The following issues were found

src/third_party/zstandard-1.4.4/zstd/lib/common/zstd_internal.h
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 194 Column: 54 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              /*-*******************************************
*  Shared functions to include for inlining
*********************************************/
static void ZSTD_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }

#define COPY8(d,s) { ZSTD_copy8(d,s); d+=8; s+=8; }
static void ZSTD_copy16(void* dst, const void* src) { memcpy(dst, src, 16); }
#define COPY16(d,s) { ZSTD_copy16(d,s); d+=16; s+=16; }

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 197 Column: 55 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              static void ZSTD_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }

#define COPY8(d,s) { ZSTD_copy8(d,s); d+=8; s+=8; }
static void ZSTD_copy16(void* dst, const void* src) { memcpy(dst, src, 16); }
#define COPY16(d,s) { ZSTD_copy16(d,s); d+=16; s+=16; }

#define WILDCOPY_OVERLENGTH 32
#define WILDCOPY_VECLEN 16

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/lib/compress/zstd_opt.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 937 Column: 25 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                                      opt[pos].litlen = litlen;
                        opt[pos].price = sequencePrice;
                        ZSTD_STATIC_ASSERT(sizeof(opt[pos].rep) == sizeof(repHistory));
                        memcpy(opt[pos].rep, &repHistory, sizeof(repHistory));
                }   }
                last_pos = pos-1;
            }
        }

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1033 Column: 29 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                                          opt[pos].litlen = litlen;
                            opt[pos].price = price;
                            ZSTD_STATIC_ASSERT(sizeof(opt[pos].rep) == sizeof(repHistory));
                            memcpy(opt[pos].rep, &repHistory, sizeof(repHistory));
                        } else {
                            DEBUGLOG(7, "rPos:%u (ml=%2u) => new price is worse (%.2f>=%.2f)",
                                        pos, mlen, ZSTD_fCost(price), ZSTD_fCost(opt[pos].price));
                            if (optLevel==0) break;  /* early update abort; gets ~+10% speed for about -0.01 ratio loss */
                        }

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/lib/decompress/zstd_ddict.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 130 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      ddict->dictBuffer = internalBuffer;
        ddict->dictContent = internalBuffer;
        if (!internalBuffer) return ERROR(memory_allocation);
        memcpy(internalBuffer, dict, dictSize);
    }
    ddict->dictSize = dictSize;
    ddict->entropy.hufTable[0] = (HUF_DTable)((HufLog)*0x1000001);  /* cover both little and big endian */

    /* parse dictionary content */

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 197 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  if ((size_t)sBuffer & 7) return NULL;   /* 8-aligned */
    if (sBufferSize < neededSpace) return NULL;
    if (dictLoadMethod == ZSTD_dlm_byCopy) {
        memcpy(ddict+1, dict, dictSize);  /* local copy */
        dict = ddict+1;
    }
    if (ZSTD_isError( ZSTD_initDDict_internal(ddict,
                                              dict, dictSize,
                                              ZSTD_dlm_byRef, dictContentType) ))

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/contrib/pzstd/test/RoundTripTest.cpp
2 issues
tmpnam - Temporary file race condition
Security

Line: 30 Column: 17 CWE codes: 377 

              writeData(size_t size, double matchProba, double litProba, unsigned seed) {
  std::unique_ptr<uint8_t[]> buf(new uint8_t[size]);
  RDG_genBuffer(buf.get(), size, matchProba, litProba, seed);
  string file = tmpnam(nullptr);
  auto fd = std::fopen(file.c_str(), "wb");
  auto guard = makeScopeGuard([&] { std::fclose(fd); });
  auto bytesWritten = std::fwrite(buf.get(), 1, size, fd);
  if (bytesWritten != size) {
    std::abort();

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 31 Column: 18 CWE codes: 362 

                std::unique_ptr<uint8_t[]> buf(new uint8_t[size]);
  RDG_genBuffer(buf.get(), size, matchProba, litProba, seed);
  string file = tmpnam(nullptr);
  auto fd = std::fopen(file.c_str(), "wb");
  auto guard = makeScopeGuard([&] { std::fclose(fd); });
  auto bytesWritten = std::fwrite(buf.get(), 1, size, fd);
  if (bytesWritten != size) {
    std::abort();
  }

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/programs/benchfn.c
2 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 40 Column: 30 CWE codes: 134
Suggestion: Use a constant for the format specification 

              ***************************************/
#if defined(DEBUG) && (DEBUG >= 1)
#  include <stdio.h>       /* fprintf */
#  define DISPLAY(...)       fprintf(stderr, __VA_ARGS__)
#  define DEBUGOUTPUT(...) { if (DEBUG) DISPLAY(__VA_ARGS__); }
#else
#  define DEBUGOUTPUT(...)
#endif

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 173 Column: 13 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              BMK_timedFnState_t*
BMK_initStatic_timedFnState(void* buffer, size_t size, unsigned total_ms, unsigned run_ms)
{
    typedef char check_size[ 2 * (sizeof(BMK_timedFnState_shell) >= sizeof(struct BMK_timedFnState_s)) - 1];  /* static assert : a compilation failure indicates that BMK_timedFnState_shell is not large enough */
    typedef struct { check_size c; BMK_timedFnState_t tfs; } tfs_align;  /* force tfs to be aligned at its next best position */
    size_t const tfs_alignment = offsetof(tfs_align, tfs); /* provides the minimal alignment restriction for BMK_timedFnState_t */
    BMK_timedFnState_t* const r = (BMK_timedFnState_t*)buffer;
    if (buffer == NULL) return NULL;
    if (size < sizeof(struct BMK_timedFnState_s)) return NULL;

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/contrib/pzstd/Logging.h
2 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 46 Column: 10 CWE codes: 134
Suggestion: Use a constant for the format specification 

                    return;
    }
    std::lock_guard<std::mutex> lock(mutex_);
    std::fprintf(out_, fmt, args...);
  }

  template <typename... Args>
  void update(int level, const char *fmt, Args... args) {
    if (level > level_) {

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 59 Column: 12 CWE codes: 134
Suggestion: Use a constant for the format specification 

                  if (now - lastUpdate_ > refreshRate_) {
      lastUpdate_ = now;
      std::fprintf(out_, "\r");
      std::fprintf(out_, fmt, args...);
    }
  }

  void clear(int level) {
    if (level > level_) {

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/programs/datagen.c
2 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 31 Column: 37 CWE codes: 134
Suggestion: Use a constant for the format specification 

              #define MIN(a,b)  ( (a) < (b) ? (a) : (b) )

#define RDG_DEBUG 0
#define TRACE(...)   if (RDG_DEBUG) fprintf(stderr, __VA_ARGS__ )


/*-************************************
*  Local constants
**************************************/

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 181 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      total += genBlockSize;
        { size_t const unused = fwrite(buff, 1, genBlockSize, stdout); (void)unused; }
        /* update dict */
        memcpy(buff, buff + stdBlockSize, stdDictSize);
    }

    /* cleanup */
    free(buff);
}

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/contrib/linux-kernel/lib/zstd/zstd_opt.h
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 692 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	/* Last Literals */
	{
		size_t const lastLLSize = iend - anchor;
		memcpy(seqStorePtr->lit, anchor, lastLLSize);
		seqStorePtr->lit += lastLLSize;
	}
}

FORCE_INLINE

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1007 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              	/* Last Literals */
	{
		size_t lastLLSize = iend - anchor;
		memcpy(seqStorePtr->lit, anchor, lastLLSize);
		seqStorePtr->lit += lastLLSize;
	}
}

#endif /* ZSTD_OPT_H_91842398743 */

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/tests/checkTag.c
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 34 Column: 30 CWE codes: 126 

               */
static int validate(const char* const tag)
{
    size_t const tagLength = strlen(tag);
    size_t const verLength = strlen(ZSTD_VERSION_STRING);

    if (tagLength < 2) return 0;
    if (tag[0] != 'v') return 0;
    if (tagLength <= verLength) return 0;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 35 Column: 30 CWE codes: 126 

              static int validate(const char* const tag)
{
    size_t const tagLength = strlen(tag);
    size_t const verLength = strlen(ZSTD_VERSION_STRING);

    if (tagLength < 2) return 0;
    if (tag[0] != 'v') return 0;
    if (tagLength <= verLength) return 0;

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/contrib/gen_html/gen_html.cpp
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 98 Column: 13 CWE codes: 362 

              
    version = "zstd " + string(argv[1]) + " Manual";

    istream.open(argv[2], ifstream::in);
    if (!istream.is_open()) {
        cout << "Error opening file " << argv[2] << endl;
        return 1;
    }

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 104 Column: 13 CWE codes: 362 

                      return 1;
    }

    ostream.open(argv[3], ifstream::out);
    if (!ostream.is_open()) {
        cout << "Error opening file " << argv[3] << endl;
        return 1;
   }

Reported by FlawFinder.