The following issues were found
compat/regex/regex.h
1 issues
Line: 572
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int __cflags);
extern int regexec (const regex_t *__restrict __preg,
const char *__restrict __cstring, size_t __nmatch,
regmatch_t __pmatch[__restrict_arr],
int __eflags);
extern size_t regerror (int __errcode, const regex_t *__restrict __preg,
char *__restrict __errbuf, size_t __errbuf_size);
Reported by FlawFinder.
hashmap.c
1 issues
Line: 313
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pool_entry {
struct hashmap_entry ent;
size_t len;
unsigned char data[FLEX_ARRAY];
};
static int pool_entry_cmp(const void *unused_cmp_data,
const struct hashmap_entry *eptr,
const struct hashmap_entry *entry_or_key,
Reported by FlawFinder.
hashmap.h
1 issues
Line: 595
Column: 27
CWE codes:
126
const void *memintern(const void *data, size_t len);
static inline const char *strintern(const char *string)
{
return memintern(string, strlen(string));
}
#endif
Reported by FlawFinder.
compat/precompose_utf8.h
1 issues
Line: 21
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* NAME_MAX=255 and strlen(d_name) may return 508 or 510
* Solution: allocate more when needed, see precompose_utf8_readdir()
*/
char d_name[NAME_MAX+1];
} dirent_prec_psx;
typedef struct {
iconv_t ic_precompose;
Reported by FlawFinder.
help.h
1 issues
Line: 12
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int cnt;
struct cmdname {
size_t len; /* also used for similarity index in help.c */
char name[FLEX_ARRAY];
} **names;
};
static inline void mput_char(char c, unsigned int num)
{
Reported by FlawFinder.
compat/nedmalloc/nedmalloc.h
1 issues
Line: 71
Column: 34
CWE codes:
676
Suggestion:
Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient
#define nedcalloc calloc
#define nedrealloc realloc
#define nedfree free
#define nedmemalign memalign
#define nedmallinfo mallinfo
#define nedmallopt mallopt
#define nedmalloc_trim malloc_trim
#define nedmalloc_stats malloc_stats
#define nedmalloc_footprint malloc_footprint
Reported by FlawFinder.
compat/nedmalloc/nedmalloc.c
1 issues
Line: 828
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
assert(memsize);
if((ret=threadcache_malloc(p, tc, &size)))
{
memcpy(ret, mem, memsize<size ? memsize : size);
if(memsize<=THREADCACHEMAX)
threadcache_free(p, tc, mymspace, mem, memsize);
else
mspace_free(0, mem);
}
Reported by FlawFinder.
json-writer.c
1 issues
Line: 7
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void jw_init(struct json_writer *jw)
{
struct json_writer blank = JSON_WRITER_INIT;
memcpy(jw, &blank, sizeof(*jw));;
}
void jw_release(struct json_writer *jw)
{
strbuf_release(&jw->json);
Reported by FlawFinder.
walker.h
1 issues
Line: 20
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
};
/* Report what we got under get_verbosely */
__attribute__((format (printf, 2, 3)))
void walker_say(struct walker *walker, const char *fmt, ...);
/* Load pull targets from stdin */
int walker_targets_stdin(char ***target, const char ***write_ref);
Reported by FlawFinder.
compat/mkdtemp.c
1 issues
Line: 5
Column: 8
CWE codes:
377
char *gitmkdtemp(char *template)
{
if (!*mktemp(template) || mkdir(template, 0700))
return NULL;
return template;
}
Reported by FlawFinder.