The following issues were found
src/third_party/mozjs-60/extract/js/src/jsnum.h
1 issues
Line: 97
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* possible, but they'll go in dbuf.
*/
static const size_t sbufSize = 34;
char sbuf[sbufSize];
char* dbuf;
ToCStringBuf();
~ToCStringBuf();
};
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/jsutil.cpp
1 issues
Line: 218
Column: 18
CWE codes:
676
Suggestion:
Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient
intptr_t(new char) +
intptr_t(new char) +
intptr_t(new char[16]) +
intptr_t(memalign(16, 16)) +
//intptr_t(q) +
//intptr_t(aligned_alloc(16, 16)) +
//intptr_t(valloc(4096)) +
intptr_t(strdup("dummy"));
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/proxy/CrossCompartmentWrapper.cpp
1 issues
Line: 512
MOZ_ASSERT(IsDeadProxyObject(wrapper));
}
JS_FRIEND_API(void)
js::NukeCrossCompartmentWrapper(JSContext* cx, JSObject* wrapper)
{
JSCompartment* comp = wrapper->compartment();
auto ptr = comp->lookupWrapper(Wrapper::wrappedObject(wrapper));
if (ptr)
Reported by Cppcheck.
src/third_party/mozjs-60/extract/js/src/proxy/Wrapper.cpp
1 issues
Line: 359
return target;
}
JS_FRIEND_API(JSObject*)
js::UncheckedUnwrapWithoutExpose(JSObject* wrapped)
{
while (true) {
if (!wrapped->is<WrapperObject>() || MOZ_UNLIKELY(IsWindowProxy(wrapped)))
break;
Reported by Cppcheck.
src/third_party/mozjs-60/extract/js/src/threading/Mutex.cpp
1 issues
Line: 15
#ifdef DEBUG
MOZ_THREAD_LOCAL(js::Mutex::MutexVector*) js::Mutex::HeldMutexStack;
/* static */ bool
js::Mutex::Init()
{
return HeldMutexStack.init();
Reported by Cppcheck.
src/third_party/mozjs-60/extract/js/src/util/DoubleToString.cpp
1 issues
Line: 326
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
/* Check for Infinity and NaN */
if ((word0(d) & Exp_mask) == Exp_mask) {
strcpy(p, !word1(d) && !(word0(d) & Frac_mask) ? "Infinity" : "NaN");
return buffer;
}
/* Output the integer part of d with the digits in reverse order. */
pInt = p;
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/util/Printf.cpp
1 issues
Line: 23
typedef mozilla::SmprintfPolicyPointer<js::SystemAllocPolicy> JSSmprintfPointer;
JS_PUBLIC_API(JS::UniqueChars) JS_smprintf(const char* fmt, ...)
{
va_list ap;
va_start(ap, fmt);
JSSmprintfPointer result = mozilla::Vsmprintf<js::SystemAllocPolicy>(fmt, ap);
va_end(ap);
Reported by Cppcheck.
src/third_party/mozjs-60/extract/js/src/vm/Caches.h
1 issues
Line: 142
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Template object to copy from, with the initial values of fields,
* fixed slots (undefined) and private data (nullptr).
*/
char templateObject[MAX_OBJ_SIZE];
};
Entry entries[41]; // TODO: reconsider size
public:
Reported by FlawFinder.
src/third_party/boost/boost/intrusive/intrusive_fwd.hpp
1 issues
Line: 659
Column: 8
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
struct floating_point;
template<typename Equal>
struct equal;
template<typename Priority>
struct priority;
template<typename Hash>
Reported by FlawFinder.
src/third_party/mozjs-60/extract/js/src/vm/GlobalObject.cpp
1 issues
Line: 75
#undef INIT_FUNC
};
JS_FRIEND_API(const js::Class*)
js::ProtoKeyToClass(JSProtoKey key)
{
MOZ_ASSERT(key < JSProto_LIMIT);
return protoTable[key].clasp;
}
Reported by Cppcheck.