The following issues were found
shell.c
6 issues
Line: 55
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int done = 0;
static const char *help_argv[] = { HELP_COMMAND, NULL };
if (!access(NOLOGIN_COMMAND, F_OK)) {
/* Interactive login disabled. */
const char *argv[] = { NOLOGIN_COMMAND, NULL };
int status;
status = run_command_v_opt(argv, 0);
Reported by FlawFinder.
Line: 143
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
} else if (argc == 1) {
/* Allow the user to run an interactive shell */
cd_to_homedir();
if (access(COMMAND_DIR, R_OK | X_OK) == -1) {
die("Interactive git shell is not enabled.\n"
"hint: ~/" COMMAND_DIR " should exist "
"and have read and execute access.");
}
run_shell();
Reported by FlawFinder.
Line: 189
Column: 4
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
if (is_valid_cmd_name(user_argv[0])) {
prog = make_cmd(user_argv[0]);
user_argv[0] = prog;
execv(user_argv[0], (char *const *) user_argv);
}
free(prog);
free(user_argv);
die("unrecognized command '%s'", argv[2]);
} else {
Reported by FlawFinder.
Line: 43
Column: 21
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
static void cd_to_homedir(void)
{
const char *home = getenv("HOME");
if (!home)
die("could not determine user's home directory; HOME is unset");
if (chdir(home) == -1)
die("could not chdir to user's home directory");
}
Reported by FlawFinder.
Line: 15
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int do_generic_cmd(const char *me, char *arg)
{
const char *my_argv[4];
setup_path();
if (!arg || !(arg = sq_dequote(arg)) || *arg == '-')
die("bad argument");
if (!skip_prefix(me, "git-", &me))
Reported by FlawFinder.
Line: 165
Column: 13
CWE codes:
126
prog[3] = '-';
for (cmd = cmd_list ; cmd->name ; cmd++) {
int len = strlen(cmd->name);
char *arg;
if (strncmp(cmd->name, prog, len))
continue;
arg = NULL;
switch (prog[len]) {
Reported by FlawFinder.
sha1dc/sha1.c
6 issues
Line: 197
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint32_t a,b,c,d,e;
unsigned i;
memcpy(W, m, 16 * 4);
for (i = 16; i < 80; ++i)
W[i] = sha1_mix(W, i);
a = ihv[0]; b = ihv[1]; c = ihv[2]; d = ihv[3]; e = ihv[4];
Reported by FlawFinder.
Line: 1834
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (left && len >= fill)
{
ctx->total += fill;
memcpy(ctx->buffer + left, buf, fill);
sha1_process(ctx, (uint32_t*)(ctx->buffer));
buf += fill;
len -= fill;
left = 0;
}
Reported by FlawFinder.
Line: 1847
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#if defined(SHA1DC_ALLOW_UNALIGNED_ACCESS)
sha1_process(ctx, (uint32_t*)(buf));
#else
memcpy(ctx->buffer, buf, 64);
sha1_process(ctx, (uint32_t*)(ctx->buffer));
#endif /* defined(SHA1DC_ALLOW_UNALIGNED_ACCESS) */
buf += 64;
len -= 64;
}
Reported by FlawFinder.
Line: 1856
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len > 0)
{
ctx->total += len;
memcpy(ctx->buffer + left, buf, len);
}
}
static const unsigned char sha1_padding[64] =
{
Reported by FlawFinder.
Line: 1860
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
}
static const unsigned char sha1_padding[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
Reported by FlawFinder.
Line: 1868
Column: 26
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
int SHA1DCFinal(unsigned char output[20], SHA1_CTX *ctx)
{
uint32_t last = ctx->total & 63;
uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
uint64_t total;
SHA1DCUpdate(ctx, (const char*)(sha1_padding), padn);
Reported by FlawFinder.
compat/winansi.c
6 issues
Line: 631
Column: 6
CWE codes:
134
Suggestion:
Make format string constant
}
/* create a named pipe to communicate with the console thread */
if (swprintf(name, ARRAY_SIZE(name) - 1, L"\\\\.\\pipe\\winansi%lu",
GetCurrentProcessId()) < 0)
die("Could not initialize winansi pipe name");
hwrite = CreateNamedPipeW(name, PIPE_ACCESS_OUTBOUND,
PIPE_TYPE_BYTE | PIPE_WAIT, 1, BUFFER_SIZE, 0, 0, NULL);
if (hwrite == INVALID_HANDLE_VALUE)
Reported by FlawFinder.
Line: 134
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void write_console(unsigned char *str, size_t len)
{
/* only called from console_thread, so a static buffer will do */
static wchar_t wbuf[2 * BUFFER_SIZE + 1];
DWORD dummy;
/* convert utf-8 to utf-16 */
int wlen = xutftowcsn(wbuf, (char*) str, ARRAY_SIZE(wbuf), len);
if (wlen < 0) {
Reported by FlawFinder.
Line: 343
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static DWORD WINAPI console_thread(LPVOID unused)
{
unsigned char buffer[BUFFER_SIZE];
DWORD bytes;
int start, end = 0, c, parampos = 0, state = TEXT;
int params[MAX_PARAMS];
while (1) {
Reported by FlawFinder.
Line: 611
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void winansi_init(void)
{
int con1, con2;
wchar_t name[32];
/* check if either stdout or stderr is a console output screen buffer */
con1 = is_console(1);
con2 = is_console(2);
Reported by FlawFinder.
Line: 79
Column: 31
CWE codes:
126
L"characters in the output, consider switching to a "
L"TrueType font such as Consolas!\n";
DWORD dummy;
WriteConsoleW(console, msg, wcslen(msg), &dummy, NULL);
}
}
static int is_console(int fd)
{
Reported by FlawFinder.
Line: 141
Column: 31
CWE codes:
126
int wlen = xutftowcsn(wbuf, (char*) str, ARRAY_SIZE(wbuf), len);
if (wlen < 0) {
wchar_t *err = L"[invalid]";
WriteConsoleW(console, err, wcslen(err), &dummy, NULL);
return;
}
/* write directly to console */
WriteConsoleW(console, wbuf, wlen, &dummy, NULL);
Reported by FlawFinder.
exec-cmd.c
6 issues
Line: 287
Column: 21
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
const char *git_exec_path(void)
{
if (!exec_path_value) {
const char *env = getenv(EXEC_PATH_ENVIRONMENT);
if (env && *env)
exec_path_value = xstrdup(env);
else
exec_path_value = system_path(GIT_EXEC_PATH);
}
Reported by FlawFinder.
Line: 307
Column: 25
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
void setup_path(void)
{
const char *exec_path = git_exec_path();
const char *old_path = getenv("PATH");
struct strbuf new_path = STRBUF_INIT;
git_set_exec_path(exec_path);
add_path(&new_path, exec_path);
Reported by FlawFinder.
Line: 108
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int git_get_exec_path_bsd_sysctl(struct strbuf *buf)
{
int mib[4];
char path[MAXPATHLEN];
size_t cb = sizeof(path);
mib[0] = CTL_KERN;
mib[1] = KERN_PROC;
mib[2] = KERN_PROC_PATHNAME;
Reported by FlawFinder.
Line: 134
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int git_get_exec_path_darwin(struct strbuf *buf)
{
char path[PATH_MAX];
uint32_t size = sizeof(path);
if (!_NSGetExecutablePath(path, &size)) {
trace_printf(
"trace: resolved executable path from Darwin stack: %s\n",
path);
Reported by FlawFinder.
Line: 349
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int execl_git_cmd(const char *cmd, ...)
{
int argc;
const char *argv[MAX_ARGS + 1];
const char *arg;
va_list param;
va_start(param, cmd);
argv[0] = cmd;
Reported by FlawFinder.
Line: 155
Column: 12
CWE codes:
126
*/
static int git_get_exec_path_wpgmptr(struct strbuf *buf)
{
int len = wcslen(_wpgmptr) * 3 + 1;
strbuf_grow(buf, len);
len = xwcstoutf(buf->buf, _wpgmptr, len);
if (len < 0)
return -1;
buf->len += len;
Reported by FlawFinder.
archive.c
6 issues
Line: 107
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct object_id oid;
int baselen, len;
unsigned mode;
char path[FLEX_ARRAY];
};
struct archiver_context {
struct archiver_args *args;
write_archive_entry_fn_t write_entry;
Reported by FlawFinder.
Line: 199
Column: 37
CWE codes:
126
unsigned mode, struct archiver_context *c)
{
struct directory *d;
size_t len = st_add4(base->len, 1, strlen(filename), 1);
d = xmalloc(st_add(sizeof(*d), len));
d->up = c->bottom;
d->baselen = base->len;
d->mode = mode;
c->bottom = d;
Reported by FlawFinder.
Line: 453
Column: 18
CWE codes:
126
if (!dwim_ref(name, refnamelen, &oid, &ref, 0))
die(_("no such ref: %.*s"), refnamelen, name);
} else {
dwim_ref(name, strlen(name), &oid, &ref, 0);
}
if (get_oid(name, &oid))
die(_("not a valid object name: %s"), name);
Reported by FlawFinder.
Line: 622
Column: 18
CWE codes:
126
}
args->verbose = verbose;
args->base = base;
args->baselen = strlen(base);
args->worktree_attributes = worktree_attributes;
return argc;
}
Reported by FlawFinder.
Line: 672
Column: 37
CWE codes:
126
static int match_extension(const char *filename, const char *ext)
{
int prefixlen = strlen(filename) - strlen(ext);
/*
* We need 1 character for the '.', and 1 character to ensure that the
* prefix is non-empty (k.e., we don't match .tar.gz with no actual
* filename).
Reported by FlawFinder.
Line: 672
Column: 18
CWE codes:
126
static int match_extension(const char *filename, const char *ext)
{
int prefixlen = strlen(filename) - strlen(ext);
/*
* We need 1 character for the '.', and 1 character to ensure that the
* prefix is non-empty (k.e., we don't match .tar.gz with no actual
* filename).
Reported by FlawFinder.
fetch-pack.c
6 issues
Line: 1864
CWE codes:
562
return;
for (i = 0; i < nr_sought; i++)
oid_array_append(&ref, &sought[i]->old_oid);
si->ref = &ref;
if (args->update_shallow) {
/*
* remote is also shallow, .git/shallow may be updated
* so all refs can be accepted. Make sure we only add
Reported by Cppcheck.
Line: 66
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define ALLOW_REACHABLE_SHA1 02
static unsigned int allow_unadvertised_object_request;
__attribute__((format (printf, 2, 3)))
static inline void print_verbose(const struct fetch_pack_args *args,
const char *fmt, ...)
{
va_list params;
Reported by FlawFinder.
Line: 76
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
return;
va_start(params, fmt);
vfprintf(stderr, fmt, params);
va_end(params);
fputc('\n', stderr);
}
struct alternate_object_cache {
Reported by FlawFinder.
Line: 803
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int len = the_hash_algo->hexsz + 1; /* hash + NL */
do {
char hex_hash[GIT_MAX_HEXSZ + 1];
int read_len = read_in_full(fd, hex_hash, len);
struct object_id oid;
const char *end;
if (!read_len)
Reported by FlawFinder.
Line: 888
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (args->use_thin_pack)
strvec_push(&cmd.args, "--fix-thin");
if ((do_keep || index_pack_args) && (args->lock_pack || unpack_limit)) {
char hostname[HOST_NAME_MAX + 1];
if (xgethostname(hostname, sizeof(hostname)))
xsnprintf(hostname, sizeof(hostname), "localhost");
strvec_pushf(&cmd.args,
"--keep=fetch-pack %"PRIuMAX " on %s",
(uintmax_t)getpid(), hostname);
Reported by FlawFinder.
Line: 1673
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < packfile_uris.nr; i++) {
int j;
struct child_process cmd = CHILD_PROCESS_INIT;
char packname[GIT_MAX_HEXSZ + 1];
const char *uri = packfile_uris.items[i].string +
the_hash_algo->hexsz + 1;
strvec_push(&cmd.args, "http-fetch");
strvec_pushf(&cmd.args, "--packfile=%.*s",
Reported by FlawFinder.
builtin/config.c
6 issues
Line: 643
Column: 45
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
char *value;
int flags = 0;
given_config_source.file = xstrdup_or_null(getenv(CONFIG_ENVIRONMENT));
argc = parse_options(argc, argv, prefix, builtin_config_options,
builtin_config_usage,
PARSE_OPT_STOP_AT_NON_OPTION);
Reported by FlawFinder.
Line: 278
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return -1;
strbuf_addf(buf, "%"PRItime, t);
} else if (type == TYPE_COLOR) {
char v[COLOR_MAXLEN];
if (git_config_color(v, key_, value_) < 0)
return -1;
strbuf_addstr(buf, v);
} else if (value_) {
strbuf_addstr(buf, value_);
Reported by FlawFinder.
Line: 439
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return xstrdup(v ? "true" : "false");
}
if (type == TYPE_COLOR) {
char v[COLOR_MAXLEN];
if (git_config_color(v, key, value))
die(_("cannot parse color '%s'"), value);
/*
* The contents of `v` now contain an ANSI escape
Reported by FlawFinder.
Line: 459
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int get_color_found;
static const char *get_color_slot;
static const char *get_colorbool_slot;
static char parsed_color[COLOR_MAXLEN];
static int git_get_color_config(const char *var, const char *value, void *cb)
{
if (!strcmp(var, get_color_slot)) {
if (!value)
Reported by FlawFinder.
Line: 843
Column: 13
CWE codes:
362
xstrdup(given_config_source.file) :
git_pathdup("config");
if (use_global_config) {
int fd = open(config_file, O_CREAT | O_EXCL | O_WRONLY, 0666);
if (fd >= 0) {
char *content = default_user_config();
write_str_in_full(fd, content);
free(content);
close(fd);
Reported by FlawFinder.
Line: 330
Column: 19
CWE codes:
126
*/
key = xstrdup(key_);
for (tl = key + strlen(key) - 1;
tl >= key && *tl != '.';
tl--)
*tl = tolower(*tl);
for (tl = key; *tl && *tl != '.'; tl++)
*tl = tolower(*tl);
Reported by FlawFinder.
pager.c
6 issues
Line: 55
Column: 10
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (!stdout_is_tty)
return NULL;
pager = getenv("GIT_PAGER");
if (!pager) {
if (!pager_program)
read_early_config(core_pager_config, NULL);
pager = pager_program;
}
Reported by FlawFinder.
Line: 62
Column: 11
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
pager = pager_program;
}
if (!pager)
pager = getenv("PAGER");
if (!pager)
pager = DEFAULT_PAGER;
if (!*pager || !strcmp(pager, "cat"))
pager = NULL;
Reported by FlawFinder.
Line: 89
Column: 8
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
die("malformed build-time PAGER_ENV");
*cp = '\0';
if (!getenv(argv[i])) {
*cp = '=';
strvec_push(env, argv[i]);
}
}
free(pager_env);
Reported by FlawFinder.
Line: 168
Column: 15
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
term_columns_at_startup = 80;
term_columns_guessed = 1;
col_string = getenv("COLUMNS");
if (col_string && (n_cols = atoi(col_string)) > 0) {
term_columns_at_startup = n_cols;
term_columns_guessed = 0;
}
#ifdef TIOCGWINSZ
Reported by FlawFinder.
Line: 119
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* to communicate it to any sub-processes.
*/
{
char buf[64];
xsnprintf(buf, sizeof(buf), "%d", term_columns());
if (!term_columns_guessed)
setenv("COLUMNS", buf, 0);
}
Reported by FlawFinder.
Line: 169
Column: 30
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
term_columns_guessed = 1;
col_string = getenv("COLUMNS");
if (col_string && (n_cols = atoi(col_string)) > 0) {
term_columns_at_startup = n_cols;
term_columns_guessed = 0;
}
#ifdef TIOCGWINSZ
else {
Reported by FlawFinder.
rebase-interactive.c
6 issues
Line: 129
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
return -3;
if (todo_list_parse_insn_buffer(r, new_todo->buf.buf, new_todo)) {
fprintf(stderr, _(edit_todo_list_advice));
return -4;
}
if (incorrect) {
if (todo_list_check_against_backup(r, new_todo)) {
Reported by FlawFinder.
Line: 209
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
"the level of warnings.\n"
"The possible behaviours are: ignore, warn, error.\n\n"));
fprintf(stderr, _(edit_todo_list_advice));
leave_check:
clear_commit_seen(&commit_seen);
return res;
}
Reported by FlawFinder.
Line: 249
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!res)
res = todo_list_parse_insn_buffer(r, new_todo.buf.buf, &new_todo);
if (res)
fprintf(stderr, _(edit_todo_list_advice));
if (!res)
res = todo_list_check(&old_todo, &new_todo);
out:
todo_list_release(&old_todo);
todo_list_release(&new_todo);
Reported by FlawFinder.
Line: 72
Column: 39
CWE codes:
126
shortrevisions, shortonto, command_count);
}
strbuf_add_commented_lines(buf, msg, strlen(msg));
if (get_missing_commit_check_level() == MISSING_COMMIT_CHECK_ERROR)
msg = _("\nDo not remove any line. Use 'drop' "
"explicitly to remove a commit.\n");
else
Reported by FlawFinder.
Line: 81
Column: 39
CWE codes:
126
msg = _("\nIf you remove a line here "
"THAT COMMIT WILL BE LOST.\n");
strbuf_add_commented_lines(buf, msg, strlen(msg));
if (edit_todo)
msg = _("\nYou are editing the todo file "
"of an ongoing interactive rebase.\n"
"To continue rebase after editing, run:\n"
Reported by FlawFinder.
Line: 92
Column: 39
CWE codes:
126
msg = _("\nHowever, if you remove everything, "
"the rebase will be aborted.\n\n");
strbuf_add_commented_lines(buf, msg, strlen(msg));
}
int edit_todo_list(struct repository *r, struct todo_list *todo_list,
struct todo_list *new_todo, const char *shortrevisions,
const char *shortonto, unsigned flags)
Reported by FlawFinder.
range-diff.c
6 issues
Line: 178
Column: 13
CWE codes:
126
strbuf_addstr(&buf, "\n\n");
strbuf_addstr(&buf, " ## Commit message ##\n");
} else if (starts_with(line, "Notes") &&
line[strlen(line) - 1] == ':') {
strbuf_addstr(&buf, "\n\n");
/* strip the trailing colon */
strbuf_addf(&buf, " ## %.*s ##\n",
(int)(strlen(line) - 1), line);
} else if (starts_with(line, " ")) {
Reported by FlawFinder.
Line: 182
Column: 16
CWE codes:
126
strbuf_addstr(&buf, "\n\n");
/* strip the trailing colon */
strbuf_addf(&buf, " ## %.*s ##\n",
(int)(strlen(line) - 1), line);
} else if (starts_with(line, " ")) {
p = line + len - 2;
while (isspace(*p) && p >= line)
p--;
strbuf_add(&buf, line, p - line + 1);
Reported by FlawFinder.
Line: 297
Column: 13
CWE codes:
126
int count = 0;
mf1.ptr = (char *)a;
mf1.size = strlen(a);
mf2.ptr = (char *)b;
mf2.size = strlen(b);
cfg.ctxlen = 3;
if (!xdi_diff_outf(&mf1, &mf2,
Reported by FlawFinder.
Line: 299
Column: 13
CWE codes:
126
mf1.ptr = (char *)a;
mf1.size = strlen(a);
mf2.ptr = (char *)b;
mf2.size = strlen(b);
cfg.ctxlen = 3;
if (!xdi_diff_outf(&mf1, &mf2,
diffsize_hunk, diffsize_consume, &count,
&pp, &cfg))
Reported by FlawFinder.
Line: 390
Column: 5
CWE codes:
126
if (!dashes->len)
strbuf_addchars(dashes, '-',
strlen(find_unique_abbrev(oid,
DEFAULT_ABBREV)));
if (!b_util) {
color = color_old;
status = '<';
Reported by FlawFinder.
Line: 451
Column: 15
CWE codes:
126
fill_filespec(spec, null_oid(), 0, 0100644);
spec->data = (char *)p;
spec->size = strlen(p);
spec->should_munmap = 0;
spec->is_stdin = 1;
spec->driver = §ion_headers;
return spec;
Reported by FlawFinder.