The following issues were found
src/third_party/mozjs-60/extract/mozglue/misc/TimeStamp_posix.cpp
3 issues
Line: 217
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static uint64_t
JiffiesSinceBoot(const char* aFile)
{
char stat[512];
FILE* f = fopen(aFile, "r");
if (!f) {
return 0;
}
Reported by FlawFinder.
Line: 219
Column: 13
CWE codes:
362
{
char stat[512];
FILE* f = fopen(aFile, "r");
if (!f) {
return 0;
}
int n = fread(&stat, 1, sizeof(stat) - 1, f);
Reported by FlawFinder.
Line: 271
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return nullptr;
}
char threadStat[40];
SprintfLiteral(threadStat, "/proc/self/task/%d/stat", (pid_t)syscall(__NR_gettid));
uint64_t threadJiffies = JiffiesSinceBoot(threadStat);
uint64_t selfJiffies = JiffiesSinceBoot("/proc/self/stat");
Reported by FlawFinder.
src/third_party/mozjs-60/extract/mfbt/SHA1.cpp
3 issues
Line: 106
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (aLen < togo) {
togo = aLen;
}
memcpy(mU.mB + lenB, data, togo);
aLen -= togo;
data += togo;
lenB = (lenB + togo) & 63U;
if (!lenB) {
shaCompress(&mH[H2X], mU.mW);
Reported by FlawFinder.
Line: 122
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (aLen > 0) {
memcpy(mU.mB, data, aLen);
}
}
/*
Reported by FlawFinder.
Line: 159
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
mU.mW[2] = NativeEndian::swapToBigEndian(mH[2]);
mU.mW[3] = NativeEndian::swapToBigEndian(mH[3]);
mU.mW[4] = NativeEndian::swapToBigEndian(mH[4]);
memcpy(aHashOut, mU.mW, 20);
mDone = true;
}
/*
* SHA: Compression function, unrolled.
Reported by FlawFinder.
src/third_party/mozjs-60/extract/mfbt/JSONWriter.h
3 issues
Line: 119
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Ideally this would be within |EscapedString| but when compiling with GCC
// on Linux that caused link errors, whereas this formulation didn't.
namespace detail {
extern MFBT_DATA const char gTwoCharEscapes[256];
} // namespace detail
class JSONWriter
{
// From http://www.ietf.org/rfc/rfc4627.txt:
Reported by FlawFinder.
Line: 391
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Prints: "<aName>": <aInt>
void IntProperty(const char* aName, int64_t aInt)
{
char buf[64];
SprintfLiteral(buf, "%" PRId64, aInt);
Scalar(aName, buf);
}
// Prints: <aInt>
Reported by FlawFinder.
Line: 403
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void DoubleProperty(const char* aName, double aDouble)
{
static const size_t buflen = 64;
char buf[buflen];
const double_conversion::DoubleToStringConverter &converter =
double_conversion::DoubleToStringConverter::EcmaScriptConverter();
double_conversion::StringBuilder builder(buf, buflen);
converter.ToShortest(aDouble, &builder);
Scalar(aName, builder.Finalize());
Reported by FlawFinder.
src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid128_fmod.c
3 issues
Line: 100
CWE codes:
758
&& ((y.w[1] & NAN_MASK64) != INFINITY_MASK64))
exponent_x = exponent_y;
res.w[1] = sign_x | (((BID_UINT64) exponent_x) << 49);
res.w[0] = 0;
BID_RETURN (res);
}
}
if (!valid_y) {
Reported by Cppcheck.
Line: 147
CWE codes:
758
}
// set exponent of y to exponent_x, scale coefficient_y
T = bid_power10_table_128[diff_expon];
__mul_128x128_to_256 (P256, CY, T);
if (P256.w[2] || P256.w[3]) {
// |x|<|y| in this case
res = x;
BID_RETURN (res);
Reported by Cppcheck.
Line: 195
CWE codes:
758
}
T = bid_power10_table_128[scale];
__mul_128x128_low (CXS, CX, T);
bid___div_128_by_128 (&CQ, &CX, CXS, CY);
// check for remainder == 0
if (!CX.w[1] && !CX.w[0]) {
Reported by Cppcheck.
src/third_party/mozjs-60/extract/js/src/wasm/WasmTextToBinary.cpp
3 issues
Line: 616
CWE codes:
476
{}
void generateError(WasmToken token, UniqueChars* error) {
unsigned column = token.begin() - lineStart_ + 1;
*error = JS_smprintf("parsing wasm text at %u:%u", line_, column);
}
void generateError(WasmToken token, const char* msg, UniqueChars* error) {
unsigned column = token.begin() - lineStart_ + 1;
*error = JS_smprintf("parsing wasm text at %u:%u: %s", line_, column, msg);
}
Reported by Cppcheck.
Line: 616
CWE codes:
476
{}
void generateError(WasmToken token, UniqueChars* error) {
unsigned column = token.begin() - lineStart_ + 1;
*error = JS_smprintf("parsing wasm text at %u:%u", line_, column);
}
void generateError(WasmToken token, const char* msg, UniqueChars* error) {
unsigned column = token.begin() - lineStart_ + 1;
*error = JS_smprintf("parsing wasm text at %u:%u: %s", line_, column, msg);
}
Reported by Cppcheck.
Line: 5078
Column: 45
CWE codes:
126
{
TwoByteChars range(wasmName.begin(), wasmName.length());
UniqueChars utf8(JS::CharsToNewUTF8CharsZ(nullptr, range).c_str());
return utf8 && e.writeBytes(utf8.get(), strlen(utf8.get()));
}
static bool
EncodeLimits(Encoder& e, const Limits& limits)
{
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/wasm/WasmTypes.cpp
3 issues
Line: 60
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
switch (type_) {
case ValType::I32:
case ValType::F32:
memcpy(dst, &u.i32_, sizeof(u.i32_));
return;
case ValType::I64:
case ValType::F64:
memcpy(dst, &u.i64_, sizeof(u.i64_));
return;
Reported by FlawFinder.
Line: 64
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
case ValType::I64:
case ValType::F64:
memcpy(dst, &u.i64_, sizeof(u.i64_));
return;
case ValType::I8x16:
case ValType::I16x8:
case ValType::I32x4:
case ValType::F32x4:
Reported by FlawFinder.
Line: 73
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
case ValType::B8x16:
case ValType::B16x8:
case ValType::B32x4:
memcpy(dst, &u, jit::Simd128DataSize);
return;
}
}
bool
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/wasm/WasmCompile.cpp
3 issues
Line: 540
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint8_t* p = bytecode->bytes.begin();
memcpy(p, env.begin(), env.length());
p += env.length();
memcpy(p, code.begin(), code.length());
p += code.length();
Reported by FlawFinder.
Line: 543
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(p, env.begin(), env.length());
p += env.length();
memcpy(p, code.begin(), code.length());
p += code.length();
memcpy(p, tail.begin(), tail.length());
p += tail.length();
Reported by FlawFinder.
Line: 546
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(p, code.begin(), code.length());
p += code.length();
memcpy(p, tail.begin(), tail.length());
p += tail.length();
MOZ_ASSERT(p == bytecode->end());
return bytecode;
Reported by FlawFinder.
src/third_party/IntelRDFPMathLib20U1/LIBRARY/float128/dpml_ux.h
3 issues
Line: 766
# define PRINT_UX_TBL_ADEF_ITEM(name, val) \
PRINT_UX_TBL_ADEF(name); PRINT_UX_TBL_ITEM(val)
@divert divertText
function print_ux_fraction_digits(value)
{
auto hi, i;
Reported by Cppcheck.
Line: 783
Column: 17
CWE codes:
134
Suggestion:
Use a constant for the format specification
value = bldexp(value, BITS_PER_UX_FRACTION_DIGIT_TYPE);
hi = trunc(value);
if (hi)
printf( DIGIT_FORMAT, hi);
else
printf( ZERO_FORMAT );
value -= hi;
}
printf("\n");
Reported by FlawFinder.
Line: 785
Column: 17
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (hi)
printf( DIGIT_FORMAT, hi);
else
printf( ZERO_FORMAT );
value -= hi;
}
printf("\n");
return value;
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/vm/StringType.cpp
3 issues
Line: 1968
template JSString*
js::ToStringSlow<NoGC>(JSContext* cx, const Value& arg);
JS_PUBLIC_API(JSString*)
js::ToStringSlow(JSContext* cx, HandleValue v)
{
return ToStringSlow<CanGC>(cx, v);
}
Reported by Cppcheck.
Line: 906
Column: 21
CWE codes:
126
bool
js::StringEqualsAscii(JSLinearString* str, const char* asciiBytes)
{
size_t length = strlen(asciiBytes);
#ifdef DEBUG
for (size_t i = 0; i != length; ++i)
MOZ_ASSERT(unsigned(asciiBytes[i]) <= 127);
#endif
if (length != str->length())
Reported by FlawFinder.
Line: 1562
Column: 72
CWE codes:
126
JSFlatString*
NewLatin1StringZ(JSContext* cx, UniqueChars chars)
{
JSFlatString* str = NewString<CanGC>(cx, (Latin1Char*)chars.get(), strlen(chars.get()));
if (!str)
return nullptr;
mozilla::Unused << chars.release();
return str;
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/vm/MemoryMetrics.cpp
3 issues
Line: 41
namespace js {
JS_FRIEND_API(size_t)
MemoryReportingSundriesThreshold()
{
return 8 * 1024;
}
Reported by Cppcheck.
Line: 206
Column: 20
CWE codes:
126
NotableClassInfo::NotableClassInfo(const char* className, const ClassInfo& info)
: ClassInfo(info)
{
size_t bytes = strlen(className) + 1;
className_ = js_pod_malloc<char>(bytes);
if (!className_)
MOZ_CRASH("oom");
PodCopy(className_, className, bytes);
}
Reported by FlawFinder.
Line: 237
Column: 20
CWE codes:
126
NotableScriptSourceInfo::NotableScriptSourceInfo(const char* filename, const ScriptSourceInfo& info)
: ScriptSourceInfo(info)
{
size_t bytes = strlen(filename) + 1;
filename_ = js_pod_malloc<char>(bytes);
if (!filename_)
MOZ_CRASH("oom");
PodCopy(filename_, filename, bytes);
}
Reported by FlawFinder.