The following issues were found
refs/debug.c
4 issues
Line: 59
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct object_id *new_oid, unsigned int flags,
unsigned int type, const char *msg)
{
char o[GIT_MAX_HEXSZ + 1] = "null";
char n[GIT_MAX_HEXSZ + 1] = "null";
if (old_oid)
oid_to_hex_r(o, old_oid);
if (new_oid)
oid_to_hex_r(n, new_oid);
Reported by FlawFinder.
Line: 60
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int type, const char *msg)
{
char o[GIT_MAX_HEXSZ + 1] = "null";
char n[GIT_MAX_HEXSZ + 1] = "null";
if (old_oid)
oid_to_hex_r(o, old_oid);
if (new_oid)
oid_to_hex_r(n, new_oid);
Reported by FlawFinder.
Line: 286
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct debug_reflog *dbg = (struct debug_reflog *)cb_data;
int ret;
char o[GIT_MAX_HEXSZ + 1] = "null";
char n[GIT_MAX_HEXSZ + 1] = "null";
if (old_oid)
oid_to_hex_r(o, old_oid);
if (new_oid)
oid_to_hex_r(n, new_oid);
Reported by FlawFinder.
Line: 287
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct debug_reflog *dbg = (struct debug_reflog *)cb_data;
int ret;
char o[GIT_MAX_HEXSZ + 1] = "null";
char n[GIT_MAX_HEXSZ + 1] = "null";
if (old_oid)
oid_to_hex_r(o, old_oid);
if (new_oid)
oid_to_hex_r(n, new_oid);
Reported by FlawFinder.
csum-file.c
4 issues
Line: 117
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Copy to the hashfile's buffer, flushing only
* if it became full.
*/
memcpy(f->buffer + f->offset, buf, nr);
f->offset += nr;
left -= nr;
if (!left)
hashflush(f);
}
Reported by FlawFinder.
Line: 134
Column: 9
CWE codes:
362
int sink, check;
struct hashfile *f;
sink = open("/dev/null", O_WRONLY);
if (sink < 0)
die_errno("unable to open /dev/null");
check = open(name, O_RDONLY);
if (check < 0)
die_errno("unable to open '%s'", name);
Reported by FlawFinder.
Line: 137
Column: 10
CWE codes:
362
sink = open("/dev/null", O_WRONLY);
if (sink < 0)
die_errno("unable to open /dev/null");
check = open(name, O_RDONLY);
if (check < 0)
die_errno("unable to open '%s'", name);
f = hashfd(sink, name);
f->check_fd = check;
f->check_buffer = xmalloc(f->buffer_len);
Reported by FlawFinder.
Line: 223
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int hashfile_checksum_valid(const unsigned char *data, size_t total_len)
{
unsigned char got[GIT_MAX_RAWSZ];
git_hash_ctx ctx;
size_t data_len = total_len - the_hash_algo->rawsz;
if (total_len < the_hash_algo->rawsz)
return 0; /* say "too short"? */
Reported by FlawFinder.
kwset.c
4 issues
Line: 773
CWE codes:
682
struct kwset *kwset;
kwset = (struct kwset *) kws;
obstack_free(&kwset->obstack, NULL);
free(kws);
}
Reported by Cppcheck.
Line: 83
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct trie *trie; /* The trie itself. */
int mind; /* Minimum depth of an accepting node. */
int maxd; /* Maximum depth of any node. */
unsigned char delta[NCHAR]; /* Delta table for rapid search. */
struct trie *next[NCHAR]; /* Table of children of the root. */
char *target; /* Target string if there's only one. */
int mind2; /* Used in Boyer-Moore search for one string. */
unsigned char const *trans; /* Character translation table. */
};
Reported by FlawFinder.
Line: 389
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
register int i;
register struct trie *curr;
register unsigned char const *trans;
unsigned char delta[NCHAR];
kwset = (struct kwset *) kws;
/* Initial values for the delta table; will be changed later. The
delta entry for a given character is the smallest depth of any
Reported by FlawFinder.
Line: 492
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (i = 0; i < NCHAR; ++i)
kwset->delta[i] = delta[U(trans[i])];
else
memcpy(kwset->delta, delta, NCHAR);
return NULL;
}
/* Fast boyer-moore search. */
Reported by FlawFinder.
block-sha1/sha1.c
4 issues
Line: 217
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned int left = 64 - lenW;
if (len < left)
left = len;
memcpy(lenW + (char *)ctx->W, data, left);
lenW = (lenW + left) & 63;
len -= left;
data = ((const char *)data + left);
if (lenW)
return;
Reported by FlawFinder.
Line: 231
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
len -= 64;
}
if (len)
memcpy(ctx->W, data, len);
}
void blk_SHA1_Final(unsigned char hashout[20], blk_SHA_CTX *ctx)
{
static const unsigned char pad[64] = { 0x80 };
Reported by FlawFinder.
Line: 234
Column: 30
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
memcpy(ctx->W, data, len);
}
void blk_SHA1_Final(unsigned char hashout[20], blk_SHA_CTX *ctx)
{
static const unsigned char pad[64] = { 0x80 };
unsigned int padlen[2];
int i;
Reported by FlawFinder.
Line: 236
Column: 24
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void blk_SHA1_Final(unsigned char hashout[20], blk_SHA_CTX *ctx)
{
static const unsigned char pad[64] = { 0x80 };
unsigned int padlen[2];
int i;
/* Pad with a binary 1 (ie 0x80), then zeroes, then length */
padlen[0] = htonl((uint32_t)(ctx->size >> 29));
Reported by FlawFinder.
compat/win32/syslog.c
4 issues
Line: 16
Column: 6
CWE codes:
134
Suggestion:
Use a constant format string for syslog
warning("RegisterEventSource() failed: %lu", GetLastError());
}
void syslog(int priority, const char *fmt, ...)
{
WORD logtype;
char *str, *pos;
int str_len;
va_list ap;
Reported by FlawFinder.
Line: 27
Column: 12
CWE codes:
134
Suggestion:
Use a constant for the format specification
return;
va_start(ap, fmt);
str_len = vsnprintf(NULL, 0, fmt, ap);
va_end(ap);
if (str_len < 0) {
warning_errno("vsnprintf failed");
return;
Reported by FlawFinder.
Line: 42
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
va_start(ap, fmt);
vsnprintf(str, str_len + 1, fmt, ap);
va_end(ap);
while ((pos = strstr(str, "%1")) != NULL) {
char *oldstr = str;
str = realloc(str, st_add(++str_len, 1));
Reported by FlawFinder.
Line: 53
Column: 29
CWE codes:
126
warning_errno("realloc failed");
return;
}
memmove(pos + 2, pos + 1, strlen(pos));
pos[1] = ' ';
}
switch (priority) {
case LOG_EMERG:
Reported by FlawFinder.
t/helper/test-pkt-line.c
4 issues
Line: 22
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for (i = 0; i < argc; i++)
pack_line(argv[i]);
} else { /* read from stdin */
char line[LARGE_PACKET_MAX];
while (fgets(line, sizeof(line), stdin)) {
pack_line(line);
}
}
}
Reported by FlawFinder.
Line: 103
Column: 29
CWE codes:
126
const char *primary = "\001primary: regular output\n";
const char *part2 = " world!\n";
send_sideband(1, 2, part1, strlen(part1), LARGE_PACKET_MAX);
packet_write(1, primary, strlen(primary));
send_sideband(1, 2, part2, strlen(part2), LARGE_PACKET_MAX);
packet_response_end(1);
return 0;
Reported by FlawFinder.
Line: 104
Column: 27
CWE codes:
126
const char *part2 = " world!\n";
send_sideband(1, 2, part1, strlen(part1), LARGE_PACKET_MAX);
packet_write(1, primary, strlen(primary));
send_sideband(1, 2, part2, strlen(part2), LARGE_PACKET_MAX);
packet_response_end(1);
return 0;
}
Reported by FlawFinder.
Line: 105
Column: 29
CWE codes:
126
send_sideband(1, 2, part1, strlen(part1), LARGE_PACKET_MAX);
packet_write(1, primary, strlen(primary));
send_sideband(1, 2, part2, strlen(part2), LARGE_PACKET_MAX);
packet_response_end(1);
return 0;
}
Reported by FlawFinder.
builtin/pack-redundant.c
4 issues
Line: 200
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct pack_list *entry)
{
struct pack_list *p = xmalloc(sizeof(struct pack_list));
memcpy(p, entry, sizeof(struct pack_list));
p->next = *pl;
*pl = p;
return p;
}
Reported by FlawFinder.
Line: 232
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
pl = pl->next;
}
ret = xmalloc(sizeof(struct pack_list));
memcpy(ret, A, sizeof(struct pack_list));
ret->next = pack_list_difference(A->next, B);
return ret;
}
static void cmp_two_packs(struct pack_list *p1, struct pack_list *p2)
Reported by FlawFinder.
Line: 567
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pack_list *min = NULL, *red, *pl;
struct llist *ignore;
struct object_id *oid;
char buf[GIT_MAX_HEXSZ + 2]; /* hex hash + \n + \0 */
if (argc == 2 && !strcmp(argv[1], "-h"))
usage(pack_redundant_usage);
for (i = 1; i < argc; i++) {
Reported by FlawFinder.
Line: 539
Column: 6
CWE codes:
126
{
struct packed_git *p = get_all_packs(the_repository);
if (strlen(filename) < 40)
die("Bad pack filename: %s", filename);
while (p) {
if (strstr(p->pack_name, filename))
return add_pack(p);
Reported by FlawFinder.
builtin/checkout-index.c
4 issues
Line: 21
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int nul_term_line;
static int checkout_stage; /* default to checkout stage0 */
static int to_tempfile;
static char topath[4][TEMPORARY_FILENAME_LENGTH + 1];
static struct checkout state = CHECKOUT_INIT;
static void write_tempfile_record(const char *name, const char *prefix)
{
Reported by FlawFinder.
Line: 65
Column: 16
CWE codes:
126
static int checkout_file(const char *name, const char *prefix)
{
int namelen = strlen(name);
int pos = cache_name_pos(name, namelen);
int has_same_name = 0;
int did_checkout = 0;
int errs = 0;
Reported by FlawFinder.
Line: 213
Column: 27
CWE codes:
126
usage_with_options(builtin_checkout_index_usage,
builtin_checkout_index_options);
git_config(git_default_config, NULL);
prefix_length = prefix ? strlen(prefix) : 0;
if (read_cache() < 0) {
die("invalid cache");
}
Reported by FlawFinder.
Line: 228
Column: 23
CWE codes:
126
if (!state.base_dir)
state.base_dir = "";
state.base_dir_len = strlen(state.base_dir);
/*
* when --prefix is specified we do not want to update cache.
*/
if (index_opt && !state.base_dir_len && !to_tempfile) {
Reported by FlawFinder.
parse-options.c
4 issues
Line: 437
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void parse_options_check(const struct option *opts)
{
int err = 0;
char short_opts[128];
memset(short_opts, '\0', sizeof(short_opts));
for (; opts->type != OPTION_END; opts++) {
if ((opts->flags & PARSE_OPT_LASTARG_DEFAULT) &&
(opts->flags & PARSE_OPT_OPTARG))
Reported by FlawFinder.
Line: 679
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (options[j].type == OPTION_ALIAS)
BUG("No please. Nested aliases are not supported.");
memcpy(newopt + i, options + j, sizeof(*newopt));
newopt[i].short_name = short_name;
newopt[i].long_name = long_name;
newopt[i].help = strbuf_detach(&help, NULL);
newopt[i].flags |= PARSE_OPT_FROM_ALIAS;
break;
Reported by FlawFinder.
Line: 416
Column: 6
CWE codes:
126
static void check_typos(const char *arg, const struct option *options)
{
if (strlen(arg) < 3)
return;
if (starts_with(arg, "no-")) {
error(_("did you mean `--%s` (with two dashes)?"), arg);
exit(129);
Reported by FlawFinder.
Line: 488
Column: 36
CWE codes:
126
; /* ok. (usually accepts an argument) */
}
if (opts->argh &&
strcspn(opts->argh, " _") != strlen(opts->argh))
err |= optbug(opts, "multi-word argh should use dash to separate words");
}
if (err)
exit(128);
}
Reported by FlawFinder.
fsmonitor.c
4 issues
Line: 139
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* fix up size field */
put_be32(&ewah_size, sb->len - ewah_start);
memcpy(sb->buf + fixup, &ewah_size, sizeof(uint32_t));
trace2_data_string("index", NULL, "extension/fsmn/write/token",
istate->fsmonitor_last_update);
trace_printf_key(&trace_fsmonitor,
"write fsmonitor extension successful '%s'",
Reported by FlawFinder.
Line: 187
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int fsmonitor_is_trivial_response(const struct strbuf *query_result)
{
static char trivial_response[3] = { '\0', '/', '\0' };
return query_result->len >= 3 &&
!memcmp(trivial_response,
&query_result->buf[query_result->len - 3], 3);
}
Reported by FlawFinder.
Line: 196
Column: 15
CWE codes:
126
static void fsmonitor_refresh_callback(struct index_state *istate, char *name)
{
int i, len = strlen(name);
if (name[len - 1] == '/') {
/*
* TODO We should binary search to find the first path with
* TODO this directory prefix. Then linearly update entries
Reported by FlawFinder.
Line: 216
Column: 42
CWE codes:
126
/* Need to remove the / from the path for the untracked cache */
name[len - 1] = '\0';
} else {
int pos = index_name_pos(istate, name, strlen(name));
if (pos >= 0) {
struct cache_entry *ce = istate->cache[pos];
ce->ce_flags &= ~CE_FSMONITOR_VALID;
}
Reported by FlawFinder.