The following issues were found
src/third_party/mozjs-60/extract/js/src/jit/MacroAssembler.cpp
2 issues
Line: 2079
Column: 17
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
void
MacroAssembler::printf(const char* output)
{
AllocatableRegisterSet regs(RegisterSet::Volatile());
LiveRegisterSet save(regs.asLiveSet());
PushRegsInMask(save);
Reported by FlawFinder.
Line: 2107
Column: 17
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
void
MacroAssembler::printf(const char* output, Register value)
{
AllocatableRegisterSet regs(RegisterSet::Volatile());
LiveRegisterSet save(regs.asLiveSet());
PushRegsInMask(save);
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/jit/ProcessExecutableMemory.cpp
2 issues
Line: 78
# ifdef HAVE_64BIT_BUILD
static js::JitExceptionHandler sJitExceptionHandler;
JS_FRIEND_API(void)
js::SetJitExceptionHandler(JitExceptionHandler handler)
{
MOZ_ASSERT(!sJitExceptionHandler);
sJitExceptionHandler = handler;
}
Reported by Cppcheck.
Line: 153
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
r->thunk[0] = 0x48;
r->thunk[1] = 0xb8;
void* handler = JS_FUNC_TO_DATA_PTR(void*, ExceptionHandler);
memcpy(&r->thunk[2], &handler, 8);
// jmp rax
r->thunk[10] = 0xff;
r->thunk[11] = 0xe0;
Reported by FlawFinder.
src/third_party/boost/boost/thread/win32/shared_mutex.hpp
2 issues
Line: 51
Column: 18
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
BOOST_STATIC_ASSERT(sizeof(state_data) == sizeof(long));
long new_val, comp;
std::memcpy(&new_val, &new_value, sizeof(new_value));
std::memcpy(&comp, &comparand, sizeof(comparand));
long const res=BOOST_INTERLOCKED_COMPARE_EXCHANGE(reinterpret_cast<long*>(target),
new_val,
comp);
state_data result;
Reported by FlawFinder.
Line: 52
Column: 18
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BOOST_STATIC_ASSERT(sizeof(state_data) == sizeof(long));
long new_val, comp;
std::memcpy(&new_val, &new_value, sizeof(new_value));
std::memcpy(&comp, &comparand, sizeof(comparand));
long const res=BOOST_INTERLOCKED_COMPARE_EXCHANGE(reinterpret_cast<long*>(target),
new_val,
comp);
state_data result;
std::memcpy(&result, &res, sizeof(result));
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/jit/Registers.h
2 issues
Line: 318
Column: 15
CWE codes:
120
20
bool has(FloatRegister reg) const {
return fpregs_[reg.code()] != nullptr;
}
uintptr_t read(Register reg) const {
return regs_[reg.code()]->r;
}
double read(FloatRegister reg) const {
return fpregs_[reg.code()]->d;
}
Reported by FlawFinder.
Line: 321
Column: 12
CWE codes:
120
20
uintptr_t read(Register reg) const {
return regs_[reg.code()]->r;
}
double read(FloatRegister reg) const {
return fpregs_[reg.code()]->d;
}
void write(Register reg, uintptr_t value) const {
regs_[reg.code()]->r = value;
}
Reported by FlawFinder.
src/third_party/boost/boost/math/policies/error_handling.hpp
2 issues
Line: 93
Column: 39
CWE codes:
126
inline void replace_all_in_string(std::string& result, const char* what, const char* with)
{
std::string::size_type pos = 0;
std::string::size_type slen = std::strlen(what);
std::string::size_type rlen = std::strlen(with);
while((pos = result.find(what, pos)) != std::string::npos)
{
result.replace(pos, slen, with);
pos += rlen;
Reported by FlawFinder.
Line: 94
Column: 39
CWE codes:
126
{
std::string::size_type pos = 0;
std::string::size_type slen = std::strlen(what);
std::string::size_type rlen = std::strlen(with);
while((pos = result.find(what, pos)) != std::string::npos)
{
result.replace(pos, slen, with);
pos += rlen;
}
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/jit/SharedIC.cpp
2 issues
Line: 47
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
RootedScript script(cx, GetTopJitJSScript(cx));
jsbytecode* pc = stub->icEntry()->pc(script);
char fmtbuf[100];
va_list args;
va_start(args, fmt);
(void) VsprintfLiteral(fmtbuf, fmt, args);
va_end(args);
Reported by FlawFinder.
Line: 72
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
RootedScript script(cx, GetTopJitJSScript(cx));
jsbytecode* pc = stub->icEntry()->pc(script);
char fmtbuf[100];
va_list args;
va_start(args, fmt);
(void) VsprintfLiteral(fmtbuf, fmt, args);
va_end(args);
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/jit/Snapshots.cpp
2 issues
Line: 312
Column: 19
CWE codes:
120
20
}
RValueAllocation
RValueAllocation::read(CompactBufferReader& reader)
{
uint8_t mode = reader.readByte();
const Layout& layout = layoutFromMode(Mode(mode & MODE_BITS_MASK));
Payload arg1, arg2;
Reported by FlawFinder.
Line: 545
Column: 30
CWE codes:
120
20
JitSpew(JitSpew_IonSnapshots, "Reading slot %u", allocRead_);
uint32_t offset = readAllocationIndex() * ALLOCATION_TABLE_ALIGNMENT;
allocReader_.seek(allocTable_, offset);
return RValueAllocation::read(allocReader_);
}
bool
SnapshotWriter::init()
{
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/jit/Snapshots.h
2 issues
Line: 531
Column: 33
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// has stricter alignment requirements than RInstructionStorage.
static constexpr size_t Alignment = alignof(void*);
alignas(Alignment) unsigned char mem[Size];
public:
const void* addr() const { return mem; }
void* addr() { return mem; }
Reported by FlawFinder.
Line: 302
Column: 29
CWE codes:
120
20
void writeHeader(CompactBufferWriter& writer, JSValueType type, uint32_t regCode) const;
public:
static RValueAllocation read(CompactBufferReader& reader);
void write(CompactBufferWriter& writer) const;
public:
bool valid() const {
return mode_ != INVALID;
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/jit/arm/Assembler-arm.h
2 issues
Line: 116
Column: 48
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
uint32_t stackBytesConsumedSoFar() const { return stackOffset_; }
};
bool IsUnaligned(const wasm::MemoryAccessDesc& access);
// These registers may be volatile or nonvolatile.
static constexpr Register ABINonArgReg0 = r4;
static constexpr Register ABINonArgReg1 = r5;
static constexpr Register ABINonArgReg2 = r6;
Reported by FlawFinder.
Line: 475
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
: rm_(rm), rrs_(rsr), type_(type), shiftAmount_(shiftAmount), pad_(0)
{ }
explicit Reg(const Op2Reg& op) {
memcpy(this, &op, sizeof(*this));
}
uint32_t shiftAmount() const {
return shiftAmount_;
}
Reported by FlawFinder.
src/third_party/boost/boost/log/utility/formatting_ostream.hpp
2 issues
Line: 328
Column: 10
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
iostate rdstate() const { return m_stream.rdstate(); }
void clear(iostate state = goodbit) { m_stream.clear(state); }
void setstate(iostate state) { m_stream.setstate(state); }
bool good() const { return m_stream.good(); }
bool eof() const { return m_stream.eof(); }
bool fail() const { return m_stream.fail(); }
bool bad() const { return m_stream.bad(); }
Reported by FlawFinder.
Line: 328
Column: 45
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
iostate rdstate() const { return m_stream.rdstate(); }
void clear(iostate state = goodbit) { m_stream.clear(state); }
void setstate(iostate state) { m_stream.setstate(state); }
bool good() const { return m_stream.good(); }
bool eof() const { return m_stream.eof(); }
bool fail() const { return m_stream.fail(); }
bool bad() const { return m_stream.bad(); }
Reported by FlawFinder.