The following issues were found

test/thirdparty/Fuzzer/FuzzerCrossOver.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 39 Column: 7 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                    size_t InSizeLeft = InSize - *InPos;
      size_t MaxExtraSize = std::min(OutSizeLeft, InSizeLeft);
      size_t ExtraSize = Rand(MaxExtraSize) + 1;
      memcpy(Out + OutPos, Data + *InPos, ExtraSize);
      OutPos += ExtraSize;
      (*InPos) += ExtraSize;
    }
    // Use the other input data on the next iteration.
    InPos  = CurrentlyUsingFirstData ? &Pos2 : &Pos1;

Reported by FlawFinder.

test/thirdparty/Fuzzer/FuzzerDictionary.h
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 30 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
  void Set(const uint8_t *B, uint8_t S) {
    assert(S <= kMaxSize);
    memcpy(Data, B, S);
    Size = S;
  }

  bool operator==(const FixedWord<kMaxSize> &w) const {
    return Size == w.Size && 0 == memcmp(Data, w.Data, Size);

Reported by FlawFinder.

test/thirdparty/Fuzzer/FuzzerIOPosix.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 80 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
std::string DirName(const std::string &FileName) {
  char *Tmp = new char[FileName.size() + 1];
  memcpy(Tmp, FileName.c_str(), FileName.size() + 1);
  std::string Res = dirname(Tmp);
  delete [] Tmp;
  return Res;
}

Reported by FlawFinder.

test/thirdparty/Fuzzer/FuzzerSHA1.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 206 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                sha1nfo s;
  sha1_init(&s);
  sha1_write(&s, (const char*)Data, Len);
  memcpy(Out, sha1_result(&s), HASH_LENGTH);
}

std::string Sha1ToString(const uint8_t Sha1[kSHA1NumBytes]) {
  std::stringstream SS;
  for (int i = 0; i < kSHA1NumBytes; i++)

Reported by FlawFinder.

test/thirdparty/Fuzzer/FuzzerTracePC.cpp
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 112 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  std::string FixedPCStr = DescribePC("%p", PCs[i]);
    std::string FunctionStr = DescribePC("%F", PCs[i]);
    std::string LineStr = DescribePC("%l", PCs[i]);
    char ModulePathRaw[4096] = "";  // What's PATH_MAX in portable C++?
    void *OffsetRaw = nullptr;
    if (!EF->__sanitizer_get_module_and_offset_for_pc(
            reinterpret_cast<void *>(PCs[i]), ModulePathRaw,
            sizeof(ModulePathRaw), &OffsetRaw))
      continue;

Reported by FlawFinder.

test/thirdparty/Fuzzer/FuzzerUtilLinux.cpp
1 issues
system - This causes a new program to execute and is difficult to use safely
Security

Line: 19 Column: 10 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              namespace fuzzer {

int ExecuteCommand(const std::string &Command) {
  return system(Command.c_str());
}

} // namespace fuzzer

#endif // LIBFUZZER_LINUX

Reported by FlawFinder.

test/thirdparty/Fuzzer/FuzzerUtilPosix.cpp
1 issues
popen - This causes a new program to execute and is difficult to use safely
Security

Line: 107 Column: 10 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              }

FILE *OpenProcessPipe(const char *Command, const char *Mode) {
  return popen(Command, Mode);
}

const void *SearchMemory(const void *Data, size_t DataLen, const void *Patt,
                         size_t PattLen) {
  return memmem(Data, DataLen, Patt, PattLen);

Reported by FlawFinder.

test/thirdparty/Fuzzer/FuzzerUtilWindows.cpp
1 issues
system - This causes a new program to execute and is difficult to use safely
Security

Line: 156 Column: 10 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              }

int ExecuteCommand(const std::string &Command) {
  return system(Command.c_str());
}

const void *SearchMemory(const void *Data, size_t DataLen, const void *Patt,
                         size_t PattLen) {
  // TODO: make this implementation more efficient.

Reported by FlawFinder.

test/thirdparty/Fuzzer/standalone/StandaloneFuzzTargetMain.c
1 issues
fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 29 Column: 15 CWE codes: 362 

                  LLVMFuzzerInitialize(&argc, &argv);
  for (int i = 1; i < argc; i++) {
    fprintf(stderr, "Running: %s\n", argv[i]);
    FILE *f = fopen(argv[i], "r");
    assert(f);
    fseek(f, 0, SEEK_END);
    size_t len = ftell(f);
    fseek(f, 0, SEEK_SET);
    unsigned char *buf = (unsigned char*)malloc(len);

Reported by FlawFinder.

test/thirdparty/Fuzzer/test/DivTest.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 16 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
  if (Size < 4) return 0;
  int a;
  memcpy(&a, Data, 4);
  Sink = 12345678 / (987654 - a);
  return 0;
}

Reported by FlawFinder.