The following issues were found

src/third_party/icu4c-57.1/source/i18n/olsontz.cpp
2 issues
va_list 'ap' was opened but not closed by va_end().
Error

Line: 45 CWE codes: 664 

                va_start(ap, pat);
  vfprintf(stderr, pat, ap);
  fflush(stderr);
}
// must use double parens, i.e.:  U_DEBUG_TZ_MSG(("four is: %d",4));
#define U_DEBUG_TZ_MSG(x) {debug_tz_loc(__FILE__,__LINE__);debug_tz_msg x;}
#else
#define U_DEBUG_TZ_MSG(x)
#endif

Reported by Cppcheck.

vfprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 43 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification 

              {
  va_list ap;
  va_start(ap, pat);
  vfprintf(stderr, pat, ap);
  fflush(stderr);
}
// must use double parens, i.e.:  U_DEBUG_TZ_MSG(("four is: %d",4));
#define U_DEBUG_TZ_MSG(x) {debug_tz_loc(__FILE__,__LINE__);debug_tz_msg x;}
#else

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/vm/TypedArrayObject.cpp
2 issues
There is an unknown macro here somewhere. Configuration is required. If JS_FRIEND_API is a macro then please configure it.
Error

Line: 1955 

                const js::Class* const js::detail::Name ## ArrayClassPtr =                                    \
      &js::TypedArrayObject::classes[TypedArrayObjectTemplate<NativeType>::ArrayTypeID()];

IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Int8, int8_t)
IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Uint8, uint8_t)
IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Uint8Clamped, uint8_clamped)
IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Int16, int16_t)
IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Uint16, uint16_t)
IMPL_TYPED_ARRAY_JSAPI_CONSTRUCTORS(Int32, int32_t)

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 118 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      return false;

    // tarray is not shared, because if it were it would have a buffer.
    memcpy(buffer->dataPointer(), tarray->viewDataUnshared(), tarray->byteLength());

    // If the object is in the nursery, the buffer will be freed by the next
    // nursery GC. Free the data slot pointer if the object has no inline data.
    Nursery& nursery = cx->nursery();
    if (tarray->isTenured() && !tarray->hasInlineElements() &&

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/vm/UbiNode.cpp
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 239 Column: 13 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      char16_t* name16 = nullptr;
        if (wantNames) {
            // Ask the tracer to compute an edge name for us.
            char buffer[1024];
            getTracingEdgeName(buffer, sizeof(buffer));
            const char* name = buffer;

            // Convert the name to char16_t characters.
            name16 = js_pod_malloc<char16_t>(strlen(name) + 1);

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 244 Column: 46 CWE codes: 126 

                          const char* name = buffer;

            // Convert the name to char16_t characters.
            name16 = js_pod_malloc<char16_t>(strlen(name) + 1);
            if (!name16) {
                okay = false;
                return;
            }

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/vm/UbiNodeCensus.cpp
2 issues
There is an unknown macro here somewhere. Configuration is required. If JS_PUBLIC_API is a macro then please configure it.
Error

Line: 21 

              namespace JS {
namespace ubi {

JS_PUBLIC_API(void)
CountDeleter::operator()(CountBase* ptr)
{
    if (!ptr)
        return;

Reported by Cppcheck.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 379 Column: 42 CWE codes: 126 

              
        const char* name = getName(entry->key());
        MOZ_ASSERT(name);
        JSAtom* atom = Atomize(cx, name, strlen(name));
        if (!atom)
            return nullptr;

        RootedId entryId(cx, AtomToId(atom));
        if (!DefineDataProperty(cx, obj, entryId, thenReport))

Reported by FlawFinder.

src/third_party/icu4c-57.1/source/i18n/rbnf.cpp
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 569 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  msg.append(p, limit-p);
    msg.append(UNICODE_STRING_SIMPLE("'"));
    
    char buf[128];
    int32_t len = msg.extract(0, msg.length(), buf, 128);
    if (len >= 128) {
        buf[127] = 0;
    } else {
        buf[len] = 0;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1004 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  }
    if (localizations && index >= 0 && index < localizations->getNumberOfDisplayLocales()) {
        UnicodeString name(TRUE, localizations->getLocaleName(index), -1);
        char buffer[64];
        int32_t cap = name.length() + 1;
        char* bp = buffer;
        if (cap > 64) {
            bp = (char *)uprv_malloc(cap);
            if (bp == NULL) {

Reported by FlawFinder.

src/third_party/icu4c-57.1/source/i18n/reldtfmt.cpp
2 issues
There is an unknown macro here somewhere. Configuration is required. If UOBJECT_DEFINE_RTTI_IMPLEMENTATION is a macro then please configure it.
Error

Line: 41 

              static const char DT_DateTimePatternsTag[]="DateTimePatterns";


UOBJECT_DEFINE_RTTI_IMPLEMENTATION(RelativeDateFormat)

RelativeDateFormat::RelativeDateFormat(const RelativeDateFormat& other) :
 DateFormat(other), fDateTimeFormatter(NULL), fDatePattern(other.fDatePattern),
 fTimePattern(other.fTimePattern), fCombinedFormat(NULL),
 fDateStyle(other.fDateStyle), fLocale(other.fLocale),

Reported by Cppcheck.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 554 Column: 26 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

                      if(U_FAILURE(status) || aString == NULL) break;

        // calculate the offset
        int32_t offset = atoi(key);
        
        // set min/max
        if(offset < fDayMin) {
            fDayMin = offset;
        }

Reported by FlawFinder.

src/third_party/boost/boost/xpressive/traits/c_regex_traits.hpp
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 386 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
    using namespace std;
    BOOST_ASSERT(8 == radix || 10 == radix || 16 == radix);
    char begin[2] = { ch, '\0' }, *end = 0;
    int val = strtol(begin, &end, radix);
    return begin == end ? -1 : val;
}

#ifndef BOOST_XPRESSIVE_NO_WREGEX

Reported by FlawFinder.

wchar_t - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 398 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
    using namespace std;
    BOOST_ASSERT(8 == radix || 10 == radix || 16 == radix);
    wchar_t begin[2] = { ch, L'\0' }, *end = 0;
    int val = wcstol(begin, &end, radix);
    return begin == end ? -1 : val;
}
#endif

Reported by FlawFinder.

src/third_party/boost/boost/fusion/sequence/io/detail/manip.hpp
2 issues
setstate - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 140 Column: 32 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

                                  if (stream.get() != c)
                    {
                        stream.unget();
                        stream.setstate(std::ios::failbit);
                    }
                }
            }

            Stream& stream;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 109 Column: 13 CWE codes: 120 20 

                          }

            void
            read(char const* default_) const
            {
                // read a delimiter
                string_type const* p = stream_data_t::get(stream);
                std::ws(stream);

Reported by FlawFinder.

src/third_party/icu4c-57.1/source/i18n/smpdtfmt.cpp
2 issues
There is an unknown macro here somewhere. Configuration is required. If UOBJECT_DEFINE_RTTI_IMPLEMENTATION is a macro then please configure it.
Error

Line: 231 

              
static UMutex LOCK = U_MUTEX_INITIALIZER;

UOBJECT_DEFINE_RTTI_IMPLEMENTATION(SimpleDateFormat)

SimpleDateFormat::NSOverride::~NSOverride() {
    if (snf != NULL) {
        snf->removeRef();
    }

Reported by Cppcheck.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1312 Column: 16 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      if (!found) {
           LocalPointer<NSOverride> cur(new NSOverride);
           if (!cur.isNull()) {
               char kw[ULOC_KEYWORD_AND_VALUES_CAPACITY];
               uprv_strcpy(kw,"numbers=");
               nsName.extract(0,len,kw+8,ULOC_KEYWORD_AND_VALUES_CAPACITY-8,US_INV);

               Locale ovrLoc(locale.getLanguage(),locale.getCountry(),locale.getVariant(),kw);
               cur->hash = nsNameHash;

Reported by FlawFinder.

src/third_party/gperftools/dist/src/tests/frag_unittest.cc
2 issues
system - This causes a new program to execute and is difficult to use safely
Security

Line: 105 Column: 42 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              #elif defined(_WIN32)
    long long int tv_start = GetTickCount();
#else
# error No way to calculate time on your system
#endif

    for (int i = 0; i < kIterations; i++) {
      size_t s;
      MallocExtension::instance()->GetNumericProperty("tcmalloc.slack_bytes",

Reported by FlawFinder.

system - This causes a new program to execute and is difficult to use safely
Security

Line: 125 Column: 42 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

                  // Resolution in windows is only to the millisecond, alas
    int64 sumusec = ((tv_end - tv_start) % 1000) * 1000;
#else
# error No way to calculate time on your system
#endif
    fprintf(stderr, "getproperty: %6.1f ns/call\n",
            (sumsec * 1e9 + sumusec * 1e3) / kIterations);
  }

Reported by FlawFinder.