The following issues were found
help.c
7 issues
Line: 263
Column: 25
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
struct cmdnames *main_cmds,
struct cmdnames *other_cmds)
{
const char *env_path = getenv("PATH");
const char *exec_path = git_exec_path();
load_builtin_commands(prefix, main_cmds);
if (exec_path) {
Reported by FlawFinder.
Line: 86
Column: 17
CWE codes:
126
for (i = 0; cmds[i].name; i++) {
if (cmds[i].category & mask) {
size_t len = strlen(cmds[i].name);
printf(" %s ", cmds[i].name);
if (longest > len)
mput_char(' ', longest - len);
puts(_(cmds[i].help));
}
Reported by FlawFinder.
Line: 117
Column: 17
CWE codes:
126
extract_cmds(&cmds, mask);
for (i = 0; cmds[i].name; i++, nr++) {
if (longest < strlen(cmds[i].name))
longest = strlen(cmds[i].name);
}
QSORT(cmds, nr, cmd_name_cmp);
for (i = 0; catdesc[i].desc; i++) {
Reported by FlawFinder.
Line: 118
Column: 14
CWE codes:
126
for (i = 0; cmds[i].name; i++, nr++) {
if (longest < strlen(cmds[i].name))
longest = strlen(cmds[i].name);
}
QSORT(cmds, nr, cmd_name_cmp);
for (i = 0; catdesc[i].desc; i++) {
uint32_t mask = catdesc[i].category;
Reported by FlawFinder.
Line: 250
Column: 12
CWE codes:
126
if (!is_executable(buf.buf))
continue;
entlen = strlen(ent);
strip_suffix(ent, ".exe", &entlen);
add_cmdname(cmds, ent, entlen);
}
closedir(dir);
Reported by FlawFinder.
Line: 443
Column: 16
CWE codes:
126
string_list_sort(&alias_list);
for (i = 0; i < alias_list.nr; i++) {
size_t len = strlen(alias_list.items[i].string);
if (longest < len)
longest = len;
}
if (alias_list.nr) {
Reported by FlawFinder.
Line: 497
Column: 28
CWE codes:
126
}
/* Also use aliases for command lookup */
if (skip_prefix(var, "alias.", &p))
add_cmdname(&aliases, p, strlen(p));
return git_default_config(var, value, cb);
}
static int levenshtein_compare(const void *p1, const void *p2)
Reported by FlawFinder.
builtin/submodule--helper.c
7 issues
Line: 2846
CWE codes:
415
"submodule '%s'\n"), add_data->sm_name);
}
}
free(submod_gitdir_path);
clone_data.prefix = add_data->prefix;
clone_data.path = add_data->sm_path;
clone_data.name = add_data->sm_name;
clone_data.url = add_data->realrepo;
Reported by Cppcheck.
Line: 1573
Column: 4
CWE codes:
134
Suggestion:
Use a constant for the format specification
format = _("Could not remove submodule work tree '%s'\n");
if (!(flags & OPT_QUIET))
printf(format, displaypath);
submodule_unset_core_worktree(sub);
strbuf_release(&sb_rm);
}
Reported by FlawFinder.
Line: 1844
Column: 36
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
die(_("clone of '%s' into submodule path '%s' failed"),
clone_data->url, clone_data->path);
} else {
if (clone_data->require_init && !access(clone_data->path, X_OK) &&
!is_empty_dir(clone_data->path))
die(_("directory not empty: '%s'"), clone_data->path);
if (safe_create_leading_directories_const(clone_data->path) < 0)
die(_("could not create directory '%s'"), clone_data->path);
strbuf_addf(&sb, "%s/index", sm_gitdir);
Reported by FlawFinder.
Line: 1052
Column: 13
CWE codes:
362
refs_head_ref(refs, handle_submodule_head_ref, &p->oid_dst);
} else if (S_ISLNK(p->mod_dst) || S_ISREG(p->mod_dst)) {
struct stat st;
int fd = open(p->sm_path, O_RDONLY);
if (fd < 0 || fstat(fd, &st) < 0 ||
index_fd(&the_index, &p->oid_dst, fd, &st, OBJ_BLOB,
p->sm_path, 0))
error(_("couldn't hash object from '%s'"), p->sm_path);
Reported by FlawFinder.
Line: 1133
Column: 20
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
prepare_submodule_repo_env(&cp_rev_list.env_array);
if (!capture_command(&cp_rev_list, &sb_rev_list, 0))
total_commits = atoi(sb_rev_list.buf);
strbuf_release(&sb_rev_list);
} else {
/*
* Don't give error msg for modification whose dst is not
Reported by FlawFinder.
Line: 146
Column: 15
CWE codes:
126
char *out;
char *remoteurl = xstrdup(remote_url);
struct strbuf sb = STRBUF_INIT;
size_t len = strlen(remoteurl);
if (is_dir_sep(remoteurl[len-1]))
remoteurl[len-1] = '\0';
if (!url_is_local_not_ssh(remoteurl) || is_absolute_path(remoteurl))
Reported by FlawFinder.
Line: 396
Column: 23
CWE codes:
126
* for having the same output for dir/sub_dir
* and dir/sub_dir/
*/
if (!is_dir_sep(path[strlen(path) - 1]))
strbuf_addstr(&sb, "../");
return strbuf_detach(&sb, NULL);
}
Reported by FlawFinder.
line-range.c
7 issues
Line: 92
CWE codes:
476
/* try [spec+1 .. term-1] as regexp */
*term = 0;
begin--; /* input is in human terms */
line = nth_line(data, begin);
if (!(reg_error = regcomp(®exp, spec + 1, REG_NEWLINE)) &&
!(reg_error = regexec(®exp, line, 1, match, 0))) {
const char *cp = line + match[0].rm_so;
const char *nline;
Reported by Cppcheck.
Line: 100
CWE codes:
476
const char *nline;
while (begin++ < lines) {
nline = nth_line(data, begin);
if (line <= cp && cp < nline)
break;
line = nline;
}
*ret = begin;
Reported by Cppcheck.
Line: 200
CWE codes:
476
pattern = xstrndup(arg+1, term-(arg+1));
anchor--; /* input is in human terms */
start = nth_line_cb(cb_data, anchor);
drv = userdiff_find_by_path(istate, path);
if (drv && drv->funcname.pattern) {
const struct userdiff_funcname *pe = &drv->funcname;
CALLOC_ARRAY(xecfg, 1);
Reported by Cppcheck.
Line: 111
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return term;
}
else {
char errbuf[1024];
regerror(reg_error, ®exp, errbuf, 1024);
die("-L parameter '%s' starting at line %ld: %s",
spec + 1, begin + 1, errbuf);
}
}
Reported by FlawFinder.
Line: 121
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int match_funcname(xdemitconf_t *xecfg, const char *bol, const char *eol)
{
if (xecfg) {
char buf[1];
return xecfg->find_func(bol, eol - bol, buf, 1,
xecfg->find_func_priv) >= 0;
}
if (bol == eol)
Reported by FlawFinder.
Line: 144
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (reg_error == REG_NOMATCH)
return NULL;
else if (reg_error) {
char errbuf[1024];
regerror(reg_error, regexp, errbuf, 1024);
die("-L parameter: regexec() failed: %s", errbuf);
}
/* determine extent of line matched */
bol = start+match[0].rm_so;
Reported by FlawFinder.
Line: 211
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
reg_error = regcomp(®exp, pattern, REG_NEWLINE);
if (reg_error) {
char errbuf[1024];
regerror(reg_error, ®exp, errbuf, 1024);
die("-L parameter '%s': %s", pattern, errbuf);
}
p = find_funcname_matching_regexp(xecfg, (char*) start, ®exp);
Reported by FlawFinder.
builtin/rev-parse.c
7 issues
Line: 933
Column: 26
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
}
if (!strcmp(arg, "--git-dir") ||
!strcmp(arg, "--absolute-git-dir")) {
const char *gitdir = getenv(GIT_DIR_ENVIRONMENT);
char *cwd;
int len;
enum format_type wanted = format;
if (arg[2] == 'g') { /* --git-dir */
if (gitdir) {
Reported by FlawFinder.
Line: 952
Column: 24
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
gitdir = ".git";
if (gitdir) {
struct strbuf realpath = STRBUF_INIT;
strbuf_realpath(&realpath, gitdir, 1);
puts(realpath.buf);
strbuf_release(&realpath);
continue;
}
}
Reported by FlawFinder.
Line: 953
Column: 12
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
if (gitdir) {
struct strbuf realpath = STRBUF_INIT;
strbuf_realpath(&realpath, gitdir, 1);
puts(realpath.buf);
strbuf_release(&realpath);
continue;
}
}
cwd = xgetcwd();
Reported by FlawFinder.
Line: 954
Column: 23
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
struct strbuf realpath = STRBUF_INIT;
strbuf_realpath(&realpath, gitdir, 1);
puts(realpath.buf);
strbuf_release(&realpath);
continue;
}
}
cwd = xgetcwd();
len = strlen(cwd);
Reported by FlawFinder.
Line: 93
Column: 9
CWE codes:
126
int len;
if (!str)
return 0;
len = strlen(str);
if (!strcmp(arg, str) ||
(str[len-1] == '=' && !strncmp(arg, str, len)))
return 1;
}
}
Reported by FlawFinder.
Line: 139
Column: 27
CWE codes:
126
struct object_id discard;
char *full;
switch (dwim_ref(name, strlen(name), &discard, &full, 0)) {
case 0:
/*
* Not found -- not a ref. We could
* emit "name" here, but symbolic-full
* users are interested in finding the
Reported by FlawFinder.
Line: 959
Column: 11
CWE codes:
126
}
}
cwd = xgetcwd();
len = strlen(cwd);
strbuf_reset(&buf);
strbuf_addf(&buf, "%s%s.git", cwd, len && cwd[len-1] != '/' ? "/" : "");
free(cwd);
print_path(buf.buf, prefix, wanted, DEFAULT_CANONICAL);
continue;
Reported by FlawFinder.
pkt-line.h
7 issues
Line: 26
Column: 76
CWE codes:
134
Suggestion:
Use a constant for the format specification
void packet_flush(int fd);
void packet_delim(int fd);
void packet_response_end(int fd);
void packet_write_fmt(int fd, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
void packet_buf_flush(struct strbuf *buf);
void packet_buf_delim(struct strbuf *buf);
void set_packet_header(char *buf, int size);
void packet_write(int fd_out, const char *buf, size_t size);
void packet_buf_write(struct strbuf *buf, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
Reported by FlawFinder.
Line: 31
Column: 88
CWE codes:
134
Suggestion:
Use a constant for the format specification
void packet_buf_delim(struct strbuf *buf);
void set_packet_header(char *buf, int size);
void packet_write(int fd_out, const char *buf, size_t size);
void packet_buf_write(struct strbuf *buf, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
void packet_buf_write_len(struct strbuf *buf, const char *data, size_t len);
int packet_flush_gently(int fd);
int packet_write_fmt_gently(int fd, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
int write_packetized_from_fd_no_flush(int fd_in, int fd_out);
int write_packetized_from_buf_no_flush(const char *src_in, size_t len, int fd_out);
Reported by FlawFinder.
Line: 34
Column: 82
CWE codes:
134
Suggestion:
Use a constant for the format specification
void packet_buf_write(struct strbuf *buf, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
void packet_buf_write_len(struct strbuf *buf, const char *data, size_t len);
int packet_flush_gently(int fd);
int packet_write_fmt_gently(int fd, const char *fmt, ...) __attribute__((format (printf, 2, 3)));
int write_packetized_from_fd_no_flush(int fd_in, int fd_out);
int write_packetized_from_buf_no_flush(const char *src_in, size_t len, int fd_out);
/*
* Read a packetized line into the buffer, which must be at least size bytes
Reported by FlawFinder.
Line: 233
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
void packet_writer_init(struct packet_writer *writer, int dest_fd);
/* These functions die upon failure. */
__attribute__((format (printf, 2, 3)))
void packet_writer_write(struct packet_writer *writer, const char *fmt, ...);
__attribute__((format (printf, 2, 3)))
void packet_writer_error(struct packet_writer *writer, const char *fmt, ...);
void packet_writer_delim(struct packet_writer *writer);
void packet_writer_flush(struct packet_writer *writer);
Reported by FlawFinder.
Line: 235
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
/* These functions die upon failure. */
__attribute__((format (printf, 2, 3)))
void packet_writer_write(struct packet_writer *writer, const char *fmt, ...);
__attribute__((format (printf, 2, 3)))
void packet_writer_error(struct packet_writer *writer, const char *fmt, ...);
void packet_writer_delim(struct packet_writer *writer);
void packet_writer_flush(struct packet_writer *writer);
#endif
Reported by FlawFinder.
Line: 90
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* If lenbuf_hex contains non-hex characters, return -1. Otherwise, return the
* numeric value of the length header.
*/
int packet_length(const char lenbuf_hex[4]);
/*
* Read a packetized line into a buffer like the 'packet_read()' function but
* returns an 'enum packet_read_status' which indicates the status of the read.
* The number of bytes read will be assigned to *pktlen if the status of the
Reported by FlawFinder.
Line: 223
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define DEFAULT_PACKET_MAX 1000
#define LARGE_PACKET_MAX 65520
#define LARGE_PACKET_DATA_MAX (LARGE_PACKET_MAX - 4)
extern char packet_buffer[LARGE_PACKET_MAX];
struct packet_writer {
int dest_fd;
unsigned use_sideband : 1;
};
Reported by FlawFinder.
pathspec.c
7 issues
Line: 147
Column: 17
CWE codes:
126
const char *src;
char *dst, *ret;
ret = xmallocz(strlen(value));
for (src = value, dst = ret; *src; src++, dst++) {
if (*src == '\\') {
if (!src[1])
die(_("Escape character '\\' not allowed as "
"last character in attr value"));
Reported by FlawFinder.
Line: 193
Column: 15
CWE codes:
126
case '!':
am->match_mode = MATCH_UNSPECIFIED;
attr++;
attr_len = strlen(attr);
break;
case '-':
am->match_mode = MATCH_UNSET;
attr++;
attr_len = strlen(attr);
Reported by FlawFinder.
Line: 198
Column: 15
CWE codes:
126
case '-':
am->match_mode = MATCH_UNSET;
attr++;
attr_len = strlen(attr);
break;
default:
attr_len = strcspn(attr, "=");
if (attr[attr_len] != '=')
am->match_mode = MATCH_SET;
Reported by FlawFinder.
Line: 340
Column: 8
CWE codes:
126
}
for (i = 0; i < ARRAY_SIZE(pathspec_magic); i++) {
if (strlen(pathspec_magic[i].name) == len &&
!strncmp(pathspec_magic[i].name, pos, len)) {
*magic |= pathspec_magic[i].bit;
break;
}
}
Reported by FlawFinder.
Line: 472
Column: 14
CWE codes:
126
}
item->match = match;
item->len = strlen(item->match);
item->prefix = prefixlen;
/*
* Prefix the pathspec (keep all magic) and assign to
* original. Useful for passing to another command.
Reported by FlawFinder.
Line: 588
Column: 38
CWE codes:
126
pathspec->items = CALLOC_ARRAY(item, 1);
item->match = xstrdup(prefix);
item->original = xstrdup(prefix);
item->nowildcard_len = item->len = strlen(prefix);
item->prefix = item->len;
pathspec->nr = 1;
return;
}
Reported by FlawFinder.
Line: 605
Column: 23
CWE codes:
126
pathspec->nr = n;
ALLOC_ARRAY(pathspec->items, n + 1);
item = pathspec->items;
prefixlen = prefix ? strlen(prefix) : 0;
for (i = 0; i < n; i++) {
entry = argv[i];
init_pathspec_item(item + i, flags, prefix, prefixlen, entry);
Reported by FlawFinder.
pkt-line.c
7 issues
Line: 5
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "pkt-line.h"
#include "run-command.h"
char packet_buffer[LARGE_PACKET_MAX];
static const char *packet_trace_prefix = "git";
static struct trace_key trace_packet = TRACE_KEY_INIT(PACKET);
static struct trace_key trace_pack = TRACE_KEY_INIT(PACKFILE);
void packet_trace_identity(const char *prog)
Reported by FlawFinder.
Line: 200
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int do_packet_write(const int fd_out, const char *buf, size_t size,
struct strbuf *err)
{
char header[4];
size_t packet_size;
if (size > LARGE_PACKET_DATA_MAX) {
strbuf_addstr(err, _("packet write failed - data exceeds max packet size"));
return -1;
Reported by FlawFinder.
Line: 321
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Read up to "size" bytes from our source, whatever it is. */
if (src_buf && *src_buf) {
ret = size < *src_size ? size : *src_size;
memcpy(dst, *src_buf, ret);
*src_buf += ret;
*src_size -= ret;
} else {
ret = read_in_full(fd, dst, size);
if (ret < 0) {
Reported by FlawFinder.
Line: 346
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return ret;
}
int packet_length(const char lenbuf_hex[4])
{
int val = hex2chr(lenbuf_hex);
return (val < 0) ? val : (val << 8) | hex2chr(lenbuf_hex + 2);
}
Reported by FlawFinder.
Line: 358
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int options)
{
int len;
char linelen[4];
if (get_packet_data(fd, src_buffer, src_len, linelen, 4, options) < 0) {
*pktlen = -1;
return PACKET_READ_EOF;
}
Reported by FlawFinder.
Line: 498
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int recv_sideband(const char *me, int in_stream, int out)
{
char buf[LARGE_PACKET_MAX + 1];
int len;
struct strbuf scratch = STRBUF_INIT;
enum sideband_type sideband_type;
while (1) {
Reported by FlawFinder.
Line: 56
Column: 9
CWE codes:
126
* started.
*/
buf = "PACK ...";
len = strlen(buf);
}
if (!trace_want(&trace_packet))
return;
Reported by FlawFinder.
upload-pack.c
7 issues
Line: 988
Column: 32
CWE codes:
134
Suggestion:
Use a constant for the format specification
return 0;
}
NORETURN __attribute__((format(printf,2,3)))
static void send_err_and_die(struct upload_pack_data *data,
const char *fmt, ...)
{
struct strbuf buf = STRBUF_INIT;
va_list ap;
Reported by FlawFinder.
Line: 197
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
struct output_state {
char buffer[8193];
int used;
unsigned packfile_uris_started : 1;
unsigned packfile_started : 1;
};
Reported by FlawFinder.
Line: 273
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct child_process pack_objects = CHILD_PROCESS_INIT;
struct output_state output_state = { { 0 } };
char progress[128];
char abort_msg[] = "aborting due to possible repository "
"corruption on the remote side.";
ssize_t sz;
int i;
FILE *pipe_fd;
Reported by FlawFinder.
Line: 511
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct packet_reader *reader)
{
struct object_id oid;
char last_hex[GIT_MAX_HEXSZ + 1];
int got_common = 0;
int got_other = 0;
int sent_ready = 0;
save_commit_buffer = 0;
Reported by FlawFinder.
Line: 671
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct child_process cmd = CHILD_PROCESS_INIT;
int i;
struct object *o;
char namebuf[GIT_MAX_HEXSZ + 2]; /* ^ + hash + LF */
const unsigned hexsz = the_hash_algo->hexsz;
if (do_reachable_revlist(&cmd, &data->shallows, reachable,
data->allow_uor) < 0)
return -1;
Reported by FlawFinder.
Line: 709
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int has_unreachable(struct object_array *src, enum allow_uor allow_uor)
{
struct child_process cmd = CHILD_PROCESS_INIT;
char buf[1];
int i;
if (do_reachable_revlist(&cmd, src, NULL, allow_uor) < 0)
return 1;
Reported by FlawFinder.
Line: 978
Column: 39
CWE codes:
126
if (skip_prefix(line, "deepen-not ", &arg)) {
char *ref = NULL;
struct object_id oid;
if (expand_ref(the_repository, arg, strlen(arg), &oid, &ref) != 1)
die("git upload-pack: ambiguous deepen-not: %s", line);
string_list_append(deepen_not, ref);
free(ref);
*deepen_rev_list = 1;
return 1;
Reported by FlawFinder.
contrib/credential/osxkeychain/git-credential-osxkeychain.c
7 issues
Line: 13
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
static char *password;
static UInt16 port;
__attribute__((format (printf, 1, 2)))
static void die(const char *err, ...)
{
char msg[4096];
va_list params;
va_start(params, err);
Reported by FlawFinder.
Line: 19
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
char msg[4096];
va_list params;
va_start(params, err);
vsnprintf(msg, sizeof(msg), err, params);
fprintf(stderr, "%s\n", msg);
va_end(params);
exit(1);
}
Reported by FlawFinder.
Line: 16
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
__attribute__((format (printf, 1, 2)))
static void die(const char *err, ...)
{
char msg[4096];
va_list params;
va_start(params, err);
vsnprintf(msg, sizeof(msg), err, params);
fprintf(stderr, "%s\n", msg);
va_end(params);
Reported by FlawFinder.
Line: 116
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void read_credential(void)
{
char buf[1024];
while (fgets(buf, sizeof(buf), stdin)) {
char *v;
if (!strcmp(buf, "\n"))
Reported by FlawFinder.
Line: 152
Column: 12
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
char *colon = strchr(v, ':');
if (colon) {
*colon++ = '\0';
port = atoi(colon);
}
host = xstrdup(v);
}
else if (!strcmp(buf, "path"))
path = xstrdup(v);
Reported by FlawFinder.
Line: 33
Column: 31
CWE codes:
126
return ret;
}
#define KEYCHAIN_ITEM(x) (x ? strlen(x) : 0), x
#define KEYCHAIN_ARGS \
NULL, /* default keychain */ \
KEYCHAIN_ITEM(host), \
0, NULL, /* account domain */ \
KEYCHAIN_ITEM(username), \
Reported by FlawFinder.
Line: 123
Column: 7
CWE codes:
126
if (!strcmp(buf, "\n"))
break;
buf[strlen(buf)-1] = '\0';
v = strchr(buf, '=');
if (!v)
die("bad input: %s", buf);
*v++ = '\0';
Reported by FlawFinder.
builtin/notes.c
7 issues
Line: 271
CWE codes:
415
die(_("cannot read note data from non-blob object '%s'."), arg);
}
strbuf_add(&d->buf, buf, len);
free(buf);
d->given = 1;
return 0;
}
Reported by Cppcheck.
Line: 137
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void write_commented_object(int fd, const struct object_id *object)
{
const char *show_args[5] =
{"show", "--stat", "--no-notes", oid_to_hex(object), NULL};
struct child_process show = CHILD_PROCESS_INIT;
struct strbuf buf = STRBUF_INIT;
struct strbuf cbuf = STRBUF_INIT;
Reported by FlawFinder.
Line: 175
Column: 8
CWE codes:
362
/* write the template message before editing: */
d->edit_path = git_pathdup("NOTES_EDITMSG");
fd = open(d->edit_path, O_CREAT | O_TRUNC | O_WRONLY, 0600);
if (fd < 0)
die_errno(_("could not create file '%s'"), d->edit_path);
if (d->given)
write_or_die(fd, d->buf.buf, d->buf.len);
Reported by FlawFinder.
Line: 681
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
retval = error(_("no note found for object %s."),
oid_to_hex(&object));
else {
const char *show_args[3] = {"show", oid_to_hex(note), NULL};
retval = execv_git_cmd(show_args);
}
free_notes(t);
return retval;
}
Reported by FlawFinder.
Line: 185
Column: 42
CWE codes:
126
copy_obj_to_fd(fd, old_note);
strbuf_addch(&buf, '\n');
strbuf_add_commented_lines(&buf, "\n", strlen("\n"));
strbuf_add_commented_lines(&buf, _(note_template), strlen(_(note_template)));
strbuf_addch(&buf, '\n');
write_or_die(fd, buf.buf, buf.len);
write_commented_object(fd, object);
Reported by FlawFinder.
Line: 186
Column: 54
CWE codes:
126
strbuf_addch(&buf, '\n');
strbuf_add_commented_lines(&buf, "\n", strlen("\n"));
strbuf_add_commented_lines(&buf, _(note_template), strlen(_(note_template)));
strbuf_addch(&buf, '\n');
write_or_die(fd, buf.buf, buf.len);
write_commented_object(fd, object);
Reported by FlawFinder.
Line: 220
Column: 23
CWE codes:
126
BUG_ON_OPT_NEG(unset);
strbuf_grow(&d->buf, strlen(arg) + 2);
if (d->buf.len)
strbuf_addch(&d->buf, '\n');
strbuf_addstr(&d->buf, arg);
strbuf_stripspace(&d->buf, 0);
Reported by FlawFinder.