The following issues were found
src/third_party/s2/base/stringprintf.cc
3 issues
Line: 20
Column: 16
CWE codes:
134
Suggestion:
Use a constant for the format specification
// of the structure before using it and use that copy instead.
va_list backup_ap;
va_copy(backup_ap, ap);
int result = vsnprintf(space, sizeof(space), format, backup_ap);
va_end(backup_ap);
if ((result >= 0) && ((size_t)result < sizeof(space))) {
// It fit
dst->append(space, result);
Reported by FlawFinder.
Line: 43
Column: 14
CWE codes:
134
Suggestion:
Use a constant for the format specification
// Restore the va_list before we use it again
va_copy(backup_ap, ap);
result = vsnprintf(buf, length, format, backup_ap);
va_end(backup_ap);
if ((result >= 0) && ((size_t)result < length)) {
// It fit
dst->append(buf, result);
Reported by FlawFinder.
Line: 13
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void StringAppendV(string* dst, const char* format, va_list ap) {
// First try with a small fixed size buffer
char space[1024];
// It's possible for methods that use a va_list to invalidate
// the data in it upon use. The fix is to make a copy
// of the structure before using it and use that copy instead.
va_list backup_ap;
Reported by FlawFinder.
buildscripts/linter/pydocstyle.py
3 issues
Line: 5
Column: 1
from typing import List
from . import base
class PyDocstyleLinter(base.LinterBase):
"""PyDocStyle linter."""
Reported by Pylint.
Line: 16
Column: 5
"""Create a pydocstyle linter."""
super(PyDocstyleLinter, self).__init__("pydocstyle", "2.1.1")
def get_lint_version_cmd_args(self):
# type: () -> List[str]
"""Get the command to run a linter version check."""
return ["--version"]
def get_lint_cmd_args(self, file_name):
Reported by Pylint.
Line: 21
Column: 5
"""Get the command to run a linter version check."""
return ["--version"]
def get_lint_cmd_args(self, file_name):
# type: (str) -> List[str]
"""Get the command to run a linter."""
return [file_name]
Reported by Pylint.
src/third_party/mozjs-60/include/mozilla/StackWalk.h
3 issues
Line: 89
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* address and the address's offset within that library, or empty
* string and zero if unknown.
*/
char library[256];
ptrdiff_t loffset;
/*
* The name of the file name and line number of the code
* corresponding to the address, or empty string and zero if
* unknown.
Reported by FlawFinder.
Line: 96
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* corresponding to the address, or empty string and zero if
* unknown.
*/
char filename[256];
unsigned long lineno;
/*
* The name of the function containing an address and the address's
* offset within that function, or empty string and zero if unknown.
*/
Reported by FlawFinder.
Line: 102
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* The name of the function containing an address and the address's
* offset within that function, or empty string and zero if unknown.
*/
char function[256];
ptrdiff_t foffset;
} MozCodeAddressDetails;
/**
* For a given pointer to code, fill in the pieces of information used
Reported by FlawFinder.
src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid32_div.c
3 issues
Line: 270
CWE codes:
758
if(nzeros) {
CT = ((BID_UINT64)Q) * bid_bid_reciprocals10_32[nzeros];
CT >>= 32;
// now get P/10^extra_digits: shift C64 right by M[extra_digits]-128
amount = bid_bid_bid_recip_scale32[nzeros];
Q = (BID_UINT32)(CT >> amount);
Reported by Cppcheck.
Line: 284
CWE codes:
758
// decompose digit
PD = (BID_UINT64) Q *0x068DB8BBull;
digit_h = (BID_UINT32) (PD >> 40);
digit_low = Q - digit_h * 10000;
if (!digit_low)
nzeros += 4;
else
Reported by Cppcheck.
Line: 300
CWE codes:
758
if (nzeros) {
CT = (BID_UINT64)Q * bid_bid_reciprocals10_32[nzeros];
CT >>=32;
// now get P/10^extra_digits: shift C64 right by M[extra_digits]-128
amount = bid_bid_bid_recip_scale32[nzeros];
Q = (BID_UINT32)(CT >> amount);
}
Reported by Cppcheck.
src/third_party/mozjs-60/include/mozilla/JSONWriter.h
3 issues
Line: 119
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Ideally this would be within |EscapedString| but when compiling with GCC
// on Linux that caused link errors, whereas this formulation didn't.
namespace detail {
extern MFBT_DATA const char gTwoCharEscapes[256];
} // namespace detail
class JSONWriter
{
// From http://www.ietf.org/rfc/rfc4627.txt:
Reported by FlawFinder.
Line: 391
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Prints: "<aName>": <aInt>
void IntProperty(const char* aName, int64_t aInt)
{
char buf[64];
SprintfLiteral(buf, "%" PRId64, aInt);
Scalar(aName, buf);
}
// Prints: <aInt>
Reported by FlawFinder.
Line: 403
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void DoubleProperty(const char* aName, double aDouble)
{
static const size_t buflen = 64;
char buf[buflen];
const double_conversion::DoubleToStringConverter &converter =
double_conversion::DoubleToStringConverter::EcmaScriptConverter();
double_conversion::StringBuilder builder(buf, buflen);
converter.ToShortest(aDouble, &builder);
Scalar(aName, builder.Finalize());
Reported by FlawFinder.
src/third_party/pcre-8.42/pcre_exec.c
3 issues
Line: 1793
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(int *)(PUBL(malloc))(new_recursive.saved_max * sizeof(int));
if (new_recursive.offset_save == NULL) RRETURN(PCRE_ERROR_NOMEMORY);
}
memcpy(new_recursive.offset_save, md->offset_vector,
new_recursive.saved_max * sizeof(int));
/* OK, now we can do the recursion. After processing each alternative,
restore the offset data and the last captured value. If there were nested
recursions, md->recursive might be changed, so reset it before looping.
Reported by FlawFinder.
Line: 1808
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (cbegroup) md->match_function_type = MATCH_CBEGROUP;
RMATCH(eptr, callpat + PRIV(OP_lengths)[*callpat], offset_top,
md, eptrb, RM6);
memcpy(md->offset_vector, new_recursive.offset_save,
new_recursive.saved_max * sizeof(int));
md->capture_last = new_recursive.saved_capture_last;
md->recursive = new_recursive.prevrec;
if (rrc == MATCH_MATCH || rrc == MATCH_ACCEPT)
{
Reported by FlawFinder.
Line: 7063
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
if (arg_offset_max >= 4)
{
memcpy(offsets + 2, md->offset_vector + 2,
(arg_offset_max - 2) * sizeof(int));
DPRINTF(("Copied offsets from temporary memory\n"));
}
if (md->end_offset_top > arg_offset_max) md->capture_last |= OVFLBIT;
DPRINTF(("Freeing temporary memory\n"));
Reported by FlawFinder.
src/third_party/mozjs-60/include/StackWalk.h
3 issues
Line: 89
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* address and the address's offset within that library, or empty
* string and zero if unknown.
*/
char library[256];
ptrdiff_t loffset;
/*
* The name of the file name and line number of the code
* corresponding to the address, or empty string and zero if
* unknown.
Reported by FlawFinder.
Line: 96
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* corresponding to the address, or empty string and zero if
* unknown.
*/
char filename[256];
unsigned long lineno;
/*
* The name of the function containing an address and the address's
* offset within that function, or empty string and zero if unknown.
*/
Reported by FlawFinder.
Line: 102
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* The name of the function containing an address and the address's
* offset within that function, or empty string and zero if unknown.
*/
char function[256];
ptrdiff_t foffset;
} MozCodeAddressDetails;
/**
* For a given pointer to code, fill in the pieces of information used
Reported by FlawFinder.
buildscripts/linter/mypy.py
3 issues
Line: 6
Column: 1
import os
from typing import List
from . import base
MYPY_CONFIG_FILE = ".mypy.ini"
class MypyLinter(base.LinterBase):
Reported by Pylint.
Line: 21
Column: 5
super(MypyLinter, self).__init__("mypy", "0.580", os.getenv("MYPY"))
def get_lint_version_cmd_args(self):
# type: () -> List[str]
"""Get the command to run a linter version check."""
return ["--version"]
def get_lint_cmd_args(self, file_name):
Reported by Pylint.
Line: 26
Column: 5
"""Get the command to run a linter version check."""
return ["--version"]
def get_lint_cmd_args(self, file_name):
# type: (str) -> List[str]
"""Get the command to run a linter."""
args = ["--config-file", MYPY_CONFIG_FILE]
# Only idl and linter should be type checked by mypy. Other
# files return errors under python 3 type checking. If we
Reported by Pylint.
src/third_party/mozjs-60/extract/mozglue/misc/TimeStamp_posix.cpp
3 issues
Line: 217
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static uint64_t
JiffiesSinceBoot(const char* aFile)
{
char stat[512];
FILE* f = fopen(aFile, "r");
if (!f) {
return 0;
}
Reported by FlawFinder.
Line: 219
Column: 13
CWE codes:
362
{
char stat[512];
FILE* f = fopen(aFile, "r");
if (!f) {
return 0;
}
int n = fread(&stat, 1, sizeof(stat) - 1, f);
Reported by FlawFinder.
Line: 271
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return nullptr;
}
char threadStat[40];
SprintfLiteral(threadStat, "/proc/self/task/%d/stat", (pid_t)syscall(__NR_gettid));
uint64_t threadJiffies = JiffiesSinceBoot(threadStat);
uint64_t selfJiffies = JiffiesSinceBoot("/proc/self/stat");
Reported by FlawFinder.
src/third_party/mozjs-60/include/js/StructuredClone.h
3 issues
Line: 456
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (size > 0) {
size_t remaining = iter.RemainingInSegment();
size_t nbytes = std::min(remaining, size);
memcpy(iter.Data(), data, nbytes);
data += nbytes;
size -= nbytes;
iter.Advance(bufList_, nbytes);
}
return true;
Reported by FlawFinder.
Line: 317
Column: 27
CWE codes:
120
20
void* content, uint64_t extraData, void* closure);
struct JSStructuredCloneCallbacks {
ReadStructuredCloneOp read;
WriteStructuredCloneOp write;
StructuredCloneErrorOp reportError;
ReadTransferStructuredCloneOp readTransfer;
TransferStructuredCloneOp writeTransfer;
FreeTransferStructuredCloneOp freeTransfer;
Reported by FlawFinder.
Line: 606
Column: 10
CWE codes:
120
20
*/
void abandon() { data_.ownTransferables_ = OwnTransferablePolicy::IgnoreTransferablesIfAny; }
bool read(JSContext* cx, JS::MutableHandleValue vp,
const JSStructuredCloneCallbacks* optionalCallbacks=nullptr, void* closure=nullptr);
bool write(JSContext* cx, JS::HandleValue v,
const JSStructuredCloneCallbacks* optionalCallbacks=nullptr, void* closure=nullptr);
Reported by FlawFinder.