The following issues were found
trace2.h
1 issues
Line: 478
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define trace2_printf(...) trace2_printf_fl(__FILE__, __LINE__, __VA_ARGS__)
#else
/* clang-format off */
__attribute__((format (printf, 1, 2)))
void trace2_printf(const char *fmt, ...);
/* clang-format on */
#endif
/*
Reported by FlawFinder.
trace2/tr2_cmd_name.c
1 issues
Line: 10
Column: 28
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
void tr2_cmd_name_append_hierarchy(const char *name)
{
const char *parent_name = getenv(TR2_ENVVAR_PARENT_NAME);
strbuf_reset(&tr2cmdname_hierarchy);
if (parent_name && *parent_name) {
strbuf_addstr(&tr2cmdname_hierarchy, parent_name);
strbuf_addch(&tr2cmdname_hierarchy, '/');
Reported by FlawFinder.
builtin/bundle.c
1 issues
Line: 216
CWE codes:
908
error(_("Unknown subcommand: %s"), argv[0]);
usage_with_options(builtin_bundle_usage, options);
}
return result ? 1 : 0;
}
Reported by Cppcheck.
trace2/tr2_sysenv.c
1 issues
Line: 103
Column: 19
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
BUG("tr2_sysenv_get invalid var '%d'", var);
if (!tr2_sysenv_settings[var].getenv_called) {
const char *v = getenv(tr2_sysenv_settings[var].env_var_name);
if (v && *v) {
free(tr2_sysenv_settings[var].value);
tr2_sysenv_settings[var].value = xstrdup(v);
}
tr2_sysenv_settings[var].getenv_called = 1;
Reported by FlawFinder.
trace2/tr2_tbuf.h
1 issues
Line: 10
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* argument.
*/
struct tr2_tbuf {
char buf[32];
};
/*
* Fill buffer with formatted local time string.
*/
Reported by FlawFinder.
trace2/tr2_tgt_event.c
1 issues
Line: 56
Column: 45
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
return want;
nesting = tr2_sysenv_get(TR2_SYSENV_EVENT_NESTING);
if (nesting && *nesting && ((max_nesting = atoi(nesting)) > 0))
tr2env_event_max_nesting_levels = max_nesting;
brief = tr2_sysenv_get(TR2_SYSENV_EVENT_BRIEF);
if (brief && *brief &&
((want_brief = git_parse_maybe_bool(brief)) != -1))
Reported by FlawFinder.
builtin/archive.c
1 issues
Line: 15
Column: 18
CWE codes:
362
static void create_output_file(const char *output_file)
{
int output_fd = open(output_file, O_CREAT | O_WRONLY | O_TRUNC, 0666);
if (output_fd < 0)
die_errno(_("could not create archive file '%s'"), output_file);
if (output_fd != 1) {
if (dup2(output_fd, 1) < 0)
die_errno(_("could not redirect output"));
Reported by FlawFinder.
advice.c
1 issues
Line: 327
Column: 2
CWE codes:
134
Suggestion:
Use a constant for the format specification
"\n"
"Turn off this advice by setting config variable advice.detachedHead to false\n\n");
fprintf(stderr, fmt, new_name);
}
Reported by FlawFinder.
xdiff/xpatience.c
1 issues
Line: 81
Column: 39
CWE codes:
126
{
int i;
for (i = 0; i < xpp->anchors_nr; i++) {
if (!strncmp(line, xpp->anchors[i], strlen(xpp->anchors[i])))
return 1;
}
return 0;
}
Reported by FlawFinder.
unpack-trees.h
1 issues
Line: 72
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct dir_struct *dir;
struct pathspec *pathspec;
merge_fn_t fn;
const char *msgs[NB_UNPACK_TREES_WARNING_TYPES];
struct strvec msgs_to_free;
/*
* Store error messages in an array, each case
* corresponding to a error message type
*/
Reported by FlawFinder.