The following issues were found

src/third_party/unwind/dist/tests/Gtest-nomalloc.c
1 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 31 Column: 4 CWE codes: 134
Suggestion: Use a constant for the format specification 

              #include <libunwind.h>

#define panic(args...)				\
	{ fprintf (stderr, args); exit (-1); }

int verbose;
int num_errors;
int in_unwind;

Reported by FlawFinder.

src/third_party/unwind/dist/tests/Gtest-resume-sig.c
1 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 45 Column: 7 CWE codes: 134
Suggestion: Use a constant for the format specification 

              #endif

#define panic(args...)						\
	do { fprintf (stderr, args); ++nerrors; } while (0)

int verbose;
int nerrors;
int got_usr1, got_usr2;
char *sigusr1_sp;

Reported by FlawFinder.

src/third_party/wiredtiger/ext/compressors/zstd/zstd_compress.c
1 issues
Memory leak: context_pool
Error

Line: 326 CWE codes: 401 

                  if ((ret = wt_api->spin_init(wt_api, &(context_pool->list_lock), "zstd context")) != 0) {
        (void)wt_api->err_printf(
          wt_api, NULL, "zstd_init_context_pool: %s", wt_api->strerror(wt_api, NULL, ret));
        return (ret);
    }
    context_pool->count = 0;
    context_pool->free_ctx_list = NULL;

    for (i = 0; i < count; i++) {

Reported by Cppcheck.

src/third_party/wiredtiger/examples/c/ex_smoke.c
1 issues
system - This causes a new program to execute and is difficult to use safely
Security

Line: 48 Column: 16 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

                   * This code deliberately doesn't use the standard test_util macros, we don't want to link
     * against that code to smoke-test a build.
     */
    if ((ret = system("rm -rf WT_HOME && mkdir WT_HOME")) != 0) {
        fprintf(stderr, "Failed to clean up prior to running example.\n");
        return (EXIT_FAILURE);
    }

    /* Open a connection to the database, creating it if necessary. */

Reported by FlawFinder.

src/third_party/wiredtiger/examples/c/ex_pack.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 53 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  {
        /*! [packing] */
        size_t size;
        char buf[50];

        error_check(wiredtiger_struct_size(session, &size, "iii", 42, 1000, -9));
        if (size > sizeof(buf)) {
            /* Allocate a bigger buffer. */
        }

Reported by FlawFinder.

src/third_party/wiredtiger/examples/c/ex_extractor.c
1 issues
srand - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 120 Column: 5 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

                  uint16_t rec_year, term_end, term_start, year;

    year = 0;
    srand((unsigned int)getpid());
    error_check(session->open_cursor(session, "index:presidents:term", NULL, NULL, &cursor));

    /*
     * Pick 10 random years and read the data.
     */

Reported by FlawFinder.

src/third_party/unwind/dist/tests/Gx64-test-dwarf-expressions.c
1 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 11 Column: 7 CWE codes: 134
Suggestion: Use a constant for the format specification 

              static int nerrors;

#define panic(args...)							  \
	do { printf (args); ++nerrors; } while (0)

// Assembly routine which sets up the stack for the test then calls another one
// which clobbers the stack, and which in turn calls recover_register below
extern int64_t DW_CFA_expression_testcase(int64_t regnum, int64_t height);

Reported by FlawFinder.

src/third_party/unwind/dist/tests/Ltest-cxx-exceptions.cxx
1 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 31 Column: 4 CWE codes: 134
Suggestion: Use a constant for the format specification 

              #include "compiler.h"

#define panic(args...)				\
	{ fprintf (stderr, args); exit (-1); }

static int verbose;

struct Test
{

Reported by FlawFinder.

src/third_party/wiredtiger/bench/wtperf/idle_table_cycle.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 76 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  WT_SESSION *session;
    uint64_t start, stop;
    int cycle_count, ret;
    char uri[512];

    wtperf = (WTPERF *)arg;
    opts = wtperf->opts;
    cycle_count = 0;

Reported by FlawFinder.

src/third_party/wiredtiger/bench/wtperf/wtperf_throttle.c
1 issues
usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 94 Column: 15 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

                   */
    usecs_delta = WT_TIMEDIFF_US(now, throttle_cfg->last_increment);
    if (usecs_delta < throttle_cfg->usecs_increment) {
        (void)usleep((useconds_t)(throttle_cfg->usecs_increment - usecs_delta));
        throttle_cfg->ops_count = throttle_cfg->ops_per_increment;
        /*
         * After sleeping, set the interval to the current time.
         */
        __wt_epoch(NULL, &throttle_cfg->last_increment);

Reported by FlawFinder.