The following issues were found
compat/poll/poll.c
2 issues
Line: 220
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int r, error;
char data[64];
WSASetLastError (0);
r = recv (h, data, sizeof (data), MSG_PEEK);
error = WSAGetLastError ();
WSASetLastError (0);
Reported by FlawFinder.
Line: 269
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (r == 0 || socket_errno == ENOTSOCK)
ioctl (fd, FIONREAD, &r);
# else
char data[64];
r = recv (fd, data, sizeof (data), MSG_PEEK);
socket_errno = (r < 0) ? errno : 0;
# endif
if (r == 0)
happened |= POLLHUP;
Reported by FlawFinder.
builtin/bugreport.c
2 issues
Line: 37
Column: 10
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
strbuf_addstr(sys_info, _("libc info: "));
get_libc_info(sys_info);
shell = getenv("SHELL");
strbuf_addf(sys_info, "$SHELL (typically, interactive shell): %s\n",
shell ? shell : "<unset>");
}
static void get_populated_hooks(struct strbuf *hook_info, int nongit)
Reported by FlawFinder.
Line: 174
Column: 11
CWE codes:
362
get_populated_hooks(&buffer, !startup_info->have_repository);
/* fopen doesn't offer us an O_EXCL alternative, except with glibc. */
report = open(report_path.buf, O_CREAT | O_EXCL | O_WRONLY, 0666);
if (report < 0)
die(_("couldn't create a new file at '%s'"), report_path.buf);
if (write_in_full(report, buffer.buf, buffer.len) < 0)
Reported by FlawFinder.
builtin/branch.c
2 issues
Line: 290
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
if (!ref_exists(name)) {
char *refname = name + branch_name_pos;
if (!quiet)
printf(remote_branch
? _("Deleted remote-tracking branch %s (was %s).\n")
: _("Deleted branch %s (was %s).\n"),
name + branch_name_pos, describe_ref);
delete_branch_config(refname);
Reported by FlawFinder.
Line: 433
Column: 36
CWE codes:
126
filter_refs(&array, filter, filter->kind | FILTER_REFS_INCLUDE_BROKEN);
if (filter->verbose)
maxwidth = calc_maxwidth(&array, strlen(remote_prefix));
if (!format->format)
format->format = to_free = build_format(filter, maxwidth, remote_prefix);
format->use_color = branch_use_color;
Reported by FlawFinder.
transport-internal.h
2 issues
Line: 54
Column: 53
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* process involved generating new commits.
**/
int (*push_refs)(struct transport *transport, struct ref *refs, int flags);
int (*connect)(struct transport *connection, const char *name,
const char *executable, int fd[2]);
/** get_refs_list(), fetch(), and push_refs() can keep
* resources (such as a connection) reserved for further
* use. disconnect() releases these resources.
Reported by FlawFinder.
Line: 55
Column: 16
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
**/
int (*push_refs)(struct transport *transport, struct ref *refs, int flags);
int (*connect)(struct transport *connection, const char *name,
const char *executable, int fd[2]);
/** get_refs_list(), fetch(), and push_refs() can keep
* resources (such as a connection) reserved for further
* use. disconnect() releases these resources.
**/
Reported by FlawFinder.
commit.h
2 issues
Line: 50
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct name_decoration {
struct name_decoration *next;
int type;
char name[FLEX_ARRAY];
};
enum decoration_type {
DECORATION_NONE = 0,
DECORATION_REF_LOCAL,
Reported by FlawFinder.
Line: 311
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct merge_remote_desc {
struct object *obj; /* the named object, could be a tag */
char name[FLEX_ARRAY];
};
struct merge_remote_desc *merge_remote_util(struct commit *);
void set_merge_remote_desc(struct commit *commit,
const char *name, struct object *obj);
Reported by FlawFinder.
transport.h
2 issues
Line: 286
Column: 58
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void transport_take_over(struct transport *transport,
struct child_process *child);
int transport_connect(struct transport *transport, const char *name,
const char *exec, int fd[2]);
/* Transport methods defined outside transport.c */
int transport_helper_init(struct transport *transport, const char *name);
int bidirectional_transfer_loop(int input, int output);
Reported by FlawFinder.
Line: 287
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct child_process *child);
int transport_connect(struct transport *transport, const char *name,
const char *exec, int fd[2]);
/* Transport methods defined outside transport.c */
int transport_helper_init(struct transport *transport, const char *name);
int bidirectional_transfer_loop(int input, int output);
Reported by FlawFinder.
refspec.c
2 issues
Line: 57
Column: 17
CWE codes:
126
}
if (rhs) {
size_t rlen = strlen(++rhs);
is_glob = (1 <= rlen && strchr(rhs, '*'));
item->dst = xstrndup(rhs, rlen);
} else {
item->dst = NULL;
}
Reported by FlawFinder.
Line: 64
Column: 34
CWE codes:
126
item->dst = NULL;
}
llen = (rhs ? (rhs - lhs - 1) : strlen(lhs));
if (1 <= llen && memchr(lhs, '*', llen)) {
if ((rhs && !is_glob) || (!rhs && !item->negative && fetch))
return 0;
is_glob = 1;
} else if (rhs && is_glob) {
Reported by FlawFinder.
builtin/add.c
2 issues
Line: 447
Column: 3
CWE codes:
134
Suggestion:
Use a constant for the format specification
int i, exit_status = 0;
if (dir->ignored_nr) {
fprintf(stderr, _(ignore_error));
for (i = 0; i < dir->ignored_nr; i++)
fprintf(stderr, "%s\n", dir->ignored[i]->name);
if (advice_add_ignored_file)
advise(_("Use -f if you really want to add them.\n"
"Turn this message off by running\n"
Reported by FlawFinder.
Line: 316
Column: 8
CWE codes:
362
rev.diffopt.output_format = DIFF_FORMAT_PATCH;
rev.diffopt.use_color = 0;
rev.diffopt.flags.ignore_dirty_submodules = 1;
out = open(file, O_CREAT | O_WRONLY | O_TRUNC, 0666);
if (out < 0)
die(_("Could not open '%s' for writing."), file);
rev.diffopt.file = xfdopen(out, "w");
rev.diffopt.close_file = 1;
if (run_diff_files(&rev, 0))
Reported by FlawFinder.
url.c
2 issues
Line: 72
Column: 29
CWE codes:
126
char *url_decode(const char *url)
{
return url_decode_mem(url, strlen(url));
}
char *url_decode_mem(const char *url, int len)
{
struct strbuf out = STRBUF_INIT;
Reported by FlawFinder.
Line: 92
Column: 39
CWE codes:
126
char *url_percent_decode(const char *encoded)
{
struct strbuf out = STRBUF_INIT;
return url_decode_internal(&encoded, strlen(encoded), NULL, &out, 0);
}
char *url_decode_parameter_name(const char **query)
{
struct strbuf out = STRBUF_INIT;
Reported by FlawFinder.
branch.c
2 issues
Line: 209
Column: 18
CWE codes:
126
if (!force)
die(_("A branch named '%s' already exists."),
ref->buf + strlen("refs/heads/"));
head = resolve_ref_unsafe("HEAD", 0, NULL, NULL);
if (!is_bare_repository() && head && !strcmp(head, ref->buf))
die(_("Cannot force update the current branch."));
Reported by FlawFinder.
Line: 284
Column: 31
CWE codes:
126
die(_("Not a valid object name: '%s'."), start_name);
}
switch (dwim_ref(start_name, strlen(start_name), &oid, &real_ref, 0)) {
case 0:
/* Not branching from any existing branch */
if (explicit_tracking)
die(_(upstream_not_branch), start_name);
break;
Reported by FlawFinder.