Codekhana

src/third_party/zstandard-1.4.4/zstd/contrib/seekable_format/zstdseek_compress.c

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 290 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                      size_t const lenWrite =
                MIN(output->size - output->pos, offset + 4 - fl->seekTablePos);
        MEM_writeLE32(tmp, value);
        memcpy((BYTE*)output->dst + output->pos,
               tmp + (fl->seekTablePos - offset), lenWrite);
        output->pos += lenWrite;
        fl->seekTablePos += lenWrite;

        if (lenWrite < 4) return ZSTD_seekable_seekTableSize(fl) - fl->seekTablePos;

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/lib/common/fse_decompress.c

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 123 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                                  if (normalizedCounter[s] >= largeLimit) DTableH.fastMode=0;
                    symbolNext[s] = normalizedCounter[s];
        }   }   }
        memcpy(dt, &DTableH, sizeof(DTableH));
    }

    /* Spread symbols */
    {   U32 const tableMask = tableSize-1;
        U32 const step = FSE_TABLESTEP(tableSize);

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/tests/fuzz/block_round_trip.c

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 45 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                  FUZZ_ZASSERT(ret);
    if (ret == 0) {
        FUZZ_ASSERT(resultCapacity >= srcSize);
        memcpy(result, src, srcSize);
        return srcSize;
    }
    ZSTD_decompressBegin(dctx);
    return ZSTD_decompressBlock(dctx, result, resultCapacity, compressed, ret);
}

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/lib/common/pool.c

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 209 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                  {   ZSTD_pthread_t* const threadPool = (ZSTD_pthread_t*)ZSTD_malloc(numThreads * sizeof(ZSTD_pthread_t), ctx->customMem);
        if (!threadPool) return 1;
        /* replace existing thread pool */
        memcpy(threadPool, ctx->threads, ctx->threadCapacity * sizeof(*threadPool));
        ZSTD_free(ctx->threads, ctx->customMem);
        ctx->threads = threadPool;
        /* Initialize additional threads */
        {   size_t threadId;
            for (threadId = ctx->threadCapacity; threadId < numThreads; ++threadId) {

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/tests/fuzz/regression_driver.c

1 issues

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 60 Column: 12 CWE codes: 362

                    bufferSize = fileSize;
    }
    /* Open the file */
    file = fopen(fileName, "rb");
    FUZZ_ASSERT_MSG(file, fileName);
    /* Read the file */
    readSize = fread(buffer, 1, fileSize, file);
    FUZZ_ASSERT_MSG(readSize == fileSize, fileName);
    /* Close the file */

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/tests/fuzz/zstd_helpers.c

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 119 Column: 7 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                    size_t const offset = FUZZ_dataProducer_uint32Range(producer, 0, MAX(srcSize, 1) - 1);
      size_t const limit = MIN(srcSize - offset, remaining);
      size_t const toCopy = MIN(limit, remaining / (nbSamples - sample));
      memcpy(samples + pos, src + offset, toCopy);
      pos += toCopy;
      samplesSizes[sample] = toCopy;

    }
    memset(samples + pos, 0, totalSampleSize - pos);

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/contrib/experimental_dict_builders/randomDictBuilder/main.c

1 issues

fprintf - If format strings can be influenced by an attacker, they can be exploited

Security

Line: 15 Column: 30 CWE codes: 134
Suggestion: Use a constant for the format specification

              /*-*************************************
*  Console display
***************************************/
#define DISPLAY(...)         fprintf(stderr, __VA_ARGS__)
#define DISPLAYLEVEL(l, ...) if (displayLevel>=l) { DISPLAY(__VA_ARGS__); }

static const U64 g_refreshRate = SEC_TO_MICRO / 6;
static UTIL_time_t g_displayClock = UTIL_TIME_INITIALIZER;

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/lib/compress/zstd_lazy.c

1 issues

Pointer addition with NULL pointer.

Error

Line: 663 CWE codes: 682

                  const U32 dictIndexDelta       = dictMode == ZSTD_dictMatchState ?
                                     prefixLowestIndex - (U32)(dictEnd - dictBase) :
                                     0;
    const U32 dictAndPrefixLength = (U32)(ip - prefixLowest + dictEnd - dictLowest);

    /* init */
    ip += (dictAndPrefixLength == 0);
    if (dictMode == ZSTD_noDict) {
        U32 const maxRep = (U32)(ip - prefixLowest);

Reported by Cppcheck.

src/third_party/zstandard-1.4.4/zstd/lib/compress/zstd_double_fast.c

1 issues

Pointer addition with NULL pointer.

Error

Line: 99 CWE codes: 682

                                                   dictCParams->hashLog : hBitsL;
    const U32 dictHBitsS           = dictMode == ZSTD_dictMatchState ?
                                     dictCParams->chainLog : hBitsS;
    const U32 dictAndPrefixLength  = (U32)(ip - prefixLowest + dictEnd - dictStart);

    DEBUGLOG(5, "ZSTD_compressBlock_doubleFast_generic");

    assert(dictMode == ZSTD_noDict || dictMode == ZSTD_dictMatchState);

Reported by Cppcheck.

src/third_party/zstandard-1.4.4/zstd/contrib/experimental_dict_builders/fastCover/main.c

1 issues

fprintf - If format strings can be influenced by an attacker, they can be exploited

Security

Line: 15 Column: 30 CWE codes: 134
Suggestion: Use a constant for the format specification

              /*-*************************************
*  Console display
***************************************/
#define DISPLAY(...)         fprintf(stderr, __VA_ARGS__)
#define DISPLAYLEVEL(l, ...) if (displayLevel>=l) { DISPLAY(__VA_ARGS__); }

static const U64 g_refreshRate = SEC_TO_MICRO / 6;
static UTIL_time_t g_displayClock = UTIL_TIME_INITIALIZER;

Reported by FlawFinder.

Modal title

The following issues were found

src/third_party/zstandard-1.4.4/zstd/contrib/seekable_format/zstdseek_compress.c

1 issues

src/third_party/zstandard-1.4.4/zstd/lib/common/fse_decompress.c

1 issues

src/third_party/zstandard-1.4.4/zstd/tests/fuzz/block_round_trip.c

1 issues

src/third_party/zstandard-1.4.4/zstd/lib/common/pool.c

1 issues

src/third_party/zstandard-1.4.4/zstd/tests/fuzz/regression_driver.c

1 issues

src/third_party/zstandard-1.4.4/zstd/tests/fuzz/zstd_helpers.c

1 issues

src/third_party/zstandard-1.4.4/zstd/contrib/experimental_dict_builders/randomDictBuilder/main.c

1 issues

src/third_party/zstandard-1.4.4/zstd/lib/compress/zstd_lazy.c

1 issues

src/third_party/zstandard-1.4.4/zstd/lib/compress/zstd_double_fast.c

1 issues

src/third_party/zstandard-1.4.4/zstd/contrib/experimental_dict_builders/fastCover/main.c

1 issues