The following issues were found

compat/mkdir.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 9 Column: 15 CWE codes: 126 

              {
	int retval;
	char *tmp_dir = NULL;
	size_t len = strlen(dir);

	if (len && dir[len-1] == '/') {
		if ((tmp_dir = strdup(dir)) == NULL)
			return -1;
		tmp_dir[len-1] = '\0';

Reported by FlawFinder.

list-objects-filter-options.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 103 Column: 42 CWE codes: 126 

              		return 1;

	} else if (skip_prefix(arg, "object:type=", &v0)) {
		int type = type_from_string_gently(v0, strlen(v0), 1);
		if (type < 0) {
			strbuf_addf(errbuf, _("'%s' for 'object:type=<type>' is "
					      "not a valid object type"), v0);
			return 1;
		}

Reported by FlawFinder.

block-sha1/sha1.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 17 Column: 30 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
void blk_SHA1_Init(blk_SHA_CTX *ctx);
void blk_SHA1_Update(blk_SHA_CTX *ctx, const void *dataIn, size_t len);
void blk_SHA1_Final(unsigned char hashout[20], blk_SHA_CTX *ctx);

#define platform_SHA_CTX	blk_SHA_CTX
#define platform_SHA1_Init	blk_SHA1_Init
#define platform_SHA1_Update	blk_SHA1_Update
#define platform_SHA1_Final	blk_SHA1_Final

Reported by FlawFinder.

lockfile.c
1 issues
srand - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 114 Column: 3 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              		return lock_file(lk, path, flags, mode);

	if (!random_initialized) {
		srand((unsigned int)getpid());
		random_initialized = 1;
	}

	if (timeout_ms > 0)
		remaining_ms = timeout_ms;

Reported by FlawFinder.

compat/hstrerror.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 7 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
const char *githstrerror(int err)
{
	static char buffer[48];
	switch (err)
	{
	case HOST_NOT_FOUND:
		return "Authoritative answer: host not found";
	case NO_DATA:

Reported by FlawFinder.

compat/access.c
1 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 14 Column: 10 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              
	/* do not interfere a normal user */
	if (geteuid())
		return access(path, mode);

	if (stat(path, &st) < 0)
		return -1;

	/* Root can read or write any file. */

Reported by FlawFinder.

midx.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 39 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
	const char **pack_names;
	struct packed_git **packs;
	char object_dir[FLEX_ARRAY];
};

#define MIDX_PROGRESS     (1 << 0)
#define MIDX_WRITE_REV_INDEX (1 << 1)

Reported by FlawFinder.

notes-cache.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 63 Column: 31 CWE codes: 126 

              
	if (write_notes_tree(&c->tree, &tree_oid))
		return -1;
	if (commit_tree(c->validity, strlen(c->validity), &tree_oid, NULL,
			&commit_oid, NULL, NULL) < 0)
		return -1;
	if (update_ref("update notes cache", c->tree.update_ref, &commit_oid,
		       NULL, 0, UPDATE_REFS_QUIET_ON_ERR) < 0)
		return -1;

Reported by FlawFinder.

cache-tree.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 14 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int count;		/* internally used by update_one() */
	int namelen;
	int used;
	char name[FLEX_ARRAY];
};

struct cache_tree {
	int entry_count; /* negative means "invalid" */
	struct object_id oid;

Reported by FlawFinder.

oidset.c
1 issues
fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 56 Column: 7 CWE codes: 362 

              	struct strbuf sb = STRBUF_INIT;
	struct object_id oid;

	fp = fopen(path, "r");
	if (!fp)
		die("could not open object name list: %s", path);
	while (!strbuf_getline(&sb, fp)) {
		const char *p;
		const char *name;

Reported by FlawFinder.