The following issues were found
ppc/sha1.c
2 issues
Line: 39
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
nb = 64 - c->cnt;
if (nb > n)
nb = n;
memcpy(&c->buf.b[c->cnt], p, nb);
if ((c->cnt += nb) == 64) {
ppc_sha1_core(c->hash, c->buf.b, 1);
c->cnt = 0;
}
} else {
Reported by FlawFinder.
Line: 70
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memset(&c->buf.b[cnt], 0, 56 - cnt);
c->buf.l[7] = c->len;
ppc_sha1_core(c->hash, c->buf.b, 1);
memcpy(hash, c->hash, 20);
return 0;
}
Reported by FlawFinder.
hex.c
2 issues
Line: 3
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "cache.h"
const signed char hexval_table[256] = {
-1, -1, -1, -1, -1, -1, -1, -1, /* 00-07 */
-1, -1, -1, -1, -1, -1, -1, -1, /* 08-0f */
-1, -1, -1, -1, -1, -1, -1, -1, /* 10-17 */
-1, -1, -1, -1, -1, -1, -1, -1, /* 18-1f */
-1, -1, -1, -1, -1, -1, -1, -1, /* 20-27 */
-1, -1, -1, -1, -1, -1, -1, -1, /* 28-2f */
Reported by FlawFinder.
Line: 152
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *hash_to_hex_algop(const unsigned char *hash, const struct git_hash_algo *algop)
{
static int bufno;
static char hexbuffer[4][GIT_MAX_HEXSZ + 1];
bufno = (bufno + 1) % ARRAY_SIZE(hexbuffer);
return hash_to_hex_algop_r(hexbuffer[bufno], hash, algop);
}
char *hash_to_hex(const unsigned char *hash)
Reported by FlawFinder.
t/helper/test-parse-options.c
2 issues
Line: 67
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
return 0;
}
__attribute__((format (printf,3,4)))
static void show(struct string_list *expect, int *status, const char *fmt, ...)
{
struct string_list_item *item;
struct strbuf buf = STRBUF_INIT;
va_list args;
Reported by FlawFinder.
Line: 34
Column: 23
CWE codes:
126
if (unset)
return 1; /* do not support unset */
*(int *)opt->value = strlen(arg);
return 0;
}
static int number_callback(const struct option *opt, const char *arg, int unset)
{
Reported by FlawFinder.
builtin/credential-cache.c
2 issues
Line: 27
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
shutdown(fd, SHUT_WR);
while (1) {
char in[1024];
int r;
r = read_in_full(fd, in, sizeof(in));
if (r == 0 || (r < 0 && errno == ECONNRESET))
break;
Reported by FlawFinder.
Line: 45
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void spawn_daemon(const char *socket)
{
struct child_process daemon = CHILD_PROCESS_INIT;
char buf[128];
int r;
strvec_pushl(&daemon.args,
"credential-cache--daemon", socket,
NULL);
Reported by FlawFinder.
xdiff-interface.c
2 issues
Line: 162
Column: 11
CWE codes:
362
if (stat(filename, &st))
return error_errno("Could not stat %s", filename);
if ((f = fopen(filename, "rb")) == NULL)
return error_errno("Could not open %s", filename);
sz = xsize_t(st.st_size);
ptr->ptr = xmalloc(sz ? sz : 1);
if (sz && fread(ptr->ptr, sz, 1, f) != 1) {
fclose(f);
Reported by FlawFinder.
Line: 241
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
result = buffer_size;
while (result > 0 && (isspace(line[result - 1])))
result--;
memcpy(buffer, line, result);
return result;
}
void xdiff_set_find_func(xdemitconf_t *xecfg, const char *value, int cflags)
{
Reported by FlawFinder.
builtin/rm.c
2 issues
Line: 73
Column: 30
CWE codes:
126
int pos;
const struct cache_entry *ce;
pos = cache_name_pos(name, strlen(name));
if (pos < 0) {
pos = get_ours_cache_pos(name, pos);
if (pos < 0)
continue;
}
Reported by FlawFinder.
Line: 118
Column: 30
CWE codes:
126
int local_changes = 0;
int staged_changes = 0;
pos = cache_name_pos(name, strlen(name));
if (pos < 0) {
/*
* Skip unmerged entries except for populated submodules
* that could lose history when removed.
*/
Reported by FlawFinder.
t/helper/test-ref-store.c
2 issues
Line: 59
CWE codes:
908
} else
die("unknown backend %s", argv[0]);
if (!*refs)
die("no ref store");
/* consume store-specific optional arguments if needed */
return argv + 1;
Reported by Cppcheck.
Line: 17
Column: 9
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
static unsigned int arg_flags(const char *arg, const char *name)
{
return atoi(notnull(arg, name));
}
static const char **get_store(const char **argv, struct ref_store **refs)
{
const char *gitdir;
Reported by FlawFinder.
protocol.c
2 issues
Line: 33
Column: 15
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
return version;
}
git_test_v = getenv(git_test_k);
if (git_test_v && *git_test_v) {
enum protocol_version env = parse_protocol_version(git_test_v);
if (env == protocol_unknown_version)
die("unknown value for %s: %s", git_test_k, git_test_v);
Reported by FlawFinder.
Line: 47
Column: 29
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
enum protocol_version determine_protocol_version_server(void)
{
const char *git_protocol = getenv(GIT_PROTOCOL_ENVIRONMENT);
enum protocol_version version = protocol_v0;
/*
* Determine which protocol version the client has requested. Since
* multiple 'version' keys can be sent by the client, indicating that
Reported by FlawFinder.
quote.c
2 issues
Line: 218
Column: 15
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
#define X8(x) x, x, x, x, x, x, x, x
#define X16(x) X8(x), X8(x)
static signed char const cq_lookup[256] = {
/* 0 1 2 3 4 5 6 7 */
/* 0x00 */ 1, 1, 1, 1, 1, 1, 1, 'a',
/* 0x08 */ 'b', 't', 'n', 'v', 'f', 'r', 1, 1,
/* 0x10 */ X16(1),
/* 0x20 */ -1, -1, '"', -1, -1, -1, -1, -1,
Reported by FlawFinder.
Line: 378
Column: 29
CWE codes:
126
*/
if (force_dq)
strbuf_addch(out, '"');
quote_c_style_counted(rel, strlen(rel), out, NULL,
force_dq ? CQUOTE_NODQ : 0);
if (force_dq)
strbuf_addch(out, '"');
strbuf_release(&sb);
Reported by FlawFinder.
t/helper/test-string-list.c
2 issues
Line: 52
Column: 18
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
int i;
const char *s = argv[2];
int delim = *argv[3];
int maxsplit = atoi(argv[4]);
i = string_list_split(&list, s, delim, maxsplit);
printf("%d\n", i);
write_list(&list);
string_list_clear(&list, 0);
Reported by FlawFinder.
Line: 66
Column: 18
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
int i;
char *s = xstrdup(argv[2]);
int delim = *argv[3];
int maxsplit = atoi(argv[4]);
i = string_list_split_in_place(&list, s, delim, maxsplit);
printf("%d\n", i);
write_list(&list);
string_list_clear(&list, 0);
Reported by FlawFinder.