The following issues were found

src/third_party/icu4c-57.1/source/common/unicode/brkiter.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 634 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              private:

    /** @internal */
    char actualLocale[ULOC_FULLNAME_CAPACITY];
    char validLocale[ULOC_FULLNAME_CAPACITY];

    /**
     * The assignment operator has no real implementation.
     * It's provided to make the compiler happy. Do not call.

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 635 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
    /** @internal */
    char actualLocale[ULOC_FULLNAME_CAPACITY];
    char validLocale[ULOC_FULLNAME_CAPACITY];

    /**
     * The assignment operator has no real implementation.
     * It's provided to make the compiler happy. Do not call.
     */

Reported by FlawFinder.

src/third_party/boost/boost/log/expressions/formatter.hpp
2 issues
setstate - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 191 Column: 72 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              
    BOOST_FORCEINLINE iostate rdstate() const { return this->get().rdstate(); }
    BOOST_FORCEINLINE void clear(iostate state = goodbit) const { this->get().clear(state); }
    BOOST_FORCEINLINE void setstate(iostate state) const { this->get().setstate(state); }
    BOOST_FORCEINLINE bool good() const { return this->get().good(); }
    BOOST_FORCEINLINE bool eof() const { return this->get().eof(); }
    BOOST_FORCEINLINE bool fail() const { return this->get().fail(); }
    BOOST_FORCEINLINE bool bad() const { return this->get().bad(); }

Reported by FlawFinder.

setstate - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 191 Column: 28 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              
    BOOST_FORCEINLINE iostate rdstate() const { return this->get().rdstate(); }
    BOOST_FORCEINLINE void clear(iostate state = goodbit) const { this->get().clear(state); }
    BOOST_FORCEINLINE void setstate(iostate state) const { this->get().setstate(state); }
    BOOST_FORCEINLINE bool good() const { return this->get().good(); }
    BOOST_FORCEINLINE bool eof() const { return this->get().eof(); }
    BOOST_FORCEINLINE bool fail() const { return this->get().fail(); }
    BOOST_FORCEINLINE bool bad() const { return this->get().bad(); }

Reported by FlawFinder.

src/third_party/gperftools/dist/benchmark/binary_trees.cc
2 issues
atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 90 Column: 33 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              }

int main(int argc, char *argv[]) {
  int given_depth = argc >= 2 ? atoi(argv[1]) : 20;
  int thread_count = std::max(1, argc >= 3 ? atoi(argv[2]) : 1) - 1;
  std::vector<pthread_t> threads(thread_count);

  for (int i = 0; i < thread_count; i++) {
    int rv = pthread_create(&threads[i], NULL,

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 91 Column: 46 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              
int main(int argc, char *argv[]) {
  int given_depth = argc >= 2 ? atoi(argv[1]) : 20;
  int thread_count = std::max(1, argc >= 3 ? atoi(argv[2]) : 1) - 1;
  std::vector<pthread_t> threads(thread_count);

  for (int i = 0; i < thread_count; i++) {
    int rv = pthread_create(&threads[i], NULL,
                            run_tramp,

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/arm/disasm/Disasm-arm.cpp
2 issues
vsnprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 51 Column: 18 CWE codes: 134
Suggestion: Use a constant for the format specification 

              {
    va_list args;
    va_start(args, format);
    int result = vsnprintf(str.start(), str.length(), format, args);
    va_end(args);
    return result;
}

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 143 Column: 38 CWE codes: 126 

              
// Support for assertions in the Decoder formatting functions.
#define STRING_STARTS_WITH(string, compare_string) \
    (strncmp(string, compare_string, strlen(compare_string)) == 0)


// Append the ch to the output buffer.
void
Decoder::PrintChar(const char ch)

Reported by FlawFinder.

src/third_party/boost/boost/winapi/character_code_conversion.hpp
2 issues
MultiByteToWideChar - Requires maximum length in CHARACTERS, not bytes
Security

Line: 22 Column: 1 CWE codes: 120 

              extern "C" {

BOOST_WINAPI_IMPORT_EXCEPT_WM int BOOST_WINAPI_WINAPI_CC
MultiByteToWideChar(
    boost::winapi::UINT_ CodePage,
    boost::winapi::DWORD_ dwFlags,
    boost::winapi::LPCSTR_ lpMultiByteStr,
    int cbMultiByte,
    boost::winapi::LPWSTR_ lpWideCharStr,

Reported by FlawFinder.

MultiByteToWideChar - Requires maximum length in CHARACTERS, not bytes
Security

Line: 100 Column: 9 CWE codes: 120 

              BOOST_CONSTEXPR_OR_CONST DWORD_ WC_ERR_INVALID_CHARS_ = 0x00000080;
#endif

using ::MultiByteToWideChar;
using ::WideCharToMultiByte;

} // namespace winapi
} // namespace boost

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/arm64/Assembler-arm64.cpp
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 524 Column: 10 CWE codes: 120 20 

                      tableStart_ = reader_.readFixedUint32_t();
    }

    bool read() {
        if (!reader_.more())
            return false;
        offset_ = reader_.readUnsigned();
        extOffset_ = reader_.readUnsigned();
        return true;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 601 Column: 17 CWE codes: 120 20 

              Assembler::TraceJumpRelocations(JSTracer* trc, JitCode* code, CompactBufferReader& reader)
{
    RelocationIterator iter(reader);
    while (iter.read()) {
        JitCode* child = CodeFromJump(code, code->raw() + iter.offset());
        TraceManuallyBarrieredEdge(trc, &child, "rel32");
        MOZ_ASSERT(child == CodeFromJump(code, code->raw() + iter.offset()));
    }
}

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/arm64/Assembler-arm64.h
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 227 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
    void copyJumpRelocationTable(uint8_t* dest) const {
        if (jumpRelocations_.length())
            memcpy(dest, jumpRelocations_.buffer(), jumpRelocations_.length());
    }
    void copyDataRelocationTable(uint8_t* dest) const {
        if (dataRelocations_.length())
            memcpy(dest, dataRelocations_.buffer(), dataRelocations_.length());
    }

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 231 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  }
    void copyDataRelocationTable(uint8_t* dest) const {
        if (dataRelocations_.length())
            memcpy(dest, dataRelocations_.buffer(), dataRelocations_.length());
    }

    size_t jumpRelocationTableBytes() const {
        return jumpRelocations_.length();
    }

Reported by FlawFinder.

src/third_party/boost/boost/log/detail/locks.hpp
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 74 Column: 25 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct is_exclusively_lockable
{
    typedef char true_type;
    struct false_type { char t[2]; };

    template< typename T >
    static true_type check_lockable(T*, void (T::*)() = &T::lock, void (T::*)() = &T::unlock);
    static false_type check_lockable(void*);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 88 Column: 25 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct is_shared_lockable
{
    typedef char true_type;
    struct false_type { char t[2]; };

    template< typename T >
    static true_type check_shared_lockable(T*, void (T::*)() = &T::lock_shared, void (T::*)() = &T::unlock_shared);
    static false_type check_shared_lockable(void*);

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/arm64/MacroAssembler-arm64.h
2 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1924 Column: 53 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

                      return value;
    }

    void wasmLoadImpl(const wasm::MemoryAccessDesc& access, Register memoryBase,
                      Register ptr, Register ptrScratch, AnyRegister outany,
                      Register64 out64);
    void wasmStoreImpl(const wasm::MemoryAccessDesc& access, AnyRegister valany,
                       Register64 val64, Register memoryBase, Register ptr,
                       Register ptrScratch);

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1927 Column: 54 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

                  void wasmLoadImpl(const wasm::MemoryAccessDesc& access, Register memoryBase,
                      Register ptr, Register ptrScratch, AnyRegister outany,
                      Register64 out64);
    void wasmStoreImpl(const wasm::MemoryAccessDesc& access, AnyRegister valany,
                       Register64 val64, Register memoryBase, Register ptr,
                       Register ptrScratch);

    // Emit a BLR or NOP instruction. ToggleCall can be used to patch
    // this instruction.

Reported by FlawFinder.

src/third_party/icu4c-57.1/source/common/unicode/uversion.h
2 issues
Analysis failed. If the code is valid then please report this failure.
Error

Line: 126 

              #       define U_USING_ICU_NAMESPACE 1
#   endif
#   if U_USING_ICU_NAMESPACE
        U_NAMESPACE_USE
#   endif
#else
#   define U_NAMESPACE_BEGIN
#   define U_NAMESPACE_END
#   define U_NAMESPACE_USE

Reported by Cppcheck.

Analysis failed. If the code is valid then please report this failure.
Error

Line: 126 

              #       define U_USING_ICU_NAMESPACE 1
#   endif
#   if U_USING_ICU_NAMESPACE
        U_NAMESPACE_USE
#   endif
#else
#   define U_NAMESPACE_BEGIN
#   define U_NAMESPACE_END
#   define U_NAMESPACE_USE

Reported by Cppcheck.