The following issues were found
parse-options.c
4 issues
Line: 437
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void parse_options_check(const struct option *opts)
{
int err = 0;
char short_opts[128];
memset(short_opts, '\0', sizeof(short_opts));
for (; opts->type != OPTION_END; opts++) {
if ((opts->flags & PARSE_OPT_LASTARG_DEFAULT) &&
(opts->flags & PARSE_OPT_OPTARG))
Reported by FlawFinder.
Line: 679
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (options[j].type == OPTION_ALIAS)
BUG("No please. Nested aliases are not supported.");
memcpy(newopt + i, options + j, sizeof(*newopt));
newopt[i].short_name = short_name;
newopt[i].long_name = long_name;
newopt[i].help = strbuf_detach(&help, NULL);
newopt[i].flags |= PARSE_OPT_FROM_ALIAS;
break;
Reported by FlawFinder.
Line: 416
Column: 6
CWE codes:
126
static void check_typos(const char *arg, const struct option *options)
{
if (strlen(arg) < 3)
return;
if (starts_with(arg, "no-")) {
error(_("did you mean `--%s` (with two dashes)?"), arg);
exit(129);
Reported by FlawFinder.
Line: 488
Column: 36
CWE codes:
126
; /* ok. (usually accepts an argument) */
}
if (opts->argh &&
strcspn(opts->argh, " _") != strlen(opts->argh))
err |= optbug(opts, "multi-word argh should use dash to separate words");
}
if (err)
exit(128);
}
Reported by FlawFinder.
fsmonitor.c
4 issues
Line: 139
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* fix up size field */
put_be32(&ewah_size, sb->len - ewah_start);
memcpy(sb->buf + fixup, &ewah_size, sizeof(uint32_t));
trace2_data_string("index", NULL, "extension/fsmn/write/token",
istate->fsmonitor_last_update);
trace_printf_key(&trace_fsmonitor,
"write fsmonitor extension successful '%s'",
Reported by FlawFinder.
Line: 187
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int fsmonitor_is_trivial_response(const struct strbuf *query_result)
{
static char trivial_response[3] = { '\0', '/', '\0' };
return query_result->len >= 3 &&
!memcmp(trivial_response,
&query_result->buf[query_result->len - 3], 3);
}
Reported by FlawFinder.
Line: 196
Column: 15
CWE codes:
126
static void fsmonitor_refresh_callback(struct index_state *istate, char *name)
{
int i, len = strlen(name);
if (name[len - 1] == '/') {
/*
* TODO We should binary search to find the first path with
* TODO this directory prefix. Then linearly update entries
Reported by FlawFinder.
Line: 216
Column: 42
CWE codes:
126
/* Need to remove the / from the path for the untracked cache */
name[len - 1] = '\0';
} else {
int pos = index_name_pos(istate, name, strlen(name));
if (pos >= 0) {
struct cache_entry *ce = istate->cache[pos];
ce->ce_flags &= ~CE_FSMONITOR_VALID;
}
Reported by FlawFinder.
t/helper/test-delta.c
3 issues
Line: 31
Column: 7
CWE codes:
362
return 1;
}
fd = open(argv[2], O_RDONLY);
if (fd < 0 || fstat(fd, &st)) {
perror(argv[2]);
return 1;
}
from_size = st.st_size;
Reported by FlawFinder.
Line: 45
Column: 7
CWE codes:
362
}
close(fd);
fd = open(argv[3], O_RDONLY);
if (fd < 0 || fstat(fd, &st)) {
perror(argv[3]);
return 1;
}
data_size = st.st_size;
Reported by FlawFinder.
Line: 72
Column: 7
CWE codes:
362
return 1;
}
fd = open (argv[4], O_WRONLY|O_CREAT|O_TRUNC, 0666);
if (fd < 0 || write_in_full(fd, out_buf, out_size) < 0) {
perror(argv[4]);
return 1;
}
Reported by FlawFinder.
t/helper/test-crontab.c
3 issues
Line: 16
Column: 10
CWE codes:
362
FILE *from, *to;
if (argc == 3 && !strcmp(argv[2], "-l")) {
from = fopen(argv[1], "r");
if (!from)
return 0;
to = stdout;
} else if (argc == 2) {
from = stdin;
Reported by FlawFinder.
Line: 22
Column: 8
CWE codes:
362
to = stdout;
} else if (argc == 2) {
from = stdin;
to = fopen(argv[1], "w");
} else
return error("unknown arguments");
while ((a = fgetc(from)) != EOF)
fputc(a, to);
Reported by FlawFinder.
column.c
3 issues
Line: 44
Column: 35
CWE codes:
126
*width += data->opts.padding;
data->cols = (data->opts.width - strlen(data->opts.indent)) / *width;
if (data->cols == 0)
data->cols = 1;
data->rows = DIV_ROUND_UP(data->list->nr, data->cols);
}
Reported by FlawFinder.
Line: 86
Column: 17
CWE codes:
126
REALLOC_ARRAY(data->width, data->cols);
compute_column_width(data);
total_width = strlen(data->opts.indent);
for (x = 0; x < data->cols; x++) {
total_width += data->len[data->width[x]];
total_width += data->opts.padding;
}
if (total_width > data->opts.width) {
Reported by FlawFinder.
Line: 257
Column: 14
CWE codes:
126
}
}
name_len = strlen(opts[i].name);
if (arg_len != name_len ||
strncmp(arg_str, opts[i].name, name_len))
continue;
switch (opts[i].mask) {
Reported by FlawFinder.
strmap.c
3 issues
Line: 29
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void strmap_init(struct strmap *map)
{
struct strmap blank = STRMAP_INIT;
memcpy(map, &blank, sizeof(*map));
}
void strmap_init_with_options(struct strmap *map,
struct mem_pool *pool,
int strdup_strings)
Reported by FlawFinder.
Line: 93
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t len = st_add(strlen(str), 1); /* include NUL */
entry = mem_pool_alloc(map->pool,
st_add(sizeof(*entry), len));
memcpy(entry + 1, str, len);
entry->key = (void *)(entry + 1);
}
} else if (!map->pool) {
entry = xmalloc(sizeof(*entry));
} else {
Reported by FlawFinder.
Line: 90
Column: 24
CWE codes:
126
if (!map->pool) {
FLEXPTR_ALLOC_STR(entry, key, str);
} else {
size_t len = st_add(strlen(str), 1); /* include NUL */
entry = mem_pool_alloc(map->pool,
st_add(sizeof(*entry), len));
memcpy(entry + 1, str, len);
entry->key = (void *)(entry + 1);
}
Reported by FlawFinder.
t/helper/test-date.c
3 issues
Line: 20
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
struct strbuf buf = STRBUF_INIT;
for (; *argv; argv++) {
time_t t = atoi(*argv);
show_date_relative(t, &buf);
printf("%s -> %s\n", *argv, buf.buf);
}
strbuf_release(&buf);
}
Reported by FlawFinder.
Line: 30
Column: 14
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
static void show_human_dates(const char **argv)
{
for (; *argv; argv++) {
time_t t = atoi(*argv);
printf("%s -> %s\n", *argv, show_date(t, 0, DATE_MODE(HUMAN)));
}
}
static void show_dates(const char **argv, const char *format)
Reported by FlawFinder.
Line: 52
Column: 8
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
t = parse_timestamp(*argv, &arg, 10);
while (*arg == ' ')
arg++;
tz = atoi(arg);
printf("%s -> %s\n", *argv, show_date(t, tz, &mode));
}
}
Reported by FlawFinder.
color.c
3 issues
Line: 236
CWE codes:
758
{
const char *ptr = value;
int len = value_len;
char *end = dst + COLOR_MAXLEN;
unsigned int attr = 0;
struct color fg = { COLOR_UNSPECIFIED };
struct color bg = { COLOR_UNSPECIFIED };
while (len > 0 && isspace(*ptr)) {
Reported by Cppcheck.
Line: 427
Column: 7
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (*color)
r += fprintf(fp, "%s", color);
r += vfprintf(fp, fmt, args);
if (*color)
r += fprintf(fp, "%s", GIT_COLOR_RESET);
if (trail)
r += fprintf(fp, "%s", trail);
return r;
Reported by FlawFinder.
Line: 193
Column: 32
CWE codes:
126
int color_parse(const char *value, char *dst)
{
return color_parse_mem(value, strlen(value), dst);
}
/*
* Write the ANSI color codes for "c" to "out"; the string should
* already have the ANSI escape code in it. "out" should have enough
Reported by FlawFinder.
name-hash.c
3 issues
Line: 18
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dir_entry *parent;
int nr;
unsigned int namelen;
char name[FLEX_ARRAY];
};
static int dir_entry_cmp(const void *unused_cmp_data,
const struct hashmap_entry *eptr,
const struct hashmap_entry *entry_or_key,
Reported by FlawFinder.
Line: 708
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dir = find_dir_entry(istate, name, ptr - name);
if (dir) {
memcpy((void *)startPtr, dir->name + (startPtr - name), ptr - startPtr);
startPtr = ptr + 1;
}
ptr++;
}
}
Reported by FlawFinder.
Line: 698
Column: 31
CWE codes:
126
const char *ptr = startPtr;
lazy_init_name_hash(istate);
expand_to_path(istate, name, strlen(name), 0);
while (*ptr) {
while (*ptr && *ptr != '/')
ptr++;
if (*ptr == '/') {
Reported by FlawFinder.
notes-merge.c
3 issues
Line: 530
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
free(changes);
if (o->verbosity >= 4)
printf(t->dirty ?
"Merge result: %i unmerged notes and a dirty notes tree\n" :
"Merge result: %i unmerged notes and a clean notes tree\n",
conflicts);
return conflicts ? -1 : 1;
Reported by FlawFinder.
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int path_to_oid(const char *path, struct object_id *oid)
{
char hex_oid[GIT_MAX_HEXSZ];
int i = 0;
while (*path && i < the_hash_algo->hexsz) {
if (*path != '/')
hex_oid[i++] = *path;
path++;
Reported by FlawFinder.
Line: 725
Column: 8
CWE codes:
126
}
create_notes_commit(o->repo, partial_tree, partial_commit->parents, msg,
strlen(msg), result_oid);
unuse_commit_buffer(partial_commit, buffer);
if (o->verbosity >= 4)
printf("Finalized notes merge commit: %s\n",
oid_to_hex(result_oid));
strbuf_release(&path);
Reported by FlawFinder.