TESTVECTOR;
      }
  }

Reported by FlawFinder.

src/third_party/timelib-2021.06/parse_iso_intervals.c
3 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 103 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              static char *timelib_string(Scanner *s)
{
	char *tmp = timelib_calloc(1, s->cur - s->tok + 1);
	memcpy(tmp, s->tok, s->cur - s->tok);

	return tmp;
}

static timelib_sll timelib_get_nr(const char **ptr, int max_length)

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 128 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	}
	end = *ptr;
	str = timelib_calloc(1, end - begin + 1);
	memcpy(str, begin, end - begin);
	tmp_nr = strtoll(str, NULL, 10);
	timelib_free(str);
	return tmp_nr;
}

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 972 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	/* init cursor */
	in.str = timelib_malloc((e - s) + YYMAXFILL);
	memset(in.str, 0, (e - s) + YYMAXFILL);
	memcpy(in.str, s, (e - s));
	in.lim = in.str + (e - s) + YYMAXFILL;
	in.cur = in.str;

	/* init value containers */
	in.begin = timelib_time_ctor();

Reported by FlawFinder.

src/third_party/timelib-2021.06/interval.c
3 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 152 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	timelib_time *t = timelib_time_clone(old_time);

	if (interval->have_weekday_relative || interval->have_special_relative) {
		memcpy(&t->relative, interval, sizeof(timelib_rel_time));
	} else {
		if (interval->invert) {
			bias = -1;
		}
		memset(&t->relative, 0, sizeof(timelib_rel_time));

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 215 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	t->sse_uptodate = 0;

	if (interval->have_weekday_relative || interval->have_special_relative) {
		memcpy(&t->relative, interval, sizeof(timelib_rel_time));

		timelib_update_ts(t, NULL);
	} else {
		if (interval->invert) {
			bias = -1;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 254 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	t->sse_uptodate = 0;

	if (interval->have_weekday_relative || interval->have_special_relative) {
		memcpy(&t->relative, interval, sizeof(timelib_rel_time));

		timelib_update_ts(t, NULL);
	} else {
		if (interval->invert) {
			bias = -1;

Reported by FlawFinder.

src/third_party/snappy-1.1.7/snappy-test.h
3 issues
fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 125 Column: 16 CWE codes: 362 

              
  DummyStatus GetContents(
      const std::string& filename, std::string* data, int unused) {
    FILE* fp = fopen(filename.c_str(), "rb");
    if (fp == NULL) {
      perror(filename.c_str());
      exit(1);
    }

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 133 Column: 7 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
    data->clear();
    while (!feof(fp)) {
      char buf[4096];
      size_t ret = fread(buf, 1, 4096, fp);
      if (ret == 0 && ferror(fp)) {
        perror("fread");
        exit(1);
      }

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 149 Column: 16 CWE codes: 362 

              
  inline DummyStatus SetContents(
      const std::string& filename, const std::string& str, int unused) {
    FILE* fp = fopen(filename.c_str(), "wb");
    if (fp == NULL) {
      perror(filename.c_str());
      exit(1);
    }

Reported by FlawFinder.

src/mongo/db/exec/sbe/values/write_value_to_stream_test.cpp
3 issues
syntax error
Error

Line: 85 

                  return makeNestedObject(depth - 1, oVal, topObj);
}

TEST(WriteValueToStream, ShortBSONBinDataTest) {
    auto bsonString =
        BSON("binData" << BSONBinData(kStringShort, strlen(kStringShort), BinDataGeneral));
    auto val = value::bitcastFrom<const char*>(bsonString["binData"].value());
    const std::pair<value::TypeTags, value::Value> value(value::TypeTags::bsonBinData, val);
    std::ostringstream oss;

Reported by Cppcheck.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 87 Column: 53 CWE codes: 126 

              
TEST(WriteValueToStream, ShortBSONBinDataTest) {
    auto bsonString =
        BSON("binData" << BSONBinData(kStringShort, strlen(kStringShort), BinDataGeneral));
    auto val = value::bitcastFrom<const char*>(bsonString["binData"].value());
    const std::pair<value::TypeTags, value::Value> value(value::TypeTags::bsonBinData, val);
    std::ostringstream oss;
    writeToStream(oss, value);
    auto expectedString =

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 99 Column: 52 CWE codes: 126 

              
TEST(WriteValueToStream, LongBSONBinDataTest) {
    auto bsonString =
        BSON("binData" << BSONBinData(kStringLong, strlen(kStringLong), BinDataGeneral));
    auto val = value::bitcastFrom<const char*>(bsonString["binData"].value());
    const std::pair<value::TypeTags, value::Value> value(value::TypeTags::bsonBinData, val);
    std::ostringstream oss;
    writeToStream(oss, value);
    auto expectedString =

Reported by FlawFinder.

src/third_party/tomcrypt-1.18.2/src/hashes/sha2/sha256.c
3 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 296 Column: 16 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               #else
  static const struct {
      const char *msg;
      unsigned char hash[32];
  } tests[] = {
    { "abc",
      { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea,
        0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23,
        0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 313 Column: 12 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                };

  int i;
  unsigned char tmp[32];
  hash_state md;

  for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
      sha256_init(&md);
      sha256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 318 Column: 72 CWE codes: 126 

              
  for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
      sha256_init(&md);
      sha256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
      sha256_done(&md, tmp);
      if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA256", i)) {
         return CRYPT_FAIL_TESTVECTOR;
      }
  }

Reported by FlawFinder.