The following issues were found

t/helper/test-bloom.c
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 12 Column: 24 CWE codes: 126 

              		struct bloom_key key;
		int i;

		fill_bloom_key(data, strlen(data), &key, &settings);
		printf("Hashes:");
		for (i = 0; i < settings.num_hashes; i++){
			printf("0x%08x|", key.hashes[i]);
		}
		printf("\n");

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 64 Column: 39 CWE codes: 126 

              		uint32_t hashed;
		if (argc < 3)
			usage(bloom_usage);
		hashed = murmur3_seeded(0, argv[2], strlen(argv[2]));
		printf("Murmur3 Hash with seed=0:0x%08x\n", hashed);
	}

	if (!strcmp(argv[1], "generate_filter")) {
		struct bloom_filter filter;

Reported by FlawFinder.

builtin/update-ref.c
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 418 Column: 18 CWE codes: 126 

              			 * by a line terminator.
			 */
			c = command[i].args ? ' ' : line_termination;
			if (input.buf[strlen(prefix)] != c)
				continue;

			cmd = &command[i];
			break;
		}

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 466 Column: 36 CWE codes: 126 

              			break;
		}

		cmd->fn(transaction, input.buf + strlen(cmd->prefix) + !!cmd->args,
			input.buf + input.len);
	}

	switch (state) {
	case UPDATE_REFS_OPEN:

Reported by FlawFinder.

builtin/diff-tree.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 108 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
int cmd_diff_tree(int argc, const char **argv, const char *prefix)
{
	char line[1000];
	struct object *tree1, *tree2;
	static struct rev_info *opt = &log_tree_opt;
	struct setup_revision_opt s_r_opt;
	struct userformat_want w;
	int read_stdin = 0;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 63 Column: 12 CWE codes: 126 

              
static int diff_tree_stdin(char *line)
{
	int len = strlen(line);
	struct object_id oid;
	struct object *obj;
	const char *p;

	if (!len || line[len-1] != '\n')

Reported by FlawFinder.

patch-delta.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 62 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              			    cp_off + cp_size > src_size ||
			    cp_size > size)
				goto bad_length;
			memcpy(out, (char *) src_buf + cp_off, cp_size);
			out += cp_size;
			size -= cp_size;
		} else if (cmd) {
			if (cmd > size || cmd > top - data)
				goto bad_length;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 68 Column: 4 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              		} else if (cmd) {
			if (cmd > size || cmd > top - data)
				goto bad_length;
			memcpy(out, data, cmd);
			out += cmd;
			data += cmd;
			size -= cmd;
		} else {
			/*

Reported by FlawFinder.

t/helper/test-fake-ssh.c
2 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 7 Column: 32 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              
int cmd_main(int argc, const char **argv)
{
	const char *trash_directory = getenv("TRASH_DIRECTORY");
	struct strbuf buf = STRBUF_INIT;
	FILE *f;
	int i;
	const char *child_argv[] = { NULL, NULL };

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 17 Column: 6 CWE codes: 362 

              	if (!trash_directory)
		die("Need a TRASH_DIRECTORY!");
	strbuf_addf(&buf, "%s/ssh-output", trash_directory);
	f = fopen(buf.buf, "w");
	if (!f)
		die("Could not write to %s", buf.buf);
	for (i = 0; i < argc; i++)
		fprintf(f, "%s%s", i > 0 ? " " : "", i > 0 ? argv[i] : "ssh:");
	fprintf(f, "\n");

Reported by FlawFinder.

compat/unsetenv.c
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 11 Column: 13 CWE codes: 126 

                   int src, dst;
     size_t nmln;

     nmln = strlen(name);

     for (src = dst = 0; environ[src]; ++src) {
	  size_t enln;
	  enln = strlen(environ[src]);
	  if (enln > nmln) {

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 15 Column: 11 CWE codes: 126 

              
     for (src = dst = 0; environ[src]; ++src) {
	  size_t enln;
	  enln = strlen(environ[src]);
	  if (enln > nmln) {
               /* might match, and can test for '=' safely */
	       if (0 == strncmp (environ[src], name, nmln)
		   && '=' == environ[src][nmln])
		    /* matches, so skip */

Reported by FlawFinder.

list-objects-filter.c
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 417 Column: 47 CWE codes: 126 

              	case LOFS_BEGIN_TREE:
		assert(obj->type == OBJ_TREE);
		dtype = DT_DIR;
		match = path_matches_pattern_list(pathname, strlen(pathname),
						  filename, &dtype, &filter_data->pl,
						  r->index);
		if (match == UNDECIDED)
			match = filter_data->array_frame[filter_data->nr - 1].default_match;

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 479 Column: 47 CWE codes: 126 

              		frame = &filter_data->array_frame[filter_data->nr - 1];

		dtype = DT_REG;
		match = path_matches_pattern_list(pathname, strlen(pathname),
					    filename, &dtype, &filter_data->pl,
					    r->index);
		if (match == UNDECIDED)
			match = frame->default_match;
		if (match == MATCHED) {

Reported by FlawFinder.

builtin/tag.c
2 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 354 Column: 14 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              	int subject_len = 0;
	const char *subject_start;

	char *rla = getenv("GIT_REFLOG_ACTION");
	if (rla) {
		strbuf_addstr(sb, rla);
	} else {
		strbuf_addstr(sb, "tag: tagging ");
		strbuf_add_unique_abbrev(sb, oid, DEFAULT_ABBREV);

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 296 Column: 8 CWE codes: 362 

              
		/* write the template message before editing: */
		path = git_pathdup("TAG_EDITMSG");
		fd = open(path, O_CREAT | O_TRUNC | O_WRONLY, 0600);
		if (fd < 0)
			die_errno(_("could not create file '%s'"), path);

		if (opt->message_given) {
			write_or_die(fd, buf->buf, buf->len);

Reported by FlawFinder.

git.c
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 59 Column: 18 CWE codes: 126 

              
static int match_token(const char *spec, int len, const char *token)
{
	int token_len = strlen(token);

	return len == token_len && !strncmp(spec, token, token_len);
}

static int list_cmds(const char *spec)

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 671 Column: 28 CWE codes: 126 

              
	for (i = 0; i < ARRAY_SIZE(commands); i++)
		if (skip_prefix(commands[i].cmd, prefix, &name))
			add_cmdname(cmds, name, strlen(name));
}

#ifdef STRIP_EXTENSION
static void strip_extension(const char **argv)
{

Reported by FlawFinder.

t/helper/test-json-writer.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 450 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static int scripted(void)
{
	struct json_writer jw = JSON_WRITER_INIT;
	char buf[MAX_LINE_LENGTH];
	char *line;
	int line_nr = 0;

	line = get_trimmed_line(buf, MAX_LINE_LENGTH);
	if (!line)

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 432 Column: 8 CWE codes: 126 

              	if (!fgets(buf, buf_size, stdin))
		return NULL;

	len = strlen(buf);
	while (len > 0) {
		char c = buf[len - 1];
		if (c == '\n' || c == '\r' || c == ' ' || c == '\t')
			buf[--len] = 0;
		else

Reported by FlawFinder.