The following issues were found

t/helper/test-repository.c
1 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 32 Column: 2 CWE codes: 134
Suggestion: Use a constant for the format specification 

              	if (!parse_commit_in_graph(&r, c))
		die("Couldn't parse commit");

	printf("%"PRItime, c->date);
	for (parent = c->parents; parent; parent = parent->next)
		printf(" %s", oid_to_hex(&parent->item->object.oid));
	printf("\n");

	repo_clear(&r);

Reported by FlawFinder.

builtin/commit-tree.c
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 91 Column: 8 CWE codes: 362 

              	if (!strcmp(arg, "-"))
		fd = 0;
	else {
		fd = open(arg, O_RDONLY);
		if (fd < 0)
			die_errno(_("git commit-tree: failed to open '%s'"), arg);
	}
	if (strbuf_read(buf, fd, 0) < 0)
		die_errno(_("git commit-tree: failed to read '%s'"), arg);

Reported by FlawFinder.

t/helper/test-windows-named-pipe.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 17 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              	int err;
	HANDLE h;
	BOOL connected;
	char buf[TEST_BUFSIZE + 1];

	if (argc < 2)
		goto print_usage;
	filename = argv[1];
	if (strpbrk(filename, "/\\"))

Reported by FlawFinder.

t/helper/test-xml-encode.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 11 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               */
int cmd__xml_encode(int argc, const char **argv)
{
	unsigned char buf[1024], tmp[4], *tmp2 = NULL;
	ssize_t cur = 0, len = 1, remaining = 0;
	unsigned char ch;

	for (;;) {
		if (++cur == len) {

Reported by FlawFinder.

t/t4051/appended1.c
1 issues
Unmatched '{'. Configuration: ''.
Error

Line: 3 

              
int appended(void) // Begin of first part
{
	int i;
	char *s = "a string";

	printf("%s\n", s);

	for (i = 99;

Reported by Cppcheck.

t/t4051/appended2.c
1 issues
Unmatched '}'. Configuration: ''.
Error

Line: 35 

              	 */

	return 0;
}	// End of second part

Reported by Cppcheck.

builtin/check-ref-format.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 23 Column: 23 CWE codes: 126 

               */
static char *collapse_slashes(const char *refname)
{
	char *ret = xmallocz(strlen(refname));
	char ch;
	char prev = '/';
	char *cp = ret;

	while ((ch = *refname++) != '\0') {

Reported by FlawFinder.

tmp-objdir.c
1 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 98 Column: 8 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              		val = quoted.buf;
	}

	old = getenv(key);
	if (!old)
		strvec_pushf(env, "%s=%s", key, val);
	else
		strvec_pushf(env, "%s=%s%c%s", key, old, PATH_SEP, val);

Reported by FlawFinder.

builtin/check-mailmap.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 24 Column: 40 CWE codes: 126 

              	size_t namelen, maillen;
	struct ident_split ident;

	if (split_ident_line(&ident, contact, strlen(contact)))
		die(_("unable to parse contact: %s"), contact);

	name = ident.name_begin;
	namelen = ident.name_end - ident.name_begin;
	mail = ident.mail_begin;

Reported by FlawFinder.

builtin/check-ignore.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 131 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
	struct strbuf buf = STRBUF_INIT;
	struct strbuf unquoted = STRBUF_INIT;
	char *pathspec[2] = { NULL, NULL };
	strbuf_getline_fn getline_fn;
	int num_ignored = 0;

	getline_fn = nul_term_line ? strbuf_getline_nul : strbuf_getline_lf;
	while (getline_fn(&buf, stdin) != EOF) {

Reported by FlawFinder.