The following issues were found
src/third_party/mozjs-60/extract/js/src/vm/DebuggerMemory.cpp
2 issues
Line: 347
/* Debugger.Memory.prototype.takeCensus */
JS_PUBLIC_API(void)
JS::dbg::SetDebuggerMallocSizeOf(JSContext* cx, mozilla::MallocSizeOf mallocSizeOf)
{
cx->runtime()->debuggerMallocSizeOf = mallocSizeOf;
}
Reported by Cppcheck.
Line: 209
Column: 65
CWE codes:
126
if (!DefineDataProperty(cx, obj, cx->names().timestamp, timestampValue))
return false;
RootedString className(cx, Atomize(cx, entry.className, strlen(entry.className)));
if (!className)
return false;
RootedValue classNameValue(cx, StringValue(className));
if (!DefineDataProperty(cx, obj, cx->names().class_, classNameValue))
return false;
Reported by FlawFinder.
src/third_party/boost/boost/intrusive/hashtable.hpp
2 issues
Line: 592
Column: 40
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
typedef default_hashtable_hook_applier proto_value_traits;
typedef std::size_t size_type;
typedef void key_of_value;
typedef void equal;
typedef void hash;
typedef default_bucket_traits bucket_traits;
static const bool constant_time_size = true;
static const bool power_2_buckets = false;
static const bool cache_begin = false;
Reported by FlawFinder.
Line: 3581
Column: 34
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
< value_traits
, typename packed_options::key_of_value
, typename packed_options::hash
, typename packed_options::equal
, bucket_traits
, typename packed_options::size_type
, (std::size_t(false)*hash_bool_flags::unique_keys_pos)
|(std::size_t(packed_options::constant_time_size)*hash_bool_flags::constant_time_size_pos)
|(std::size_t(packed_options::power_2_buckets)*hash_bool_flags::power_2_buckets_pos)
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/i18n/dcfmtsym.cpp
2 issues
Line: 172
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void
DecimalFormatSymbols::initialize(const Locale& loc, UErrorCode& status, UBool useLastResortData)
{
static const char *gNumberElementKeys[kFormatSymbolCount] = {
"decimal",
"group",
"list",
"percentSign",
NULL, /* Native zero digit is deprecated from CLDR - get it from the numbering system */
Reported by FlawFinder.
Line: 335
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uccLen = ucurr_forLocale(locName, ucc, uccLen, &localStatus);
if(U_SUCCESS(localStatus) && uccLen > 0) {
char cc[4]={0};
u_UCharsToChars(ucc, cc, uccLen);
/* An explicit currency was requested */
LocalUResourceBundlePointer currencyResource(ures_open(U_ICUDATA_CURR, locStr, &localStatus));
LocalUResourceBundlePointer currency(
ures_getByKeyWithFallback(currencyResource.getAlias(), "Currencies", NULL, &localStatus));
Reported by FlawFinder.
src/third_party/boost/boost/test/utils/runtime/cla/argv_traverser.hpp
2 issues
Line: 75
Column: 30
CWE codes:
126
++m_curr_token;
if( !eoi() )
m_token_size = ::strlen( m_argv[m_curr_token] );
}
/// Commit current token and iterate to next one
void next_token()
{
Reported by FlawFinder.
Line: 87
Column: 30
CWE codes:
126
--m_argc;
m_token_size = ::strlen( m_argv[m_curr_token] );
}
}
private:
Reported by FlawFinder.
src/third_party/boost/boost/intrusive/detail/transform_iterator.hpp
2 issues
Line: 94
Column: 15
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
}
BOOST_INTRUSIVE_FORCEINLINE friend bool operator== (const transform_iterator& i, const transform_iterator& i2)
{ return i.equal(i2); }
BOOST_INTRUSIVE_FORCEINLINE friend bool operator!= (const transform_iterator& i, const transform_iterator& i2)
{ return !(i == i2); }
BOOST_INTRUSIVE_FORCEINLINE friend typename Iterator::difference_type operator- (const transform_iterator& i, const transform_iterator& i2)
Reported by FlawFinder.
Line: 150
Column: 37
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
BOOST_INTRUSIVE_FORCEINLINE void decrement()
{ --members_.m_it; }
BOOST_INTRUSIVE_FORCEINLINE bool equal(const transform_iterator &other) const
{ return members_.m_it == other.members_.m_it; }
BOOST_INTRUSIVE_FORCEINLINE bool less(const transform_iterator &other) const
{ return other.members_.m_it < members_.m_it; }
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/vm/Interpreter.h
2 issues
Line: 313
Column: 72
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
RunScript(JSContext* cx, RunState& state);
extern bool
StrictlyEqual(JSContext* cx, HandleValue lval, HandleValue rval, bool* equal);
extern bool
LooselyEqual(JSContext* cx, HandleValue lval, HandleValue rval, bool* equal);
/* === except that NaN is the same as NaN and -0 is not the same as +0. */
Reported by FlawFinder.
Line: 316
Column: 71
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
StrictlyEqual(JSContext* cx, HandleValue lval, HandleValue rval, bool* equal);
extern bool
LooselyEqual(JSContext* cx, HandleValue lval, HandleValue rval, bool* equal);
/* === except that NaN is the same as NaN and -0 is not the same as +0. */
extern bool
SameValue(JSContext* cx, HandleValue v1, HandleValue v2, bool* same);
Reported by FlawFinder.
src/third_party/boost/boost/random/detail/operators.hpp
2 issues
Line: 37
Column: 11
CWE codes:
120
20
template<class CharT, class Traits> \
friend std::basic_istream<CharT,Traits>& \
operator>>(std::basic_istream<CharT,Traits>& is, T& t) { \
t.read(is, t); \
return is; \
} \
template<class CharT, class Traits> \
static std::basic_istream<CharT,Traits>& \
read(std::basic_istream<CharT,Traits>& is, T& t)
Reported by FlawFinder.
Line: 42
Column: 5
CWE codes:
120
20
} \
template<class CharT, class Traits> \
static std::basic_istream<CharT,Traits>& \
read(std::basic_istream<CharT,Traits>& is, T& t)
#endif
#if defined(BOOST_BORLANDC)
Reported by FlawFinder.
src/third_party/boost/boost/intrusive/detail/math.hpp
2 issues
Line: 214
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
float f = val;
unsigned x;
std::memcpy(&x, &val, sizeof(f));
const int log_2 = int((x >> 23) & 255) - 128;
x &= ~(unsigned(255u) << 23u);
x += unsigned(127) << 23u;
std::memcpy(&val, &x, sizeof(f));
//1+log2(m), m ranging from 1 to 2
Reported by FlawFinder.
Line: 218
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const int log_2 = int((x >> 23) & 255) - 128;
x &= ~(unsigned(255u) << 23u);
x += unsigned(127) << 23u;
std::memcpy(&val, &x, sizeof(f));
//1+log2(m), m ranging from 1 to 2
//3rd degree polynomial keeping first derivate continuity.
//For less precision the line can be commented out
val = ((-1.f/3.f) * val + 2.f) * val - (2.f/3.f);
return val + static_cast<float>(log_2);
Reported by FlawFinder.
src/third_party/boost/libs/log/src/permissions.cpp
2 issues
Line: 49
Column: 14
CWE codes:
732
BOOST_LOG_THROW_DESCR_PARAMS(system_error, "Failed to initialize security descriptor", (err));
}
if (!SetSecurityDescriptorDacl(&g_unrestricted_security_descriptor, TRUE, NULL, FALSE))
{
DWORD err = GetLastError();
BOOST_LOG_THROW_DESCR_PARAMS(system_error, "Failed to set null DACL to a security descriptor", (err));
}
Reported by FlawFinder.
Line: 49
Column: 14
CWE codes:
732
BOOST_LOG_THROW_DESCR_PARAMS(system_error, "Failed to initialize security descriptor", (err));
}
if (!SetSecurityDescriptorDacl(&g_unrestricted_security_descriptor, TRUE, NULL, FALSE))
{
DWORD err = GetLastError();
BOOST_LOG_THROW_DESCR_PARAMS(system_error, "Failed to set null DACL to a security descriptor", (err));
}
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/vm/JSFunction.cpp
2 issues
Line: 2392
namespace JS {
namespace detail {
JS_PUBLIC_API(void)
CheckIsValidConstructible(const Value& calleev)
{
JSObject* callee = &calleev.toObject();
if (callee->is<JSFunction>())
MOZ_ASSERT(callee->as<JSFunction>().isConstructor());
Reported by Cppcheck.
Line: 848
Column: 24
CWE codes:
126
RootedFunction functionProto(cx, &functionProto_->as<JSFunction>());
const char* rawSource = "function () {\n}";
size_t sourceLen = strlen(rawSource);
size_t begin = 9;
MOZ_ASSERT(rawSource[begin] == '(');
mozilla::UniquePtr<char16_t[], JS::FreePolicy> source(InflateString(cx, rawSource, sourceLen));
if (!source)
return nullptr;
Reported by FlawFinder.