The following issues were found

src/third_party/boost/boost/random/taus88.hpp
2 issues
random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 22 Column: 11 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              #include <boost/random/xor_combine.hpp>

namespace boost {
namespace random {

/** 
 * The specialization taus88 was suggested in
 *
 *  @blockquote

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 41 Column: 7 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              
} // namespace random

using random::taus88;

} // namespace boost

#endif // BOOST_RANDOM_TAUS88_HPP

Reported by FlawFinder.

src/third_party/icu4c-57.1/source/common/uniset.cpp
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 104 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static inline void _dbgct(UnicodeSet* set) {
    UnicodeString str;
    set->toPattern(str, TRUE);
    char buf[40];
    str.extract(0, 39, buf, "");
    printf("DEBUG UnicodeSet: ct 0x%08X; %d %s\n", set, ++_dbgCount, buf);
}

static inline void _dbgdt(UnicodeSet* set) {

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 112 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static inline void _dbgdt(UnicodeSet* set) {
    UnicodeString str;
    set->toPattern(str, TRUE);
    char buf[40];
    str.extract(0, 39, buf, "");
    printf("DEBUG UnicodeSet: dt 0x%08X; %d %s\n", set, --_dbgCount, buf);
}

#else

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/arm64/vixl/MacroAssembler-vixl.cpp
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 539 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                VIXL_ASSERT(is_uint32(imm));

  uint8_t bytes[sizeof(imm)];
  memcpy(bytes, &imm, sizeof(imm));

  // All bytes are either 0x00 or 0xff.
  {
    bool all0orff = true;
    for (int i = 0; i < 4; ++i) {

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 1815 Column: 15 CWE codes: 126 

              

void MacroAssembler::AnnotateInstrumentation(const char* marker_name) {
  VIXL_ASSERT(strlen(marker_name) == 2);

  // We allow only printable characters in the marker names. Unprintable
  // characters are reserved for controlling features of the instrumentation.
  VIXL_ASSERT(isprint(marker_name[0]) && isprint(marker_name[1]));

Reported by FlawFinder.

src/third_party/icu4c-57.1/source/common/uniset_props.cpp
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1041 Column: 21 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                              {
                    // Must munge name, since u_charFromName() does not do
                    // 'loose' matching.
                    char buf[128]; // it suffices that this be > uprv_getMaxCharNameLength
                    if (!mungeCharName(buf, vname.data(), sizeof(buf))) FAIL(ec);
                    UChar32 ch = u_charFromName(U_EXTENDED_CHAR_NAME, buf, &ec);
                    if (U_SUCCESS(ec)) {
                        clear();
                        add(ch);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1059 Column: 21 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                              {
                    // Must munge name, since u_versionFromString() does not do
                    // 'loose' matching.
                    char buf[128];
                    if (!mungeCharName(buf, vname.data(), sizeof(buf))) FAIL(ec);
                    UVersionInfo version;
                    u_versionFromString(version, buf);
                    applyFilter(versionFilter, &version, UPROPS_SRC_PROPSVEC, ec);
                    return *this;

Reported by FlawFinder.

src/third_party/boost/libs/locale/src/util/codecvt_converter.cpp
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 92 Column: 17 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                          for(unsigned i=0;i<128;i++)
                to_unicode_tbl_[i]=i;
            for(unsigned i=128;i<256;i++) {
                char buf[2] = { char(i) , 0 };
                uint32_t uchar=utf::illegal;
                try {
                    std::wstring const tmp = conv::to_utf<wchar_t>(buf,buf+1,encoding,conv::stop);
                    if(tmp.size() == 1) {
                        uchar = tmp[0];

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 146 Column: 18 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      }
    private:
        uint32_t to_unicode_tbl_[256];
        unsigned char from_unicode_tbl_[hash_table_size];
    };

    class simple_converter : public base_converter {
    public:

Reported by FlawFinder.

src/third_party/boost/boost/locale/boundary/index.hpp
2 issues
equal - Function does not check the second iterator for over-read conditions
Security

Line: 195 Column: 26 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

                                      return value_;
                    }

                    bool equal(segment_index_iterator const &other) const
                    {
                        return map_ == other.map_ && current_.second == other.current_.second;
                    }

                    void increment()

Reported by FlawFinder.

equal - Function does not check the second iterator for over-read conditions
Security

Line: 383 Column: 26 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

                                      return value_;
                    }

                    bool equal(boundary_point_index_iterator const &other) const
                    {
                        return map_ == other.map_ && current_ == other.current_;
                    }

                    void increment()

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/mips-shared/Architecture-mips-shared.cpp
2 issues
fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 32 Column: 16 CWE codes: 362 

                  flags |= HWCAP_R2;
#else
# ifdef __linux__
    FILE* fp = fopen("/proc/cpuinfo", "r");
    if (!fp)
        return flags;

    char buf[1024];
    memset(buf, 0, sizeof(buf));

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 36 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  if (!fp)
        return flags;

    char buf[1024];
    memset(buf, 0, sizeof(buf));
    (void)fread(buf, sizeof(char), sizeof(buf) - 1, fp);
    fclose(fp);
    if (strstr(buf, "FPU"))
        flags |= HWCAP_FPU;

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/mips-shared/Assembler-mips-shared.cpp
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 148 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              AssemblerMIPSShared::copyJumpRelocationTable(uint8_t* dest)
{
    if (jumpRelocations_.length())
        memcpy(dest, jumpRelocations_.buffer(), jumpRelocations_.length());
}

void
AssemblerMIPSShared::copyDataRelocationTable(uint8_t* dest)
{

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 155 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              AssemblerMIPSShared::copyDataRelocationTable(uint8_t* dest)
{
    if (dataRelocations_.length())
        memcpy(dest, dataRelocations_.buffer(), dataRelocations_.length());
}

AssemblerMIPSShared::Condition
AssemblerMIPSShared::InvertCondition(Condition cond)
{

Reported by FlawFinder.

src/third_party/boost/boost/lexical_cast/detail/inf_nan.hpp
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 114 Column: 22 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                                  ++ begin;
                }

                std::memcpy(begin, lc_nan, 3 * sizeof(CharT));
                end = begin + 3;
                return true;
            } else if (boost::core::isinf(value)) {
                if (boost::core::signbit(value)) {
                    *begin = minus;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 123 Column: 22 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                                  ++ begin;
                }

                std::memcpy(begin, lc_infinity, 3 * sizeof(CharT));
                end = begin + 3;
                return true;
            }

            return false;

Reported by FlawFinder.

src/third_party/boost/libs/locale/src/win32/lcid.cpp
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 58 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                          return FALSE;
        }
            
        char iso_639_lang[16];
        char iso_3166_country[16];
        if(GetLocaleInfoA(lcid,LOCALE_SISO639LANGNAME,iso_639_lang,sizeof(iso_639_lang))==0)
            return FALSE;
        std::string lc_name = iso_639_lang;
        if(GetLocaleInfoA(lcid,LOCALE_SISO3166CTRYNAME,iso_3166_country,sizeof(iso_3166_country))!=0) {

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 59 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      }
            
        char iso_639_lang[16];
        char iso_3166_country[16];
        if(GetLocaleInfoA(lcid,LOCALE_SISO639LANGNAME,iso_639_lang,sizeof(iso_639_lang))==0)
            return FALSE;
        std::string lc_name = iso_639_lang;
        if(GetLocaleInfoA(lcid,LOCALE_SISO3166CTRYNAME,iso_3166_country,sizeof(iso_3166_country))!=0) {
            lc_name += "_";

Reported by FlawFinder.