The following issues were found
src/third_party/gperftools/dist/src/tests/sampling_test.cc
2 issues
Line: 71
CWE codes:
771
exit(1);
}
for (int i = 0; i < 8000; i++) {
AllocateAllocate();
}
string s;
MallocExtension::instance()->GetHeapSample(&s);
WriteStringToFile(s, string(argv[1]) + ".heap");
Reported by Cppcheck.
Line: 60
Column: 14
CWE codes:
362
}
static void WriteStringToFile(const string& s, const string& filename) {
FILE* fp = fopen(filename.c_str(), "w");
fwrite(s.data(), 1, s.length(), fp);
fclose(fp);
}
int main(int argc, char** argv) {
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/i18n/uspoof_wsconf.cpp
2 issues
Line: 193
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Extract the two script names from the source line. We need these in an 8 bit
// default encoding (will be EBCDIC on IBM mainframes) in order to pass them on
// to the ICU u_getPropertyValueEnum() function. Ugh.
char srcScriptName[20];
char targScriptName[20];
extractGroup(parseRegexp, 4, srcScriptName, sizeof(srcScriptName), status);
extractGroup(parseRegexp, 5, targScriptName, sizeof(targScriptName), status);
UScriptCode srcScript =
static_cast<UScriptCode>(u_getPropertyValueEnum(UCHAR_SCRIPT, srcScriptName));
Reported by FlawFinder.
Line: 194
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// default encoding (will be EBCDIC on IBM mainframes) in order to pass them on
// to the ICU u_getPropertyValueEnum() function. Ugh.
char srcScriptName[20];
char targScriptName[20];
extractGroup(parseRegexp, 4, srcScriptName, sizeof(srcScriptName), status);
extractGroup(parseRegexp, 5, targScriptName, sizeof(targScriptName), status);
UScriptCode srcScript =
static_cast<UScriptCode>(u_getPropertyValueEnum(UCHAR_SCRIPT, srcScriptName));
UScriptCode targScript =
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/i18n/visibledigits.cpp
2 issues
Line: 87
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
// stack allocate a decNumber to hold MAX_DBL_DIGITS+3 significant digits
char rawNumber[sizeof(decNumber) + MAX_DBL_DIGITS+3];
decNumber *numberPtr = (decNumber *) rawNumber;
int32_t mostSig = fInterval.getMostSignificantExclusive();
int32_t mostSigNonZero = fExponent + fDigits.length();
int32_t end = mostSig > mostSigNonZero ? mostSigNonZero : mostSig;
Reported by FlawFinder.
Line: 109
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
numberPtr->exponent = start;
numberPtr->bits = 0;
numberPtr->digits = end - start;
char str[MAX_DBL_DIGITS+18];
uprv_decNumberToString(numberPtr, str);
U_ASSERT(uprv_strlen(str) < MAX_DBL_DIGITS+18);
char decimalSeparator = DigitList::getStrtodDecimalSeparator();
if (decimalSeparator != '.') {
char *decimalPt = strchr(str, '.');
Reported by FlawFinder.
src/third_party/mozjs-60/include/mozilla/BufferList.h
2 issues
Line: 408
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!data) {
return false;
}
memcpy(data, aData + copied, toCopy);
copied += toCopy;
}
return true;
}
Reported by FlawFinder.
Line: 458
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// We've run out of data in the last segment.
return false;
}
memcpy(aData + copied, aIter.Data(), toCopy);
copied += toCopy;
remaining -= toCopy;
aIter.Advance(*this, toCopy);
}
Reported by FlawFinder.
src/third_party/boost/boost/core/lightweight_test.hpp
2 issues
Line: 207
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
else
{
char buffer[ 8 ];
std::sprintf( buffer, "\\x%02X", static_cast<unsigned char>( v ) );
return buffer;
}
}
Reported by FlawFinder.
Line: 208
Column: 14
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
else
{
char buffer[ 8 ];
std::sprintf( buffer, "\\x%02X", static_cast<unsigned char>( v ) );
return buffer;
}
}
Reported by FlawFinder.
src/third_party/icu4c-57.1/source/i18n/windtfmt.cpp
2 issues
Line: 247
Column: 39
CWE codes:
126
}
}
appendTo.append(buffer, (int32_t) wcslen(buffer));
if (buffer != stackBuffer) {
DELETE_ARRAY(buffer);
}
}
Reported by FlawFinder.
Line: 273
Column: 39
CWE codes:
126
}
}
appendTo.append(buffer, (int32_t) wcslen(buffer));
if (buffer != stackBuffer) {
DELETE_ARRAY(buffer);
}
}
Reported by FlawFinder.
src/third_party/mozjs-60/include/mozilla/PodOperations.h
2 issues
Line: 87
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
MOZ_ASSERT(aDst + 1 <= aSrc || aSrc + 1 <= aDst,
"destination and source must not overlap");
memcpy(reinterpret_cast<char*>(aDst), reinterpret_cast<const char*>(aSrc),
sizeof(T));
}
/**
* Copy |aNElem| T elements from |aSrc| to |aDst|. The two memory ranges must
Reported by FlawFinder.
Line: 110
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
PodAssign(aDst, aSrc);
}
} else {
memcpy(aDst, aSrc, aNElem * sizeof(T));
}
}
template<typename T>
static MOZ_ALWAYS_INLINE void
Reported by FlawFinder.
src/third_party/boost/boost/asio/detail/resolver_service.hpp
2 issues
Line: 110
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
results_type resolve(implementation_type&,
const endpoint_type& endpoint, boost::system::error_code& ec)
{
char host_name[NI_MAXHOST];
char service_name[NI_MAXSERV];
socket_ops::sync_getnameinfo(endpoint.data(), endpoint.size(),
host_name, NI_MAXHOST, service_name, NI_MAXSERV,
endpoint.protocol().type(), ec);
Reported by FlawFinder.
Line: 111
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const endpoint_type& endpoint, boost::system::error_code& ec)
{
char host_name[NI_MAXHOST];
char service_name[NI_MAXSERV];
socket_ops::sync_getnameinfo(endpoint.data(), endpoint.size(),
host_name, NI_MAXHOST, service_name, NI_MAXSERV,
endpoint.protocol().type(), ec);
return ec ? results_type() : results_type::create(
Reported by FlawFinder.
src/third_party/mozjs-60/include/mozilla/Printf.h
2 issues
Line: 179
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* Copy data */
memcpy(mCur, sp, len);
mCur += len;
MOZ_ASSERT(size_t(mCur - mBase) <= mMaxlen);
return true;
}
Reported by FlawFinder.
Line: 135
Column: 26
CWE codes:
126
{
public:
explicit SprintfState(char* base)
: mMaxlen(base ? strlen(base) : 0)
, mBase(base)
, mCur(base ? base + mMaxlen : 0)
{
}
Reported by FlawFinder.
src/third_party/mozjs-60/include/mozilla/Span.h
2 issues
Line: 883
Column: 41
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
operator==(const Span<ElementType, FirstExtent>& l,
const Span<ElementType, SecondExtent>& r)
{
return (l.size() == r.size()) && std::equal(l.begin(), l.end(), r.begin());
}
template<class ElementType, size_t Extent>
inline constexpr bool
operator!=(const Span<ElementType, Extent>& l,
Reported by FlawFinder.
Line: 1069
Column: 49
CWE codes:
126
inline Span<const char>
MakeStringSpan(const char* aZeroTerminated)
{
return Span<const char>(aZeroTerminated, std::strlen(aZeroTerminated));
}
/**
* Create span from UTF-16 C string.
*/
Reported by FlawFinder.