Line: 44 Column: 35 CWE codes: 126

              
	*width += data->opts.padding;

	data->cols = (data->opts.width - strlen(data->opts.indent)) / *width;
	if (data->cols == 0)
		data->cols = 1;

	data->rows = DIV_ROUND_UP(data->list->nr, data->cols);
}

            

Line: 86 Column: 17 CWE codes: 126

              			REALLOC_ARRAY(data->width, data->cols);
		compute_column_width(data);

		total_width = strlen(data->opts.indent);
		for (x = 0; x < data->cols; x++) {
			total_width += data->len[data->width[x]];
			total_width += data->opts.padding;
		}
		if (total_width > data->opts.width) {

            

Line: 257 Column: 14 CWE codes: 126

              			}
		}

		name_len = strlen(opts[i].name);
		if (arg_len != name_len ||
		    strncmp(arg_str, opts[i].name, name_len))
			continue;

		switch (opts[i].mask) {

            

Line: 71 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              
	memset(sa, 0, sizeof(*sa));
	sa->sun_family = AF_UNIX;
	memcpy(sa->sun_path, path, size);
	return 0;
}

int unix_stream_connect(const char *path, int disallow_chdir)
{

            

Line: 36 Column: 13 CWE codes: 126

              			      struct unix_sockaddr_context *ctx,
			      int disallow_chdir)
{
	int size = strlen(path) + 1;

	ctx->orig_dir = NULL;
	if (size > sizeof(sa->sun_path)) {
		const char *slash;
		const char *dir;

            

Line: 57 Column: 10 CWE codes: 126

              
		dir = path;
		path = slash + 1;
		size = strlen(path) + 1;
		if (size > sizeof(sa->sun_path)) {
			errno = ENAMETOOLONG;
			return -1;
		}
		if (strbuf_getcwd(&cwd))

            

Line: 706 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification

              		res = error(_("could not write index"));

	if (!res)
		printf(Q_("updated %d path\n",
			  "updated %d paths\n", count), (int)count);

	putchar('\n');
	return res;
}

            

Line: 813 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification

              						   NULL, NULL, NULL);

	if (!res)
		printf(Q_("reverted %d path\n",
			  "reverted %d paths\n", count), (int)count);

finish_revert:
	putchar('\n');
	return res;

            

Line: 895 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification

              		res = error(_("could not write index"));

	if (!res)
		printf(Q_("added %d path\n",
			  "added %d paths\n", count), (int)count);

finish_add_untracked:
	putchar('\n');
	return res;

            

Line: 53 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
struct collected_reflog {
	struct object_id oid;
	char reflog[FLEX_ARRAY];
};

struct collect_reflog_cb {
	struct collected_reflog **e;
	int alloc;

            

Line: 434 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              	struct reflog_expire_cfg *next;
	timestamp_t expire_total;
	timestamp_t expire_unreachable;
	char pattern[FLEX_ARRAY];
} *reflog_expire_cfg, **reflog_expire_cfg_tail;

static struct reflog_expire_cfg *find_cfg_ent(const char *pattern, size_t len)
{
	struct reflog_expire_cfg *ent;

            

Line: 646 Column: 26 CWE codes: 126

              	for (; i < argc; i++) {
		char *ref;
		struct object_id oid;
		if (!dwim_log(argv[i], strlen(argv[i]), &oid, &ref)) {
			status |= error(_("%s points nowhere!"), argv[i]);
			continue;
		}
		set_reflog_expiry_param(&cb.cmd, explicit_expiry, ref);
		status |= reflog_expire(ref, &oid, flags,

            

Line: 16 Column: 10 CWE codes: 362

              	FILE *from, *to;

	if (argc == 3 && !strcmp(argv[2], "-l")) {
		from = fopen(argv[1], "r");
		if (!from)
			return 0;
		to = stdout;
	} else if (argc == 2) {
		from = stdin;

            

Line: 22 Column: 8 CWE codes: 362

              		to = stdout;
	} else if (argc == 2) {
		from = stdin;
		to = fopen(argv[1], "w");
	} else
		return error("unknown arguments");

	while ((a = fgetc(from)) != EOF)
		fputc(a, to);

            

Line: 26 Column: 14 CWE codes: 120 20

              	} else
		return error("unknown arguments");

	while ((a = fgetc(from)) != EOF)
		fputc(a, to);

	if (argc == 3)
		fclose(from);
	else

            

Line: 20 Column: 14 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)

              	struct strbuf buf = STRBUF_INIT;

	for (; *argv; argv++) {
		time_t t = atoi(*argv);
		show_date_relative(t, &buf);
		printf("%s -> %s\n", *argv, buf.buf);
	}
	strbuf_release(&buf);
}

            

Line: 30 Column: 14 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)

              static void show_human_dates(const char **argv)
{
	for (; *argv; argv++) {
		time_t t = atoi(*argv);
		printf("%s -> %s\n", *argv, show_date(t, 0, DATE_MODE(HUMAN)));
	}
}

static void show_dates(const char **argv, const char *format)

            

Line: 52 Column: 8 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)

              		t = parse_timestamp(*argv, &arg, 10);
		while (*arg == ' ')
			arg++;
		tz = atoi(arg);

		printf("%s -> %s\n", *argv, show_date(t, tz, &mode));
	}
}


            

Line: 605 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              		/* Otherwise, replace it with this one. */
	}

	memcpy(item->util, &matched, sizeof(matched));
	strbuf_addstr(&synthkey, collect->section);
	strbuf_addch(&synthkey, '.');
	strbuf_addstr(&synthkey, key);
	retval = collect->collect_fn(synthkey.buf, value, collect->cb);


            

Line: 146 Column: 19 CWE codes: 126

              	 * will be detected (including a missing host for non file: URLs).
	 */

	size_t url_len = strlen(url);
	struct strbuf norm;
	size_t spanned;
	size_t scheme_len, user_off=0, user_len=0, passwd_off=0, passwd_len=0;
	size_t host_off=0, host_len=0, port_off=0, port_len=0, path_off, path_len, result_len;
	const char *slash_ptr, *at_ptr, *colon_ptr, *path_start;

            

Line: 465 Column: 7 CWE codes: 126

              		url_prefix_len--;
	if (strncmp(url, url_prefix, url_prefix_len))
		return 0;
	if ((strlen(url) == url_prefix_len) || (url[url_prefix_len] == '/'))
		return url_prefix_len + 1;
	return 0;
}

static int match_urls(const struct url_info *url,

            

Line: 46 Column: 10 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              
static inline int is_merge(void)
{
	return !access(git_path_merge_head(the_repository), F_OK);
}

static int reset_index(const char *ref, const struct object_id *oid, int reset_type, int quiet)
{
	int i, nr = 0;

            

Line: 181 Column: 20 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them

              static void set_reflog_message(struct strbuf *sb, const char *action,
			       const char *rev)
{
	const char *rla = getenv("GIT_REFLOG_ACTION");

	strbuf_reset(sb);
	if (rla)
		strbuf_addf(sb, "%s: %s", rla, action);
	else if (rev)

            

Line: 426 Column: 18 CWE codes: 126

              			char *ref = NULL;
			int err;

			dwim_ref(rev, strlen(rev), &dummy, &ref, 0);
			if (ref && !starts_with(ref, "refs/"))
				FREE_AND_NULL(ref);

			err = reset_index(ref, &oid, reset_type, quiet);
			if (reset_type == KEEP && !err)

            

Line: 31 Column: 7 CWE codes: 362

              		return 1;
	}

	fd = open(argv[2], O_RDONLY);
	if (fd < 0 || fstat(fd, &st)) {
		perror(argv[2]);
		return 1;
	}
	from_size = st.st_size;

            

Line: 45 Column: 7 CWE codes: 362

              	}
	close(fd);

	fd = open(argv[3], O_RDONLY);
	if (fd < 0 || fstat(fd, &st)) {
		perror(argv[3]);
		return 1;
	}
	data_size = st.st_size;

            

Line: 72 Column: 7 CWE codes: 362

              		return 1;
	}

	fd = open (argv[4], O_WRONLY|O_CREAT|O_TRUNC, 0666);
	if (fd < 0 || write_in_full(fd, out_buf, out_size) < 0) {
		perror(argv[4]);
		return 1;
	}


            

Line: 138 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              int parse_tag_buffer(struct repository *r, struct tag *item, const void *data, unsigned long size)
{
	struct object_id oid;
	char type[20];
	const char *bufptr = data;
	const char *tail = bufptr + size;
	const char *nl;

	if (item->object.parsed)

            

Line: 167 Column: 2 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              	nl = memchr(bufptr, '\n', tail - bufptr);
	if (!nl || sizeof(type) <= (nl - bufptr))
		return -1;
	memcpy(type, bufptr, nl - bufptr);
	type[nl - bufptr] = '\0';
	bufptr = nl + 1;

	if (!strcmp(type, blob_type)) {
		item->tagged = (struct object *)lookup_blob(r, &oid);

            

Line: 84 Column: 14 CWE codes: 126

              		if (last_oid && is_promisor_object(last_oid))
			return NULL;
		if (!warnlen)
			warnlen = strlen(warn);
		error("missing object referenced by '%.*s'", warnlen, warn);
	}
	return o;
}