The following issues were found
t/helper/test-simple-ipc.c
5 issues
Line: 309
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static int spawn_server(pid_t *pid)
{
char test_tool_exe[MAX_PATH];
struct strvec args = STRVEC_INIT;
int in, out;
GetModuleFileNameA(NULL, test_tool_exe, MAX_PATH);
Reported by FlawFinder.
Line: 315
Column: 7
CWE codes:
362
GetModuleFileNameA(NULL, test_tool_exe, MAX_PATH);
in = open("/dev/null", O_RDONLY);
out = open("/dev/null", O_WRONLY);
strvec_push(&args, test_tool_exe);
strvec_push(&args, "simple-ipc");
strvec_push(&args, "run-daemon");
Reported by FlawFinder.
Line: 316
Column: 8
CWE codes:
362
GetModuleFileNameA(NULL, test_tool_exe, MAX_PATH);
in = open("/dev/null", O_RDONLY);
out = open("/dev/null", O_WRONLY);
strvec_push(&args, test_tool_exe);
strvec_push(&args, "simple-ipc");
strvec_push(&args, "run-daemon");
strvec_pushf(&args, "--name=%s", cl_args.path);
Reported by FlawFinder.
Line: 127
Column: 17
CWE codes:
126
int ret;
if (skip_prefix(received, "sendbytes ", &p))
len_ballast = strlen(p);
/*
* Verify that the ballast is n copies of a single letter.
* And that the multi-threaded IO layer didn't cross the streams.
*/
Reported by FlawFinder.
Line: 198
Column: 39
CWE codes:
126
if (!strcmp(command, "ping")) {
const char *answer = "pong";
return reply_cb(reply_data, answer, strlen(answer));
}
if (!strcmp(command, "big"))
return app__big_command(reply_cb, reply_data);
Reported by FlawFinder.
trace2/tr2_sid.c
5 issues
Line: 76
Column: 15
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (tr2sid_buf.len)
return;
parent_sid = getenv(TR2_ENVVAR_PARENT_SID);
if (parent_sid && *parent_sid) {
const char *p;
for (p = parent_sid; *p; p++)
if (*p == '/')
tr2sid_nr_git_parents++;
Reported by FlawFinder.
Line: 35
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tr2_tbuf tb_now;
git_hash_ctx ctx;
pid_t pid = getpid();
unsigned char hash[GIT_MAX_RAWSZ + 1];
char hex[GIT_MAX_HEXSZ + 1];
char hostname[HOST_NAME_MAX + 1];
tr2_tbuf_utc_datetime(&tb_now);
strbuf_addstr(&tr2sid_buf, tb_now.buf);
Reported by FlawFinder.
Line: 36
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
git_hash_ctx ctx;
pid_t pid = getpid();
unsigned char hash[GIT_MAX_RAWSZ + 1];
char hex[GIT_MAX_HEXSZ + 1];
char hostname[HOST_NAME_MAX + 1];
tr2_tbuf_utc_datetime(&tb_now);
strbuf_addstr(&tr2sid_buf, tb_now.buf);
Reported by FlawFinder.
Line: 37
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
pid_t pid = getpid();
unsigned char hash[GIT_MAX_RAWSZ + 1];
char hex[GIT_MAX_HEXSZ + 1];
char hostname[HOST_NAME_MAX + 1];
tr2_tbuf_utc_datetime(&tb_now);
strbuf_addstr(&tr2sid_buf, tb_now.buf);
strbuf_addch(&tr2sid_buf, '-');
Reported by FlawFinder.
Line: 47
Column: 35
CWE codes:
126
strbuf_add(&tr2sid_buf, "Localhost", 9);
else {
algo->init_fn(&ctx);
algo->update_fn(&ctx, hostname, strlen(hostname));
algo->final_fn(hash, &ctx);
hash_to_hex_algop_r(hex, hash, algo);
strbuf_addch(&tr2sid_buf, 'H');
strbuf_add(&tr2sid_buf, hex, 8);
}
Reported by FlawFinder.
builtin/ls-tree.c
4 issues
Line: 95
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!(ls_options & LS_NAME_ONLY)) {
if (ls_options & LS_SHOW_SIZE) {
char size_text[24];
if (!strcmp(type, blob_type)) {
unsigned long size;
if (oid_object_info(the_repository, oid, &size) == OBJ_BAD)
xsnprintf(size_text, sizeof(size_text),
"BAD");
Reported by FlawFinder.
Line: 50
Column: 9
CWE codes:
126
if (strncmp(base, spec, baselen))
continue;
len = strlen(pathname);
spec += baselen;
speclen = strlen(spec);
if (speclen <= len)
continue;
if (spec[len] && spec[len] != '/')
Reported by FlawFinder.
Line: 52
Column: 13
CWE codes:
126
continue;
len = strlen(pathname);
spec += baselen;
speclen = strlen(spec);
if (speclen <= len)
continue;
if (spec[len] && spec[len] != '/')
continue;
if (memcmp(pathname, spec, len))
Reported by FlawFinder.
Line: 154
Column: 18
CWE codes:
126
git_config(git_default_config, NULL);
ls_tree_prefix = prefix;
if (prefix && *prefix)
chomp_prefix = strlen(prefix);
argc = parse_options(argc, argv, prefix, ls_tree_options,
ls_tree_usage, 0);
if (full_tree) {
ls_tree_prefix = prefix = NULL;
Reported by FlawFinder.
compat/inet_pton.c
4 issues
Line: 57
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static const char digits[] = "0123456789";
int saw_digit, octets, ch;
unsigned char tmp[NS_INADDRSZ], *tp;
saw_digit = 0;
octets = 0;
*(tp = tmp) = 0;
while ((ch = *src++) != '\0') {
Reported by FlawFinder.
Line: 86
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (octets < 4)
return (0);
memcpy(dst, tmp, NS_INADDRSZ);
return (1);
}
/* int
* inet_pton6(src, dst)
Reported by FlawFinder.
Line: 110
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static const char xdigits_l[] = "0123456789abcdef",
xdigits_u[] = "0123456789ABCDEF";
unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
const char *xdigits, *curtok;
int ch, saw_xdigit;
unsigned int val;
memset((tp = tmp), '\0', NS_IN6ADDRSZ);
Reported by FlawFinder.
Line: 184
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
if (tp != endp)
return (0);
memcpy(dst, tmp, NS_IN6ADDRSZ);
return (1);
}
#endif
/* int
Reported by FlawFinder.
compat/inet_ntop.c
4 issues
Line: 53
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
char tmp[sizeof "255.255.255.255"];
int nprinted;
nprinted = snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2], src[3]);
if (nprinted < 0)
return (NULL); /* we assume "errno" was set by "snprintf()" */
if ((size_t)nprinted >= size) {
errno = ENOSPC;
return (NULL);
Reported by FlawFinder.
Line: 50
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
inet_ntop4(const u_char *src, char *dst, size_t size)
{
static const char fmt[] = "%u.%u.%u.%u";
char tmp[sizeof "255.255.255.255"];
int nprinted;
nprinted = snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2], src[3]);
if (nprinted < 0)
return (NULL); /* we assume "errno" was set by "snprintf()" */
Reported by FlawFinder.
Line: 81
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Keep this in mind if you think this function should have been coded
* to use pointer overlays. All the world's not a VAX.
*/
char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp;
struct { int base, len; } best, cur;
unsigned int words[NS_IN6ADDRSZ / NS_INT16SZ];
int i;
/*
Reported by FlawFinder.
Line: 139
Column: 10
CWE codes:
126
(best.len == 6 || (best.len == 5 && words[5] == 0xffff))) {
if (!inet_ntop4(src+12, tp, sizeof tmp - (tp - tmp)))
return (NULL);
tp += strlen(tp);
break;
}
tp += snprintf(tp, sizeof tmp - (tp - tmp), "%x", words[i]);
}
/* Was it a trailing run of 0x00's? */
Reported by FlawFinder.
bisect.c
4 issues
Line: 1101
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
* TRANSLATORS: the last %s will be replaced with "(roughly %d
* steps)" translation.
*/
printf(Q_("Bisecting: %d revision left to test after this %s\n",
"Bisecting: %d revisions left to test after this %s\n",
nr), nr, steps_msg);
free(steps_msg);
/* Clean up objects used, as they will be reused. */
repo_clear_commit_marks(r, ALL_REV_FLAGS);
Reported by FlawFinder.
Line: 730
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static enum bisect_error bisect_checkout(const struct object_id *bisect_rev, int no_checkout)
{
char bisect_rev_hex[GIT_MAX_HEXSZ + 1];
enum bisect_error res = BISECT_OK;
oid_to_hex_r(bisect_rev_hex, bisect_rev);
update_ref(NULL, "BISECT_EXPECTED_REV", bisect_rev, NULL, 0, UPDATE_REFS_DIE_ON_ERR);
Reported by FlawFinder.
Line: 932
Column: 8
CWE codes:
362
if (!res) {
/* Create file BISECT_ANCESTORS_OK. */
fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0600);
if (fd < 0)
/*
* BISECT_ANCESTORS_OK file is not absolutely necessary,
* the bisection process will continue at the next
* bisection step.
Reported by FlawFinder.
Line: 979
Column: 13
CWE codes:
362
{
struct strbuf str = STRBUF_INIT;
const char *filename = git_path_bisect_terms();
FILE *fp = fopen(filename, "r");
if (!fp) {
if (errno == ENOENT) {
*read_bad = "bad";
*read_good = "good";
Reported by FlawFinder.
t/helper/test-oidtree.c
4 issues
Line: 35
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
die("contains not a hexadecimal oid: %s", arg);
printf("%d\n", oidtree_contains(&ot, &oid));
} else if (skip_prefix(line.buf, "each ", &arg)) {
char buf[GIT_MAX_HEXSZ + 1] = { '0' };
memset(&oid, 0, sizeof(oid));
memcpy(buf, arg, strlen(arg));
buf[hash_algos[algo].hexsz] = '\0';
get_oid_hex_any(buf, &oid);
oid.algo = algo;
Reported by FlawFinder.
Line: 37
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else if (skip_prefix(line.buf, "each ", &arg)) {
char buf[GIT_MAX_HEXSZ + 1] = { '0' };
memset(&oid, 0, sizeof(oid));
memcpy(buf, arg, strlen(arg));
buf[hash_algos[algo].hexsz] = '\0';
get_oid_hex_any(buf, &oid);
oid.algo = algo;
oidtree_each(&ot, &oid, strlen(arg), print_oid, NULL);
} else if (!strcmp(line.buf, "clear")) {
Reported by FlawFinder.
Line: 37
Column: 21
CWE codes:
126
} else if (skip_prefix(line.buf, "each ", &arg)) {
char buf[GIT_MAX_HEXSZ + 1] = { '0' };
memset(&oid, 0, sizeof(oid));
memcpy(buf, arg, strlen(arg));
buf[hash_algos[algo].hexsz] = '\0';
get_oid_hex_any(buf, &oid);
oid.algo = algo;
oidtree_each(&ot, &oid, strlen(arg), print_oid, NULL);
} else if (!strcmp(line.buf, "clear")) {
Reported by FlawFinder.
Line: 41
Column: 28
CWE codes:
126
buf[hash_algos[algo].hexsz] = '\0';
get_oid_hex_any(buf, &oid);
oid.algo = algo;
oidtree_each(&ot, &oid, strlen(arg), print_oid, NULL);
} else if (!strcmp(line.buf, "clear")) {
oidtree_clear(&ot);
} else {
die("unknown command: %s", line.buf);
}
Reported by FlawFinder.
commit-graph.c
4 issues
Line: 2411
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define VERIFY_COMMIT_GRAPH_ERROR_HASH 2
static int verify_commit_graph_error;
__attribute__((format (printf, 1, 2)))
static void graph_report(const char *fmt, ...)
{
va_list ap;
verify_commit_graph_error = 1;
Reported by FlawFinder.
Line: 2418
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
verify_commit_graph_error = 1;
va_start(ap, fmt);
vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
va_end(ap);
}
#define GENERATION_ZERO_EXISTS 1
Reported by FlawFinder.
Line: 519
Column: 7
CWE codes:
362
FILE *fp;
int stat_res;
fp = fopen(chain_name, "r");
stat_res = stat(chain_name, &st);
free(chain_name);
if (!fp ||
stat_res ||
Reported by FlawFinder.
Line: 1797
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const unsigned hashsz = the_hash_algo->rawsz;
struct strbuf progress_title = STRBUF_INIT;
struct chunkfile *cf;
unsigned char file_hash[GIT_MAX_RAWSZ];
if (ctx->split) {
struct strbuf tmp_file = STRBUF_INIT;
strbuf_addf(&tmp_file,
Reported by FlawFinder.
t/helper/test-pkt-line.c
4 issues
Line: 22
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < argc; i++)
pack_line(argv[i]);
} else { /* read from stdin */
char line[LARGE_PACKET_MAX];
while (fgets(line, sizeof(line), stdin)) {
pack_line(line);
}
}
}
Reported by FlawFinder.
Line: 103
Column: 29
CWE codes:
126
const char *primary = "\001primary: regular output\n";
const char *part2 = " world!\n";
send_sideband(1, 2, part1, strlen(part1), LARGE_PACKET_MAX);
packet_write(1, primary, strlen(primary));
send_sideband(1, 2, part2, strlen(part2), LARGE_PACKET_MAX);
packet_response_end(1);
return 0;
Reported by FlawFinder.
Line: 104
Column: 27
CWE codes:
126
const char *part2 = " world!\n";
send_sideband(1, 2, part1, strlen(part1), LARGE_PACKET_MAX);
packet_write(1, primary, strlen(primary));
send_sideband(1, 2, part2, strlen(part2), LARGE_PACKET_MAX);
packet_response_end(1);
return 0;
}
Reported by FlawFinder.
Line: 105
Column: 29
CWE codes:
126
send_sideband(1, 2, part1, strlen(part1), LARGE_PACKET_MAX);
packet_write(1, primary, strlen(primary));
send_sideband(1, 2, part2, strlen(part2), LARGE_PACKET_MAX);
packet_response_end(1);
return 0;
}
Reported by FlawFinder.
refs/debug.c
4 issues
Line: 59
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct object_id *new_oid, unsigned int flags,
unsigned int type, const char *msg)
{
char o[GIT_MAX_HEXSZ + 1] = "null";
char n[GIT_MAX_HEXSZ + 1] = "null";
if (old_oid)
oid_to_hex_r(o, old_oid);
if (new_oid)
oid_to_hex_r(n, new_oid);
Reported by FlawFinder.
Line: 60
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int type, const char *msg)
{
char o[GIT_MAX_HEXSZ + 1] = "null";
char n[GIT_MAX_HEXSZ + 1] = "null";
if (old_oid)
oid_to_hex_r(o, old_oid);
if (new_oid)
oid_to_hex_r(n, new_oid);
Reported by FlawFinder.
Line: 286
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct debug_reflog *dbg = (struct debug_reflog *)cb_data;
int ret;
char o[GIT_MAX_HEXSZ + 1] = "null";
char n[GIT_MAX_HEXSZ + 1] = "null";
if (old_oid)
oid_to_hex_r(o, old_oid);
if (new_oid)
oid_to_hex_r(n, new_oid);
Reported by FlawFinder.
Line: 287
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct debug_reflog *dbg = (struct debug_reflog *)cb_data;
int ret;
char o[GIT_MAX_HEXSZ + 1] = "null";
char n[GIT_MAX_HEXSZ + 1] = "null";
if (old_oid)
oid_to_hex_r(o, old_oid);
if (new_oid)
oid_to_hex_r(n, new_oid);
Reported by FlawFinder.