** CID 1645794: Memory - corruptions (ARRAY_VS_SINGLETON)
_____________________________________________________________________________________________
*** CID 1645794: Memory - corruptions (ARRAY_VS_SINGLETON)
/subprojects/qjs/quickjs.c: 47267 in js_regexp_constructor_internal()
47261 JS_VALUE_GET_TAG(pattern) != JS_TAG_STRING) {
47262 JS_ThrowTypeError(ctx, "string expected");
47263 goto fail;
47264 }
47265 prop.u.value = js_int32(0); // lastIndex
47266 if (ctx->regexp_shape && JS_IsUndefined(ctor)) {
>>> CID 1645794: Memory - corruptions (ARRAY_VS_SINGLETON)
>>> Passing "&prop" to function "JS_NewObjectFromShape" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
47267 obj = JS_NewObjectFromShape(ctx, js_dup_shape(ctx->regexp_shape),
47268 JS_CLASS_REGEXP, &prop);
47269 if (JS_IsException(obj))
47270 goto fail;
47271 } else {
47272 obj = js_create_from_ctor(ctx, ctor, JS_CLASS_REGEXP);
** CID 1645793: Null pointer dereferences (FORWARD_NULL)
/subprojects/qjs/quickjs.c: 29249 in js_host_resolve_imported_module()
_____________________________________________________________________________________________
*** CID 1645793: Null pointer dereferences (FORWARD_NULL)
/subprojects/qjs/quickjs.c: 29249 in js_host_resolve_imported_module()
29243 cname = js_default_module_normalize_name(ctx, base_cname, cname1);
29244 } else if (rt->module_normalize_has_attr) {
29245 cname = rt->normalize_u.module_normalize_func2(ctx, base_cname, cname1,
29246 attributes,
29247 rt->module_loader_opaque);
29248 } else {
>>> CID 1645793: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "rt->normalize_u.module_normalize_func".
29249 cname = rt->normalize_u.module_normalize_func(ctx, base_cname, cname1,
29250 rt->module_loader_opaque);
29251 }
29252 if (!cname)
29253 return NULL;
29254
** CID 1645792: Error handling issues (CHECKED_RETURN)
/subprojects/qjs/quickjs.c: 28044 in js_parse_for_in_of()
_____________________________________________________________________________________________
*** CID 1645792: Error handling issues (CHECKED_RETURN)
/subprojects/qjs/quickjs.c: 28044 in js_parse_for_in_of()
28038 {
28039 /* move the `next` code here */
28040 DynBuf *bc = &s->cur_func->byte_code;
28041 int chunk_size = pos_expr - pos_next;
28042 int offset = bc->size - pos_next;
28043 int i;
>>> CID 1645792: Error handling issues (CHECKED_RETURN)
>>> Calling "dbuf_claim" without checking return value (as is done elsewhere 8 out of 10 times).
28044 dbuf_claim(bc, chunk_size);
28045 dbuf_put(bc, bc->buf + pos_next, chunk_size);
28046 memset(bc->buf + pos_next, OP_nop, chunk_size);
28047 /* `next` part ends with a goto */
28048 s->cur_func->last_opcode_pos = bc->size - 5;
28049 /* relocate labels */
** CID 1645791: Control flow issues (UNREACHABLE)
/subprojects/qjs/quickjs.c: 39432 in JS_ToObject()
_____________________________________________________________________________________________
*** CID 1645791: Control flow issues (UNREACHABLE)
/subprojects/qjs/quickjs.c: 39432 in JS_ToObject()
39426 JS_NewInt32(ctx, JS_VALUE_GET_STRING(str)->len), 0);
39427 JS_SetObjectData(ctx, obj, JS_DupValue(ctx, str));
39428 }
39429 JS_FreeValue(ctx, str);
39430 return obj;
39431 }
>>> CID 1645791: Control flow issues (UNREACHABLE)
>>> This code cannot be reached: "goto set_value;".
39432 goto set_value;
39433 case JS_TAG_BOOL:
39434 obj = JS_NewObjectClass(ctx, JS_CLASS_BOOLEAN);
39435 goto set_value;
39436 case JS_TAG_SYMBOL:
39437 obj = JS_NewObjectClass(ctx, JS_CLASS_SYMBOL);
** CID 1645790: Error handling issues (CHECKED_RETURN)
/subprojects/qjs/quickjs.c: 37438 in JS_WriteObjectRec()
_____________________________________________________________________________________________
*** CID 1645790: Error handling issues (CHECKED_RETURN)
/subprojects/qjs/quickjs.c: 37438 in JS_WriteObjectRec()
37432 case JS_TAG_STRING_ROPE:
37433 {
37434 JSValue str;
37435 str = JS_ToString(s->ctx, obj);
37436 if (JS_IsException(str))
37437 goto fail;
>>> CID 1645790: Error handling issues (CHECKED_RETURN)
>>> Calling "JS_WriteObjectRec" without checking return value (as is done elsewhere 11 out of 12 times).
37438 JS_WriteObjectRec(s, str);
37439 JS_FreeValue(s->ctx, str);
37440 }
37441 break;
37442 case JS_TAG_FUNCTION_BYTECODE:
37443 if (!s->allow_bytecode)
** CID 1645789: Integer handling issues (NEGATIVE_RETURNS)
_____________________________________________________________________________________________
*** CID 1645789: Integer handling issues (NEGATIVE_RETURNS)
/subprojects/qjs/quickjs.c: 59506 in JS_AddIntrinsicTypedArrays()
59500 0);
59501 if (JS_IsException(obj))
59502 return -1;
59503 JS_FreeValue(ctx, obj);
59504
59505 typed_array_base_func =
>>> CID 1645789: Integer handling issues (NEGATIVE_RETURNS)
>>> A negative constant "-1" is passed as an argument to a parameter that cannot be negative.
59506 JS_NewCConstructor(ctx, -1, "TypedArray",
59507 js_typed_array_base_constructor, 0, JS_CFUNC_constructor_or_func, 0,
59508 JS_UNDEFINED,
59509 js_typed_array_base_funcs, countof(js_typed_array_base_funcs),
59510 js_typed_array_base_proto_funcs, countof(js_typed_array_base_proto_funcs),
59511
Author: @trufae