The following issues were found
exec-cmd.c
6 issues
Line: 287
Column: 21
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
const char *git_exec_path(void)
{
if (!exec_path_value) {
const char *env = getenv(EXEC_PATH_ENVIRONMENT);
if (env && *env)
exec_path_value = xstrdup(env);
else
exec_path_value = system_path(GIT_EXEC_PATH);
}
Reported by FlawFinder.
Line: 307
Column: 25
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
void setup_path(void)
{
const char *exec_path = git_exec_path();
const char *old_path = getenv("PATH");
struct strbuf new_path = STRBUF_INIT;
git_set_exec_path(exec_path);
add_path(&new_path, exec_path);
Reported by FlawFinder.
Line: 108
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int git_get_exec_path_bsd_sysctl(struct strbuf *buf)
{
int mib[4];
char path[MAXPATHLEN];
size_t cb = sizeof(path);
mib[0] = CTL_KERN;
mib[1] = KERN_PROC;
mib[2] = KERN_PROC_PATHNAME;
Reported by FlawFinder.
Line: 134
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int git_get_exec_path_darwin(struct strbuf *buf)
{
char path[PATH_MAX];
uint32_t size = sizeof(path);
if (!_NSGetExecutablePath(path, &size)) {
trace_printf(
"trace: resolved executable path from Darwin stack: %s\n",
path);
Reported by FlawFinder.
Line: 349
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int execl_git_cmd(const char *cmd, ...)
{
int argc;
const char *argv[MAX_ARGS + 1];
const char *arg;
va_list param;
va_start(param, cmd);
argv[0] = cmd;
Reported by FlawFinder.
Line: 155
Column: 12
CWE codes:
126
*/
static int git_get_exec_path_wpgmptr(struct strbuf *buf)
{
int len = wcslen(_wpgmptr) * 3 + 1;
strbuf_grow(buf, len);
len = xwcstoutf(buf->buf, _wpgmptr, len);
if (len < 0)
return -1;
buf->len += len;
Reported by FlawFinder.
add-patch.c
6 issues
Line: 283
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
clear_add_i_state(&s->s);
}
__attribute__((format (printf, 2, 3)))
static void err(struct add_p_state *s, const char *fmt, ...)
{
va_list args;
va_start(args, fmt);
Reported by FlawFinder.
Line: 290
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
va_start(args, fmt);
fputs(s->s.error_color, stderr);
vfprintf(stderr, fmt, args);
fputs(s->s.reset_color, stderr);
fputc('\n', stderr);
va_end(args);
}
Reported by FlawFinder.
Line: 1470
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
(uintmax_t)(file_diff->hunk_nr
? file_diff->hunk_nr
: 1));
printf(_(s->mode->prompt_mode[prompt_mode_type]),
s->buf.buf);
if (*s->s.reset_color)
fputs(s->s.reset_color, stdout);
fflush(stdout);
if (read_single_character(s) == EOF)
Reported by FlawFinder.
Line: 23
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* provide enough space for three command-line arguments followed by a
* trailing `NULL`.
*/
const char *diff_cmd[4], *apply_args[4], *apply_check_args[4];
unsigned is_reverse:1, index_only:1, apply_for_checkout:1;
const char *prompt_mode[PROMPT_MODE_MAX];
const char *edit_hunk_hint, *help_patch_text;
};
Reported by FlawFinder.
Line: 25
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
const char *diff_cmd[4], *apply_args[4], *apply_check_args[4];
unsigned is_reverse:1, index_only:1, apply_for_checkout:1;
const char *prompt_mode[PROMPT_MODE_MAX];
const char *edit_hunk_hint, *help_patch_text;
};
static struct patch_mode patch_mode_add = {
.diff_cmd = { "diff-files", NULL },
Reported by FlawFinder.
Line: 1593
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ret = regcomp(®ex, s->answer.buf,
REG_EXTENDED | REG_NOSUB | REG_NEWLINE);
if (ret) {
char errbuf[1024];
regerror(ret, ®ex, errbuf, sizeof(errbuf));
err(s, _("Malformed search regexp %s: %s"),
s->answer.buf, errbuf);
continue;
Reported by FlawFinder.
t/helper/test-drop-caches.c
6 issues
Line: 122
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
static int cmd_sync(void)
{
return system("sync");
}
static int cmd_dropcaches(void)
{
return system("echo 3 | sudo tee /proc/sys/vm/drop_caches");
Reported by FlawFinder.
Line: 127
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
static int cmd_dropcaches(void)
{
return system("echo 3 | sudo tee /proc/sys/vm/drop_caches");
}
#elif defined(__APPLE__)
static int cmd_sync(void)
Reported by FlawFinder.
Line: 134
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
static int cmd_sync(void)
{
return system("sync");
}
static int cmd_dropcaches(void)
{
return system("sudo purge");
Reported by FlawFinder.
Line: 139
Column: 9
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
static int cmd_dropcaches(void)
{
return system("sudo purge");
}
#else
static int cmd_sync(void)
Reported by FlawFinder.
Line: 9
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int cmd_sync(void)
{
char Buffer[MAX_PATH];
DWORD dwRet;
char szVolumeAccessPath[] = "\\\\.\\XXXX:";
HANDLE hVolWrite;
int success = 0, dos_drive_prefix;
Reported by FlawFinder.
Line: 23
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!dos_drive_prefix)
return error("'%s': invalid drive letter", Buffer);
memcpy(szVolumeAccessPath, Buffer, dos_drive_prefix);
szVolumeAccessPath[dos_drive_prefix] = '\0';
hVolWrite = CreateFile(szVolumeAccessPath, GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
if (INVALID_HANDLE_VALUE == hVolWrite)
Reported by FlawFinder.
parallel-checkout.c
6 issues
Line: 38
Column: 22
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
void get_parallel_checkout_configs(int *num_workers, int *threshold)
{
char *env_workers = getenv("GIT_TEST_CHECKOUT_WORKERS");
if (env_workers && *env_workers) {
if (strtol_i(env_workers, 10, num_workers)) {
die("invalid value for GIT_TEST_CHECKOUT_WORKERS: '%s'",
env_workers);
Reported by FlawFinder.
Line: 348
Column: 7
CWE codes:
362
goto out;
}
fd = open(path.buf, O_WRONLY | O_CREAT | O_EXCL, mode);
if (fd < 0) {
if (errno == EEXIST || errno == EISDIR) {
/*
* Errors which probably represent a path collision.
Reported by FlawFinder.
Line: 433
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
variant = data + sizeof(*fixed_portion);
if (working_tree_encoding_len) {
memcpy(variant, working_tree_encoding, working_tree_encoding_len);
variant += working_tree_encoding_len;
}
memcpy(variant, pc_item->ce->name, name_len);
packet_write(fd, data, len_data);
Reported by FlawFinder.
Line: 436
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(variant, working_tree_encoding, working_tree_encoding_len);
variant += working_tree_encoding_len;
}
memcpy(variant, pc_item->ce->name, name_len);
packet_write(fd, data, len_data);
free(data);
}
Reported by FlawFinder.
Line: 94
Column: 32
CWE codes:
126
return 0;
packed_item_size = sizeof(struct pc_item_fixed_portion) + ce->ce_namelen +
(ca->working_tree_encoding ? strlen(ca->working_tree_encoding) : 0);
/*
* The amount of data we send to the workers per checkout item is
* typically small (75~300B). So unless we find an insanely huge path
* of 64KB, we should never reach the 65KB limit of one pkt-line. If
Reported by FlawFinder.
Line: 405
Column: 9
CWE codes:
126
const char *working_tree_encoding = pc_item->ca.working_tree_encoding;
size_t name_len = pc_item->ce->ce_namelen;
size_t working_tree_encoding_len = working_tree_encoding ?
strlen(working_tree_encoding) : 0;
/*
* Any changes in the calculation of the message size must also be made
* in is_eligible_for_parallel_checkout().
*/
Reported by FlawFinder.
sha1dc/sha1.c
6 issues
Line: 197
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
uint32_t a,b,c,d,e;
unsigned i;
memcpy(W, m, 16 * 4);
for (i = 16; i < 80; ++i)
W[i] = sha1_mix(W, i);
a = ihv[0]; b = ihv[1]; c = ihv[2]; d = ihv[3]; e = ihv[4];
Reported by FlawFinder.
Line: 1834
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (left && len >= fill)
{
ctx->total += fill;
memcpy(ctx->buffer + left, buf, fill);
sha1_process(ctx, (uint32_t*)(ctx->buffer));
buf += fill;
len -= fill;
left = 0;
}
Reported by FlawFinder.
Line: 1847
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#if defined(SHA1DC_ALLOW_UNALIGNED_ACCESS)
sha1_process(ctx, (uint32_t*)(buf));
#else
memcpy(ctx->buffer, buf, 64);
sha1_process(ctx, (uint32_t*)(ctx->buffer));
#endif /* defined(SHA1DC_ALLOW_UNALIGNED_ACCESS) */
buf += 64;
len -= 64;
}
Reported by FlawFinder.
Line: 1856
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (len > 0)
{
ctx->total += len;
memcpy(ctx->buffer + left, buf, len);
}
}
static const unsigned char sha1_padding[64] =
{
Reported by FlawFinder.
Line: 1860
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
}
static const unsigned char sha1_padding[64] =
{
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
Reported by FlawFinder.
Line: 1868
Column: 26
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
int SHA1DCFinal(unsigned char output[20], SHA1_CTX *ctx)
{
uint32_t last = ctx->total & 63;
uint32_t padn = (last < 56) ? (56 - last) : (120 - last);
uint64_t total;
SHA1DCUpdate(ctx, (const char*)(sha1_padding), padn);
Reported by FlawFinder.
builtin/mailsplit.c
5 issues
Line: 78
Column: 7
CWE codes:
362
fprintf(stderr, "corrupt mailbox\n");
exit(1);
}
fd = open(name, O_WRONLY | O_CREAT | O_EXCL, 0666);
if (fd < 0)
die_errno("cannot open output file '%s'", name);
output = xfdopen(fd, "w");
/* Copy it out, while searching for a line that begins with
Reported by FlawFinder.
Line: 191
Column: 7
CWE codes:
362
free(file);
file = xstrfmt("%s/%s", maildir, list.items[i].string);
f = fopen(file, "r");
if (!f) {
error_errno("cannot open mail %s", file);
goto out;
}
Reported by FlawFinder.
Line: 225
Column: 41
CWE codes:
362
int ret = -1;
int peek;
FILE *f = !strcmp(file, "-") ? stdin : fopen(file, "r");
int file_done = 0;
if (!f) {
error_errno("cannot open mbox %s", file);
goto out;
Reported by FlawFinder.
Line: 52
Column: 15
CWE codes:
126
static int is_gtfrom(const struct strbuf *buf)
{
size_t min = strlen(">From ");
size_t ngt;
if (buf->len < min)
return 0;
Reported by FlawFinder.
builtin/cat-file.c
5 issues
Line: 141
Column: 10
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* custom pretty-print here */
if (type == OBJ_TREE) {
const char *ls_args[3] = { NULL };
ls_args[0] = "ls-tree";
ls_args[1] = obj_name;
return cmd_ls_tree(2, ls_args, NULL);
}
Reported by FlawFinder.
Line: 234
Column: 13
CWE codes:
126
static int is_atom(const char *atom, const char *s, int slen)
{
int alen = strlen(atom);
return alen == slen && !memcmp(atom, s, alen);
}
static void expand_atom(struct strbuf *sb, const char *atom, int len,
void *vdata)
Reported by FlawFinder.
Line: 404
Column: 22
CWE codes:
126
break;
case DANGLING_SYMLINK:
printf("dangling %"PRIuMAX"\n%s\n",
(uintmax_t)strlen(obj_name), obj_name);
break;
case SYMLINK_LOOP:
printf("loop %"PRIuMAX"\n%s\n",
(uintmax_t)strlen(obj_name), obj_name);
break;
Reported by FlawFinder.
Line: 408
Column: 22
CWE codes:
126
break;
case SYMLINK_LOOP:
printf("loop %"PRIuMAX"\n%s\n",
(uintmax_t)strlen(obj_name), obj_name);
break;
case NOT_DIR:
printf("notdir %"PRIuMAX"\n%s\n",
(uintmax_t)strlen(obj_name), obj_name);
break;
Reported by FlawFinder.
Line: 412
Column: 22
CWE codes:
126
break;
case NOT_DIR:
printf("notdir %"PRIuMAX"\n%s\n",
(uintmax_t)strlen(obj_name), obj_name);
break;
default:
BUG("unknown get_sha1_with_context result %d\n",
result);
break;
Reported by FlawFinder.
t/helper/test-simple-ipc.c
5 issues
Line: 309
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int spawn_server(pid_t *pid)
{
char test_tool_exe[MAX_PATH];
struct strvec args = STRVEC_INIT;
int in, out;
GetModuleFileNameA(NULL, test_tool_exe, MAX_PATH);
Reported by FlawFinder.
Line: 315
Column: 7
CWE codes:
362
GetModuleFileNameA(NULL, test_tool_exe, MAX_PATH);
in = open("/dev/null", O_RDONLY);
out = open("/dev/null", O_WRONLY);
strvec_push(&args, test_tool_exe);
strvec_push(&args, "simple-ipc");
strvec_push(&args, "run-daemon");
Reported by FlawFinder.
Line: 316
Column: 8
CWE codes:
362
GetModuleFileNameA(NULL, test_tool_exe, MAX_PATH);
in = open("/dev/null", O_RDONLY);
out = open("/dev/null", O_WRONLY);
strvec_push(&args, test_tool_exe);
strvec_push(&args, "simple-ipc");
strvec_push(&args, "run-daemon");
strvec_pushf(&args, "--name=%s", cl_args.path);
Reported by FlawFinder.
Line: 127
Column: 17
CWE codes:
126
int ret;
if (skip_prefix(received, "sendbytes ", &p))
len_ballast = strlen(p);
/*
* Verify that the ballast is n copies of a single letter.
* And that the multi-threaded IO layer didn't cross the streams.
*/
Reported by FlawFinder.
Line: 198
Column: 39
CWE codes:
126
if (!strcmp(command, "ping")) {
const char *answer = "pong";
return reply_cb(reply_data, answer, strlen(answer));
}
if (!strcmp(command, "big"))
return app__big_command(reply_cb, reply_data);
Reported by FlawFinder.
trace.c
5 issues
Line: 40
Column: 46
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (key->initialized)
return key->fd;
trace = override_envvar ? override_envvar : getenv(key->key);
if (!trace || !strcmp(trace, "") ||
!strcmp(trace, "0") || !strcasecmp(trace, "false"))
key->fd = 0;
else if (!strcmp(trace, "1") || !strcasecmp(trace, "true"))
Reported by FlawFinder.
Line: 48
Column: 13
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
else if (!strcmp(trace, "1") || !strcasecmp(trace, "true"))
key->fd = STDERR_FILENO;
else if (strlen(trace) == 1 && isdigit(*trace))
key->fd = atoi(trace);
else if (is_absolute_path(trace)) {
int fd = open(trace, O_WRONLY | O_APPEND | O_CREAT, 0666);
if (fd == -1) {
warning("could not open '%s' for tracing: %s",
trace, strerror(errno));
Reported by FlawFinder.
Line: 50
Column: 12
CWE codes:
362
else if (strlen(trace) == 1 && isdigit(*trace))
key->fd = atoi(trace);
else if (is_absolute_path(trace)) {
int fd = open(trace, O_WRONLY | O_APPEND | O_CREAT, 0666);
if (fd == -1) {
warning("could not open '%s' for tracing: %s",
trace, strerror(errno));
trace_disable(key);
} else {
Reported by FlawFinder.
Line: 47
Column: 11
CWE codes:
126
key->fd = 0;
else if (!strcmp(trace, "1") || !strcasecmp(trace, "true"))
key->fd = STDERR_FILENO;
else if (strlen(trace) == 1 && isdigit(*trace))
key->fd = atoi(trace);
else if (is_absolute_path(trace)) {
int fd = open(trace, O_WRONLY | O_APPEND | O_CREAT, 0666);
if (fd == -1) {
warning("could not open '%s' for tracing: %s",
Reported by FlawFinder.
Line: 221
Column: 22
CWE codes:
126
strbuf_addf(&buf, "performance: %.9f s", (double) nanos / 1000000000);
if (format && *format) {
if (perf_indent >= strlen(space))
BUG("Too deep indentation");
strbuf_addf(&buf, ":%.*s ", perf_indent, space);
strbuf_vaddf(&buf, format, ap);
}
Reported by FlawFinder.
diffcore-rename.c
5 issues
Line: 1441
Column: 27
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
} else {
/* Determine minimum score to match basenames */
double factor = 0.5;
char *basename_factor = getenv("GIT_BASENAME_FACTOR");
int min_basename_score;
if (basename_factor)
factor = strtol(basename_factor, NULL, 10)/100.0;
assert(factor >= 0.0 && factor <= 1.0);
Reported by FlawFinder.
Line: 1198
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
if (new_num_src < i)
memcpy(&rename_src[new_num_src], &rename_src[i],
sizeof(struct diff_rename_src));
new_num_src++;
}
rename_src_nr = new_num_src;
Reported by FlawFinder.
Line: 1325
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (new_num_src < i)
memcpy(&rename_src[new_num_src], &rename_src[i],
sizeof(struct diff_rename_src));
new_num_src++;
}
rename_src_nr = new_num_src;
Reported by FlawFinder.
Line: 70
Column: 16
CWE codes:
126
static int basename_same(struct diff_filespec *src, struct diff_filespec *dst)
{
int src_len = strlen(src->path), dst_len = strlen(dst->path);
while (src_len && dst_len) {
char c1 = src->path[--src_len];
char c2 = dst->path[--dst_len];
if (c1 != c2)
return 0;
Reported by FlawFinder.
Line: 70
Column: 45
CWE codes:
126
static int basename_same(struct diff_filespec *src, struct diff_filespec *dst)
{
int src_len = strlen(src->path), dst_len = strlen(dst->path);
while (src_len && dst_len) {
char c1 = src->path[--src_len];
char c2 = dst->path[--dst_len];
if (c1 != c2)
return 0;
Reported by FlawFinder.