The following issues were found
src/third_party/icu4c-57.1/source/common/locresdata.cpp
2 issues
Line: 53
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
UResourceBundle *rb=NULL, table, subTable;
const UChar *item=NULL;
UErrorCode errorCode;
char explicitFallbackName[ULOC_FULLNAME_CAPACITY] = {0};
/*
* open the bundle for the current locale
* this falls back through the locale's chain to root
*/
Reported by FlawFinder.
Line: 163
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!U_FAILURE(*status)) {
int32_t length = 0;
char localeBuffer[ULOC_FULLNAME_CAPACITY];
uloc_canonicalize(localeId, localeBuffer, sizeof(localeBuffer), status);
if (!U_FAILURE(*status)) {
const UChar* const value =
Reported by FlawFinder.
src/third_party/boost/boost/rational.hpp
2 issues
Line: 952
Column: 34
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
try {
r.assign( n, d );
} catch ( bad_rational & ) { // normalization fail
try { is.setstate(ios::failbit); }
catch ( ... ) {} // don't throw ios_base::failure...
if ( is.exceptions() & ios::failbit )
throw; // ...but the original exception instead
// ELSE: suppress the exception, use just error flags
}
Reported by FlawFinder.
Line: 960
Column: 20
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
}
else
is.setstate( ios::failbit );
}
}
return is;
}
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/frontend/FullParseHandler.h
2 issues
Line: 55
public:
/* new_ methods for creating parse nodes. These report OOM on context. */
JS_DECLARE_NEW_METHODS(new_, allocParseNode, inline)
typedef ParseNode* Node;
bool isPropertyAccess(ParseNode* node) {
return node->isKind(ParseNodeKind::Dot) || node->isKind(ParseNodeKind::Elem);
Reported by Cppcheck.
Line: 906
Column: 37
CWE codes:
126
bool isAsyncKeyword(ParseNode* node, JSContext* cx) {
return node->isKind(ParseNodeKind::Name) &&
node->pn_pos.begin + strlen("async") == node->pn_pos.end &&
node->pn_atom == cx->names().async;
}
PropertyName* maybeDottedProperty(ParseNode* pn) {
return pn->is<PropertyAccess>() ? &pn->as<PropertyAccess>().name() : nullptr;
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/frontend/NameFunctions.cpp
2 issues
Line: 198
CWE codes:
562
RootedFunction fun(cx, pn->pn_funbox->function());
StringBuffer buf(cx);
this->buf = &buf;
retAtom.set(nullptr);
/* If the function already has a name, use that */
if (fun->displayAtom() != nullptr) {
Reported by Cppcheck.
Line: 59
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Append a number to buf. */
bool appendNumber(double n) {
char number[30];
int digits = SprintfLiteral(number, "%g", n);
return buf->append(number, digits);
}
/* Append "[<n>]" to buf, referencing a property named by a numeric literal. */
Reported by FlawFinder.
src/third_party/boost/libs/regex/src/regex_raw_buffer.cpp
2 issues
Line: 29
Column: 12
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#if defined(BOOST_NO_STDC_NAMESPACE)
namespace std{
using ::memcpy;
using ::memmove;
}
#endif
Reported by FlawFinder.
Line: 50
Column: 12
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pointer ptr = static_cast<pointer>(::operator new(newsize));
BOOST_REGEX_NOEH_ASSERT(ptr)
if(start)
std::memcpy(ptr, start, datasize);
// get rid of old buffer:
::operator delete(start);
// and set up pointers:
Reported by FlawFinder.
src/third_party/boost/boost/random/generate_canonical.hpp
2 issues
Line: 26
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/detail/generator_bits.hpp>
namespace boost {
namespace random {
namespace detail {
template<class RealType, std::size_t bits, class URNG>
RealType generate_canonical_impl(URNG& g, boost::true_type /*is_integral*/)
Reported by FlawFinder.
Line: 82
Column: 19
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
RealType generate_canonical(URNG& g)
{
RealType result = detail::generate_canonical_impl<RealType, bits>(
g, boost::random::traits::is_integral<typename URNG::result_type>());
BOOST_ASSERT(result >= 0);
BOOST_ASSERT(result <= 1);
if(result == 1) {
result -= std::numeric_limits<RealType>::epsilon() / 2;
BOOST_ASSERT(result != 1);
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/fuzz-tests/tests.cpp
2 issues
Line: 116
Column: 29
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
return 1;
}
const char* fuzzerEnv = getenv("FUZZER");
if (!fuzzerEnv) {
fprintf(stderr, "Must specify fuzzing target in FUZZER environment variable\n");
return 1;
}
Reported by FlawFinder.
Line: 122
Column: 31
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
return 1;
}
std::string moduleNameStr(getenv("FUZZER"));
FuzzerFunctions funcs = FuzzerRegistry::getInstance().getModuleFunctions(moduleNameStr);
FuzzerInitFunc initFunc = funcs.first;
FuzzerTestingFunc testingFunc = funcs.second;
if (initFunc) {
Reported by FlawFinder.
src/third_party/boost/boost/random/uniform_real_distribution.hpp
2 issues
Line: 29
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/type_traits/is_integral.hpp>
namespace boost {
namespace random {
namespace detail {
template<class Engine, class T>
T generate_uniform_real(
Engine& eng, T min_value, T max_value,
Reported by FlawFinder.
Line: 128
Column: 24
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
parm._min = min_in;
parm._max = max_in;
} else {
is.setstate(std::ios_base::failbit);
}
}
return is;
}
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/gc/Barrier.h
2 issues
Line: 593
Column: 10
CWE codes:
120
20
explicit ReadBarrieredBase(const T& v) : BarrieredBase<T>(v) {}
protected:
void read() const { InternalBarrierMethods<T>::readBarrier(this->value); }
void post(const T& prev, const T& next) {
InternalBarrierMethods<T>::postBarrier(&this->value, prev, next);
}
};
Reported by FlawFinder.
Line: 649
Column: 19
CWE codes:
120
20
const T& get() const {
if (InternalBarrierMethods<T>::isMarkable(this->value))
this->read();
return this->value;
}
const T& unbarrieredGet() const {
return this->value;
Reported by FlawFinder.
src/third_party/boost/boost/random/uniform_real.hpp
2 issues
Line: 36
Column: 29
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
* new code.
*/
template<class RealType = double>
class uniform_real : public random::uniform_real_distribution<RealType>
{
typedef random::uniform_real_distribution<RealType> base_type;
public:
class param_type : public base_type::param_type
Reported by FlawFinder.
Line: 38
Column: 13
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
template<class RealType = double>
class uniform_real : public random::uniform_real_distribution<RealType>
{
typedef random::uniform_real_distribution<RealType> base_type;
public:
class param_type : public base_type::param_type
{
public:
Reported by FlawFinder.