The following issues were found

userdiff.c
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 362 Column: 12 CWE codes: 126 

              
struct userdiff_driver *userdiff_find_by_name(const char *name)
{
	int len = strlen(name);
	return userdiff_find_by_namelen(name, len);
}

struct userdiff_driver *userdiff_find_by_path(struct index_state *istate,
					      const char *path)

Reported by FlawFinder.

version.c
1 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 13 Column: 11 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              	static const char *agent = NULL;

	if (!agent) {
		agent = getenv("GIT_USER_AGENT");
		if (!agent)
			agent = GIT_USER_AGENT;
	}

	return agent;

Reported by FlawFinder.

contrib/fast-import/import-zips.py
1 issues
Missing parentheses in call to 'print'. Did you mean print('usage:', argv[0], '<zipfile>...')? (<unknown>, line 22)
Error

Line: 22 Column: 12 

                  exit(1)

if len(argv) < 2:
    print 'usage:', argv[0], '<zipfile>...'
    exit(1)

branch_ref = 'refs/heads/import-zips'
committer_name = 'Z Ip Creator'
committer_email = 'zip@example.com'

Reported by Pylint.

diff-no-index.c
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 246 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              		  int argc, const char **argv)
{
	int i, no_index;
	const char *paths[2];
	struct strbuf replacement = STRBUF_INIT;
	const char *prefix = revs->prefix;
	struct option no_index_options[] = {
		OPT_BOOL_F(0, "no-index", &no_index, "",
			   PARSE_OPT_NONEG | PARSE_OPT_HIDDEN),

Reported by FlawFinder.

diff.h
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 366 Column: 2 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #define OUTPUT_INDICATOR_NEW 0
#define OUTPUT_INDICATOR_OLD 1
#define OUTPUT_INDICATOR_CONTEXT 2
	char output_indicators[3];

	struct pathspec pathspec;
	pathchange_fn_t pathchange;
	change_fn_t change;
	add_remove_fn_t add_remove;

Reported by FlawFinder.

config.h
1 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 632 Column: 91 CWE codes: 134
Suggestion: Use a constant for the format specification 

               * dies printing the line number and the file name of the highest priority
 * value for the configuration variable `key`.
 */
NORETURN void git_die_config(const char *key, const char *err, ...) __attribute__((format(printf, 2, 3)));

/**
 * Helper function which formats the die error message according to the
 * parameters entered. Used by `git_die_config()`. It can be used by callers
 * handling `git_config_get_value_multi()` to print the correct error message

Reported by FlawFinder.

compat/win32/syslog.h
1 issues
syslog - If syslog's format strings can be influenced by an attacker, they can be exploited
Security

Line: 18 Column: 6 CWE codes: 134
Suggestion: Use a constant format string for syslog 

              #define LOG_DAEMON  (3<<3)

void openlog(const char *ident, int logopt, int facility);
void syslog(int priority, const char *fmt, ...);

#endif /* SYSLOG_H */

Reported by FlawFinder.