Codekhana

src/third_party/zstandard-1.4.4/zstd/contrib/experimental_dict_builders/benchmarkDictBuilder/benchmark.c

1 issues

fprintf - If format strings can be influenced by an attacker, they can be exploited

Security

Line: 19 Column: 30 CWE codes: 134
Suggestion: Use a constant for the format specification

              /*-*************************************
*  Console display
***************************************/
#define DISPLAY(...)         fprintf(stderr, __VA_ARGS__)
#define DISPLAYLEVEL(l, ...) if (displayLevel>=l) { DISPLAY(__VA_ARGS__); }

static const U64 g_refreshRate = SEC_TO_MICRO / 6;
static UTIL_time_t g_displayClock = UTIL_TIME_INITIALIZER;

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/lib/compress/zstd_compress_sequences.c

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 238 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                      *op = codeTable[0];
        return 1;
    case set_repeat:
        memcpy(nextCTable, prevCTable, prevCTableSize);
        return 0;
    case set_basic:
        FORWARD_IF_ERROR(FSE_buildCTable_wksp(nextCTable, defaultNorm, defaultMax, defaultNormLog, entropyWorkspace, entropyWorkspaceSize));  /* note : could be pre-calculated */
        return 0;
    case set_compressed: {

Reported by FlawFinder.

src/third_party/zlib-1.2.11/zutil.c

1 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 13 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              #  include "gzguts.h"
#endif

z_const char * const z_errmsg[10] = {
    (z_const char *)"need dictionary",     /* Z_NEED_DICT       2  */
    (z_const char *)"stream end",          /* Z_STREAM_END      1  */
    (z_const char *)"",                    /* Z_OK              0  */
    (z_const char *)"file error",          /* Z_ERRNO         (-1) */
    (z_const char *)"stream error",        /* Z_STREAM_ERROR  (-2) */

Reported by FlawFinder.

src/third_party/wiredtiger/test/windows/windows_shim.c

1 issues

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified

Security

Line: 39 Column: 1 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead

              }

int
usleep(useconds_t useconds)
{
    uint32_t milli;
    milli = useconds / 1000;

    if (milli == 0)

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/contrib/pzstd/utils/Range.h

1 issues

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)

Security

Line: 66 Column: 59 CWE codes: 126

                constexpr Range(Iter begin, size_type size) : b_(begin), e_(begin + size) {}

  template <class T = Iter, typename detail::IsCharPointer<T>::type = 0>
  /* implicit */ Range(Iter str) : b_(str), e_(str + std::strlen(str)) {}

  template <class T = Iter, typename detail::IsCharPointer<T>::const_type = 0>
  /* implicit */ Range(const std::string& str)
      : b_(str.data()), e_(b_ + str.size()) {}

Reported by FlawFinder.

src/third_party/zlib-1.2.11/trees.c

1 issues

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 328 Column: 20 CWE codes: 362

              
void gen_trees_header()
{
    FILE *header = fopen("trees.h", "w");
    int i;

    Assert (header != NULL, "Can't open trees.h");
    fprintf(header,
            "/* header created automatically with -DGEN_TREES_H */\n\n");

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/contrib/seekable_format/examples/seekable_decompression.c

1 issues

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 43 Column: 26 CWE codes: 362

              
static FILE* fopen_orDie(const char *filename, const char *instruction)
{
    FILE* const inFile = fopen(filename, instruction);
    if (inFile) return inFile;
    /* error */
    perror(filename);
    exit(3);
}

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/contrib/seekable_format/examples/seekable_decompression_mem.c

1 issues

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 45 Column: 26 CWE codes: 362

              
static FILE* fopen_orDie(const char *filename, const char *instruction)
{
    FILE* const inFile = fopen(filename, instruction);
    if (inFile) return inFile;
    /* error */
    perror(filename);
    exit(3);
}

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/lib/common/threading.h

1 issues

InitializeCriticalSection - Exceptions can be thrown in low-memory situations

Security

Line: 50 Column: 52 CWE codes:
Suggestion: Use InitializeCriticalSectionAndSpinCount instead

              
/* mutex */
#define ZSTD_pthread_mutex_t           CRITICAL_SECTION
#define ZSTD_pthread_mutex_init(a, b)  ((void)(b), InitializeCriticalSection((a)), 0)
#define ZSTD_pthread_mutex_destroy(a)  DeleteCriticalSection((a))
#define ZSTD_pthread_mutex_lock(a)     EnterCriticalSection((a))
#define ZSTD_pthread_mutex_unlock(a)   LeaveCriticalSection((a))

/* condition variable */

Reported by FlawFinder.

src/third_party/zstandard-1.4.4/zstd/programs/benchfn.h

1 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 173 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

               */
#define BMK_TIMEDFNSTATE_SIZE 64
typedef union {
    char never_access_space[BMK_TIMEDFNSTATE_SIZE];
    long long alignment_enforcer;  /* must be aligned on 8-bytes boundaries */
} BMK_timedFnState_shell;
BMK_timedFnState_t* BMK_initStatic_timedFnState(void* buffer, size_t size, unsigned total_ms, unsigned run_ms);

Reported by FlawFinder.

Modal title

The following issues were found

src/third_party/zstandard-1.4.4/zstd/contrib/experimental_dict_builders/benchmarkDictBuilder/benchmark.c

1 issues

src/third_party/zstandard-1.4.4/zstd/lib/compress/zstd_compress_sequences.c

1 issues

src/third_party/zlib-1.2.11/zutil.c

1 issues

src/third_party/wiredtiger/test/windows/windows_shim.c

1 issues

src/third_party/zstandard-1.4.4/zstd/contrib/pzstd/utils/Range.h

1 issues

src/third_party/zlib-1.2.11/trees.c

1 issues

src/third_party/zstandard-1.4.4/zstd/contrib/seekable_format/examples/seekable_decompression.c

1 issues

src/third_party/zstandard-1.4.4/zstd/contrib/seekable_format/examples/seekable_decompression_mem.c

1 issues

src/third_party/zstandard-1.4.4/zstd/lib/common/threading.h

1 issues

src/third_party/zstandard-1.4.4/zstd/programs/benchfn.h

1 issues