Line: 100 Column: 5 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values

                }

  { // Test randomized accesses
    srand(301);   // srand isn't great, but it's portable
    vector<intptr_t> elements;
    for (intptr_t i = 0; i < static_cast<intptr_t>(limit); i++) elements.push_back(i);
    Permute(&elements);

    Type map(malloc);

            

Line: 88 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              #define LOG(level)  std::cerr << "\n"

static std::string StringPrintf(const char* format, ...) {
  char buf[256];   // should be big enough for all logging
  va_list ap;
  va_start(ap, format);
  perftools_vsnprintf(buf, sizeof(buf), format, ap);
  va_end(ap);
  return buf;

            

Line: 189

              #endif  // TEST_UCONTEXT_BITS

int ATTRIBUTE_NOINLINE CaptureLeafPlain(void **stack, int stack_len) {
  INIT_ADDRESS_RANGE(CheckStackTraceLeaf, start, end, &expected_range[0]);
  DECLARE_ADDRESS_LABEL(start);

  int size = GetStackTrace(stack, stack_len, 0);

  printf("Obtained %d stack frames.\n", size);

            

Line: 97 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
private:
  static const int kArraySize = 8 * 1024 * 1024;
  char array_[kArraySize];
  // We allocate the next chunk from here
  int ptr_;

};
const int ArraySysAllocator::kArraySize;

            

Line: 30 Column: 11 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values

              #include <boost/random/normal_distribution.hpp>

namespace boost {
namespace random {

/**
 * Instantiations of class template lognormal_distribution model a
 * \random_distribution. Such a distribution produces random numbers
 * with \f$\displaystyle p(x) = \frac{1}{x s \sqrt{2\pi}} e^{\frac{-\left(\log(x)-m\right)^2}{2s^2}}\f$

            

Line: 30 Column: 11 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values

              #include <boost/random/detail/seed_impl.hpp>

namespace boost {
namespace random {

/**
 * Instatiations of @c linear_feedback_shift model a
 * \pseudo_random_number_generator.  It was originally
 * proposed in

            

Line: 185 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                  if (this == &that)
      return;
    this->is_valid_ = that.is_valid_;
    memcpy(this->windows_fn_, that.windows_fn_, sizeof(windows_fn_));
    this->module_base_address_ = that.module_base_address_;
    this->module_base_size_ = that.module_base_size_;
  }

  enum {

            

Line: 23 Column: 11 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values

              #include <boost/random/exponential_distribution.hpp>

namespace boost {
namespace random {

/**
 * The laplace distribution is a real-valued distribution with
 * two parameters, mean and beta.
 *

            

Line: 60 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                }
  void* Alloc(size_t size, size_t *actual_size, size_t alignment);
};
static char virtual_space[sizeof(VirtualSysAllocator)];

// This is mostly like MmapSysAllocator::Alloc, except it does these weird
// munmap's in the middle of the page, which is forbidden in windows.
void* VirtualSysAllocator::Alloc(size_t size, size_t *actual_size,
                                 size_t alignment) {

            

Line: 160 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              struct ProfilerState {
  int    enabled;             /* Is profiling currently enabled? */
  time_t start_time;          /* If enabled, when was profiling started? */
  char   profile_name[1024];  /* Name of profile file being written, or '\0' */
  int    samples_gathered;    /* Number of samples gathered so far (or 0) */
};
PERFTOOLS_DLL_DECL void ProfilerGetCurrentState(struct ProfilerState* state);

/* Returns the current stack trace, to be called from a SIGPROF handler. */