The following issues were found
src/third_party/mozjs-60/extract/js/src/frontend/TokenStream.cpp
3 issues
Line: 2448
} // namespace js
JS_FRIEND_API(int)
js_fgets(char* buf, int size, FILE* file)
{
int n, i, c;
bool crflag;
Reported by Cppcheck.
Line: 2051
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!peekChar(&c))
goto error;
if (IsAsciiAlpha(c)) {
char buf[2] = { '\0', '\0' };
tp->pos.begin += length + 1;
buf[0] = char(c);
reportError(JSMSG_BAD_REGEXP_FLAG, buf);
consumeKnownChar(c);
goto error;
Reported by FlawFinder.
Line: 476
Column: 20
CWE codes:
120
20
#elif defined(HAVE__GETC_NOLOCK)
# define fast_getc _getc_nolock
#else
# define fast_getc getc
#endif
MOZ_MUST_USE MOZ_ALWAYS_INLINE bool
TokenStreamAnyChars::internalUpdateLineInfoForEOL(uint32_t lineStartOffset)
{
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/ds/MemoryProtectionExceptionHandler.cpp
3 issues
Line: 454
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(dst.old_state) + stateSize);\
dst.flavor = flavor;\
dst.old_state_count = stateCount;\
memcpy(dst.old_state, state, stateSize);
# define COPY_EXCEPTION_REQUEST(bits)\
static void\
CopyExceptionRequest##bits(ExceptionRequest64& src,\
ExceptionRequest##bits& dst)\
Reported by FlawFinder.
Line: 142
Column: 26
CWE codes:
126
# if defined(XP_WIN)
DWORD bytesWritten;
BOOL ret = WriteFile(GetStdHandle(STD_ERROR_HANDLE), aStr,
strlen(aStr) + 1, &bytesWritten, nullptr);
# elif defined(ANDROID)
int ret = __android_log_write(ANDROID_LOG_FATAL, "MOZ_CRASH", aStr);
# else
ssize_t ret = write(STDERR_FILENO, aStr, strlen(aStr) + 1);
# endif
Reported by FlawFinder.
Line: 146
Column: 46
CWE codes:
126
# elif defined(ANDROID)
int ret = __android_log_write(ANDROID_LOG_FATAL, "MOZ_CRASH", aStr);
# else
ssize_t ret = write(STDERR_FILENO, aStr, strlen(aStr) + 1);
# endif
(void)ret; // Ignore failures; we're already crashing anyway.
#endif
}
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/builtin/intl/SharedIntlData.cpp
3 issues
Line: 167
Column: 45
CWE codes:
126
for (const char* rawTimeZone : timezone::ianaZonesTreatedAsLinksByICU) {
MOZ_ASSERT(rawTimeZone != nullptr);
timeZone = Atomize(cx, rawTimeZone, strlen(rawTimeZone));
if (!timeZone)
return false;
TimeZoneHasher::Lookup lookup(timeZone);
TimeZoneSet::AddPtr p = ianaZonesTreatedAsLinksByICU.lookupForAdd(lookup);
Reported by FlawFinder.
Line: 195
Column: 45
CWE codes:
126
const char* rawTarget = linkAndTarget.target;
MOZ_ASSERT(rawLinkName != nullptr);
linkName = Atomize(cx, rawLinkName, strlen(rawLinkName));
if (!linkName)
return false;
MOZ_ASSERT(rawTarget != nullptr);
target = Atomize(cx, rawTarget, strlen(rawTarget));
Reported by FlawFinder.
Line: 200
Column: 41
CWE codes:
126
return false;
MOZ_ASSERT(rawTarget != nullptr);
target = Atomize(cx, rawTarget, strlen(rawTarget));
if (!target)
return false;
TimeZoneHasher::Lookup lookup(linkName);
TimeZoneMap::AddPtr p = ianaLinksCanonicalizedDifferentlyByICU.lookupForAdd(lookup);
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/builtin/SIMD.cpp
3 issues
Line: 138
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ErrorWrongTypeArg(JSContext* cx, unsigned argIndex, Handle<TypeDescr*> typeDescr)
{
MOZ_ASSERT(argIndex < 10);
char charArgIndex[2];
SprintfLiteral(charArgIndex, "%u", argIndex);
HeapSlot& typeNameSlot = typeDescr->getReservedSlotRef(JS_DESCR_SLOT_STRING_REPR);
char* typeNameStr = JS_EncodeString(cx, typeNameSlot.toString());
if (!typeNameStr)
Reported by FlawFinder.
Line: 712
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
JS::AutoCheckCannotGC nogc(cx);
Elem* resultMem = reinterpret_cast<Elem*>(result->typedMem(nogc));
memcpy(resultMem, data, sizeof(Elem) * V::lanes);
return result;
}
#define InstantiateCreateSimd_(Type) \
template JSObject* js::CreateSimd<Type>(JSContext* cx, const Type::Elem* data);
Reported by FlawFinder.
Line: 1333
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
RetElem copy[Vret::lanes];
{
JS::AutoCheckCannotGC nogc(cx);
memcpy(copy, TypedObjectMemory<RetElem*>(args[0], nogc), Vret::lanes * sizeof(RetElem));
}
return StoreResult<Vret>(cx, args, copy);
}
template<typename Vret>
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/public/StructuredClone.h
3 issues
Line: 456
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (size > 0) {
size_t remaining = iter.RemainingInSegment();
size_t nbytes = std::min(remaining, size);
memcpy(iter.Data(), data, nbytes);
data += nbytes;
size -= nbytes;
iter.Advance(bufList_, nbytes);
}
return true;
Reported by FlawFinder.
Line: 317
Column: 27
CWE codes:
120
20
void* content, uint64_t extraData, void* closure);
struct JSStructuredCloneCallbacks {
ReadStructuredCloneOp read;
WriteStructuredCloneOp write;
StructuredCloneErrorOp reportError;
ReadTransferStructuredCloneOp readTransfer;
TransferStructuredCloneOp writeTransfer;
FreeTransferStructuredCloneOp freeTransfer;
Reported by FlawFinder.
Line: 606
Column: 10
CWE codes:
120
20
*/
void abandon() { data_.ownTransferables_ = OwnTransferablePolicy::IgnoreTransferablesIfAny; }
bool read(JSContext* cx, JS::MutableHandleValue vp,
const JSStructuredCloneCallbacks* optionalCallbacks=nullptr, void* closure=nullptr);
bool write(JSContext* cx, JS::HandleValue v,
const JSStructuredCloneCallbacks* optionalCallbacks=nullptr, void* closure=nullptr);
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/irregexp/RegExpEngine.cpp
3 issues
Line: 3282
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
MOZ_ASSERT((ranges[i] & ~kMask) == base);
MOZ_ASSERT(start_index == 0 || (ranges[start_index - 1] & ~kMask) <= base);
char templ[kSize];
jit::Label* on_bit_set;
jit::Label* on_bit_clear;
int bit;
if (even_label == fall_through) {
on_bit_set = odd_label;
Reported by FlawFinder.
Line: 543
Column: 69
CWE codes:
120
20
do {
num_canonical = InsertRangeInCanonicalList(character_ranges,
num_canonical,
character_ranges[read]);
read++;
} while (read < n);
while (character_ranges.length() > num_canonical)
character_ranges.popBack();
Reported by FlawFinder.
Line: 545
Column: 14
CWE codes:
120
20
num_canonical,
character_ranges[read]);
read++;
} while (read < n);
while (character_ranges.length() > num_canonical)
character_ranges.popBack();
MOZ_ASSERT(CharacterRange::IsCanonical(character_ranges));
Reported by FlawFinder.
src/third_party/kms-message/src/kms_b64.c
3 issues
Line: 604
Column: 13
CWE codes:
126
int ret;
size_t b64len;
b64len = strlen (b64);
raw = (uint8_t *) malloc (b64len + 1);
memset (raw, 0, b64len + 1);
ret = kms_message_b64_pton (b64, raw, b64len);
if (ret > 0) {
*out = (size_t) ret;
Reported by FlawFinder.
Line: 627
Column: 13
CWE codes:
126
return NULL;
}
b64len = strlen (b64);
if (-1 == kms_message_b64_to_b64url (b64, b64len, b64, b64len)) {
free (b64);
return NULL;
}
Reported by FlawFinder.
Line: 644
Column: 16
CWE codes:
126
uint8_t *raw;
size_t b64urllen;
b64urllen = strlen(b64url);
/* Add four for padding '=' characters. */
capacity = b64urllen + 4;
b64 = malloc (capacity);
memset (b64, 0, capacity);
if (-1 ==
Reported by FlawFinder.
src/mongo/base/data_type_validated_test.cpp
3 issues
Line: 67
using std::begin;
using std::end;
TEST(DataTypeValidated, SuccessfulValidation) {
char buf[1];
{
DataRangeCursor drc(begin(buf), end(buf));
ASSERT_OK(drc.writeAndAdvanceNoThrow(Validated<char>(0xFU)));
Reported by Cppcheck.
Line: 68
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
using std::end;
TEST(DataTypeValidated, SuccessfulValidation) {
char buf[1];
{
DataRangeCursor drc(begin(buf), end(buf));
ASSERT_OK(drc.writeAndAdvanceNoThrow(Validated<char>(0xFU)));
}
Reported by FlawFinder.
Line: 84
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
TEST(DataTypeValidated, FailedValidation) {
char buf[1];
{
DataRangeCursor drc(begin(buf), end(buf));
ASSERT_NOT_OK(drc.writeAndAdvanceNoThrow(Validated<char>(0x01)));
}
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/i18n/ulocdata.c
3 issues
Line: 227
Column: 16
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
UMeasurementSystem system = UMS_LIMIT;
if(status == NULL || U_FAILURE(*status)){
return system;
}
measurement = measurementTypeBundleForLocale(localeID, MEASUREMENT_SYSTEM, status);
system = (UMeasurementSystem) ures_getInt(measurement, status);
Reported by FlawFinder.
Line: 235
Column: 12
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
ures_close(measurement);
return system;
}
U_CAPI void U_EXPORT2
ulocdata_getPaperSize(const char* localeID, int32_t *height, int32_t *width, UErrorCode *status){
Reported by FlawFinder.
Line: 193
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static UResourceBundle * measurementTypeBundleForLocale(const char *localeID, const char *measurementType, UErrorCode *status){
char region[ULOC_COUNTRY_CAPACITY];
UResourceBundle *rb;
UResourceBundle *measTypeBundle = NULL;
ulocimp_getRegionForSupplementalData(localeID, TRUE, region, ULOC_COUNTRY_CAPACITY, status);
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/i18n/ucal.cpp
3 issues
Line: 149
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if ( caltype == UCAL_GREGORIAN ) {
char localeBuf[ULOC_LOCALE_IDENTIFIER_CAPACITY];
if ( locale == NULL ) {
locale = uloc_getDefault();
}
uprv_strncpy(localeBuf, locale, ULOC_LOCALE_IDENTIFIER_CAPACITY);
uloc_setKeywordValue("calendar", "gregorian", localeBuf, ULOC_LOCALE_IDENTIFIER_CAPACITY, status);
Reported by FlawFinder.
Line: 673
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
U_CAPI UEnumeration* U_EXPORT2
ucal_getKeywordValuesForLocale(const char * /* key */, const char* locale, UBool commonlyUsed, UErrorCode *status) {
// Resolve region
char prefRegion[ULOC_COUNTRY_CAPACITY];
(void)ulocimp_getRegionForSupplementalData(locale, TRUE, prefRegion, sizeof(prefRegion), status);
// Read preferred calendar values from supplementalData calendarPreference
UResourceBundle *rb = ures_openDirect(NULL, "supplementalData", status);
ures_getByKey(rb, "calendarPreferenceData", rb, status);
Reported by FlawFinder.
Line: 740
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
}
ulist_resetList(values);
memcpy(en, &defaultKeywordValues, sizeof(UEnumeration));
en->context = values;
return en;
}
U_CAPI UBool U_EXPORT2
Reported by FlawFinder.