The following issues were found
src/third_party/boost/boost/iostreams/detail/adapter/non_blocking_adapter.hpp
2 issues
Line: 27
Column: 21
CWE codes:
120
20
: mode_of<Device>::type, device_tag
{ };
explicit non_blocking_adapter(Device& dev) : device_(dev) { }
std::streamsize read(char_type* s, std::streamsize n)
{
std::streamsize result = 0;
while (result < n) {
std::streamsize amt = iostreams::read(device_, s + result, n - result);
if (amt == -1)
Reported by FlawFinder.
Line: 31
Column: 46
CWE codes:
120
20
{
std::streamsize result = 0;
while (result < n) {
std::streamsize amt = iostreams::read(device_, s + result, n - result);
if (amt == -1)
break;
result += amt;
}
return result != 0 ? result : -1;
Reported by FlawFinder.
src/third_party/boost/boost/iostreams/detail/adapter/direct_adapter.hpp
2 issues
Line: 116
Column: 21
CWE codes:
120
20
// Device interface.
std::streamsize read(char_type* s, std::streamsize n);
std::streamsize write(const char_type* s, std::streamsize n);
std::streampos seek( stream_offset, BOOST_IOS::seekdir,
BOOST_IOS::openmode = BOOST_IOS::in | BOOST_IOS::out );
void close();
void close(BOOST_IOS::openmode which);
Reported by FlawFinder.
Line: 194
Column: 48
CWE codes:
120
20
//--------------Implementation of direct_adapter------------------------------//
template<typename Direct>
inline std::streamsize direct_adapter<Direct>::read
(char_type* s, std::streamsize n)
{
using namespace std;
pointers& get = ptrs_.first();
std::streamsize avail =
Reported by FlawFinder.
src/third_party/boost/boost/iostreams/copy.hpp
2 issues
Line: 106
Column: 24
CWE codes:
120
20
std::ptrdiff_t capacity = p.second - p.first;
while (true) {
std::streamsize amt =
iostreams::read(
src,
buf.data(),
buffer_size < capacity - total ?
buffer_size :
static_cast<std::streamsize>(capacity - total)
Reported by FlawFinder.
Line: 134
Column: 34
CWE codes:
120
20
bool done = false;
while (!done) {
std::streamsize amt;
done = (amt = iostreams::read(src, buf.data(), buffer_size)) == -1;
if (amt != -1) {
iostreams::write(nb, buf.data(), amt);
total += amt;
}
}
Reported by FlawFinder.
src/third_party/boost/libs/log/src/default_sink.cpp
2 issues
Line: 126
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
result_type operator() (std::string const& msg) const
{
#if !defined(BOOST_LOG_NO_THREADS)
char thread_id_buf[64];
boost::log::aux::format_thread_id(thread_id_buf, sizeof(thread_id_buf), boost::log::aux::this_thread::get_id());
#endif
const decomposed_time_point now = date_time::microsec_clock< decomposed_time_point >::local_time();
Reported by FlawFinder.
Line: 158
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
result_type operator() (std::wstring const& msg) const
{
#if !defined(BOOST_LOG_NO_THREADS)
char thread_id_buf[64];
boost::log::aux::format_thread_id(thread_id_buf, sizeof(thread_id_buf), boost::log::aux::this_thread::get_id());
#endif
const decomposed_time_point now = date_time::microsec_clock< decomposed_time_point >::local_time();
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/jsmath.cpp
2 issues
Line: 763
Column: 18
CWE codes:
362
done = (ret == sizeof(seed));
# endif
if (!done) {
int fd = open("/dev/urandom", O_RDONLY);
if (fd >= 0) {
mozilla::Unused << read(fd, static_cast<void*>(&seed), sizeof(seed));
close(fd);
}
}
Reported by FlawFinder.
Line: 765
Column: 32
CWE codes:
120
20
if (!done) {
int fd = open("/dev/urandom", O_RDONLY);
if (fd >= 0) {
mozilla::Unused << read(fd, static_cast<void*>(&seed), sizeof(seed));
close(fd);
}
}
#else
# error "Platform needs to implement GenerateRandomSeed()"
Reported by FlawFinder.
src/third_party/boost/boost/system/detail/system_category_message_win32.hpp
2 issues
Line: 24
Column: 11
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
namespace boost
{
namespace system
{
namespace detail
{
Reported by FlawFinder.
Line: 164
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
inline std::string unknown_message_win32( int ev )
{
char buffer[ 38 ];
return unknown_message_win32( ev, buffer, sizeof( buffer ) );
}
inline std::string system_category_message_win32( int ev )
{
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/jspubtd.h
2 issues
Line: 61
};
/* Dense index into cached prototypes and class atoms for standard objects. */
enum JSProtoKey {
#define PROTOKEY_AND_INITIALIZER(name,init,clasp) JSProto_##name,
JS_FOR_EACH_PROTOTYPE(PROTOKEY_AND_INITIALIZER)
#undef PROTOKEY_AND_INITIALIZER
JSProto_LIMIT
};
Reported by Cppcheck.
Line: 61
};
/* Dense index into cached prototypes and class atoms for standard objects. */
enum JSProtoKey {
#define PROTOKEY_AND_INITIALIZER(name,init,clasp) JSProto_##name,
JS_FOR_EACH_PROTOTYPE(PROTOKEY_AND_INITIALIZER)
#undef PROTOKEY_AND_INITIALIZER
JSProto_LIMIT
};
Reported by Cppcheck.
src/third_party/mozjs-60/extract/js/src/jsutil.h
2 issues
Line: 313
Column: 38
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
static inline void*
Poison(void* ptr, uint8_t value, size_t num)
{
static bool disablePoison = bool(getenv("JSGC_DISABLE_POISONING"));
if (disablePoison)
return ptr;
// Without a valid Value tag, a poisoned Value may look like a valid
// floating point number. To ensure that we crash more readily when
Reported by FlawFinder.
Line: 46
Column: 12
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
MOZ_ASSERT_IF(dst >= src, (size_t) (dst - src) >= len);
MOZ_ASSERT_IF(src >= dst, (size_t) (src - dst) >= len);
return memcpy(dst, src, len);
}
namespace js {
// An internal version of JS_IsInitialized() that returns whether SpiderMonkey
Reported by FlawFinder.
src/third_party/boost/boost/random/random_number_generator.hpp
2 issues
Line: 25
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/detail/disable_warnings.hpp>
namespace boost {
namespace random {
/**
* Instantiations of class template random_number_generator model a
* RandomNumberGenerator (std:25.2.11 [lib.alg.random.shuffle]). On
* each invocation, it returns a uniformly distributed integer in
Reported by FlawFinder.
Line: 67
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::random_number_generator;
} // namespace boost
#include <boost/random/detail/enable_warnings.hpp>
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/proxy/Proxy.cpp
2 issues
Line: 77
}
}
JS_FRIEND_API(void)
js::assertEnteredPolicy(JSContext* cx, JSObject* proxy, jsid id,
BaseProxyHandler::Action act)
{
MOZ_ASSERT(proxy->is<ProxyObject>());
MOZ_ASSERT(cx->enteredPolicy);
Reported by Cppcheck.
Line: 167
return proxy->as<ProxyObject>().handler()->delete_(cx, proxy, id, result);
}
JS_FRIEND_API(bool)
js::AppendUnique(JSContext* cx, AutoIdVector& base, AutoIdVector& others)
{
AutoIdVector uniqueOthers(cx);
if (!uniqueOthers.reserve(others.length()))
return false;
Reported by Cppcheck.