The following issues were found
environment.c
15 issues
Line: 159
Column: 22
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
const char *getenv_safe(struct strvec *argv, const char *name)
{
const char *value = getenv(name);
if (!value)
return NULL;
strvec_push(argv, value);
Reported by FlawFinder.
Line: 183
Column: 6
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
repo_set_gitdir(the_repository, git_dir, &args);
strvec_clear(&to_free);
if (getenv(NO_REPLACE_OBJECTS_ENVIRONMENT))
read_replace_refs = 0;
replace_ref_base = getenv(GIT_REPLACE_REF_BASE_ENVIRONMENT);
free(git_replace_ref_base);
git_replace_ref_base = xstrdup(replace_ref_base ? replace_ref_base
: "refs/replace/");
Reported by FlawFinder.
Line: 185
Column: 21
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (getenv(NO_REPLACE_OBJECTS_ENVIRONMENT))
read_replace_refs = 0;
replace_ref_base = getenv(GIT_REPLACE_REF_BASE_ENVIRONMENT);
free(git_replace_ref_base);
git_replace_ref_base = xstrdup(replace_ref_base ? replace_ref_base
: "refs/replace/");
free(git_namespace);
git_namespace = expand_namespace(getenv(GIT_NAMESPACE_ENVIRONMENT));
Reported by FlawFinder.
Line: 190
Column: 35
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
git_replace_ref_base = xstrdup(replace_ref_base ? replace_ref_base
: "refs/replace/");
free(git_namespace);
git_namespace = expand_namespace(getenv(GIT_NAMESPACE_ENVIRONMENT));
shallow_file = getenv(GIT_SHALLOW_FILE_ENVIRONMENT);
if (shallow_file)
set_alternate_shallow_file(the_repository, shallow_file, 0);
}
Reported by FlawFinder.
Line: 191
Column: 17
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
: "refs/replace/");
free(git_namespace);
git_namespace = expand_namespace(getenv(GIT_NAMESPACE_ENVIRONMENT));
shallow_file = getenv(GIT_SHALLOW_FILE_ENVIRONMENT);
if (shallow_file)
set_alternate_shallow_file(the_repository, shallow_file, 0);
}
int is_bare_repository(void)
Reported by FlawFinder.
Line: 241
Column: 34
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
{
static int initialized;
if (!initialized) {
super_prefix = xstrdup_or_null(getenv(GIT_SUPER_PREFIX_ENVIRONMENT));
initialized = 1;
}
return super_prefix;
}
Reported by FlawFinder.
Line: 259
Column: 20
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
if (git_work_tree_initialized) {
struct strbuf realpath = STRBUF_INIT;
strbuf_realpath(&realpath, new_work_tree, 1);
new_work_tree = realpath.buf;
if (strcmp(new_work_tree, the_repository->worktree))
die("internal error: work tree has already been set\n"
"Current worktree: %s\nNew worktree: %s",
the_repository->worktree, new_work_tree);
Reported by FlawFinder.
Line: 260
Column: 19
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
struct strbuf realpath = STRBUF_INIT;
strbuf_realpath(&realpath, new_work_tree, 1);
new_work_tree = realpath.buf;
if (strcmp(new_work_tree, the_repository->worktree))
die("internal error: work tree has already been set\n"
"Current worktree: %s\nNew worktree: %s",
the_repository->worktree, new_work_tree);
strbuf_release(&realpath);
Reported by FlawFinder.
Line: 265
Column: 19
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
die("internal error: work tree has already been set\n"
"Current worktree: %s\nNew worktree: %s",
the_repository->worktree, new_work_tree);
strbuf_release(&realpath);
return;
}
git_work_tree_initialized = 1;
repo_set_worktree(the_repository, new_work_tree);
}
Reported by FlawFinder.
Line: 356
Column: 20
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
struct strbuf realpath = STRBUF_INIT;
if (make_realpath) {
strbuf_realpath(&realpath, path, 1);
path = realpath.buf;
}
set_git_dir_1(path);
if (!is_absolute_path(path))
Reported by FlawFinder.
run-command.c
15 issues
Line: 235
Column: 7
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
int exec_id = trace2_exec(file, (const char **)argv);
#endif
if (!execvp(file, argv))
return 0; /* cannot happen ;-) */
#ifndef GIT_WINDOWS_NATIVE
{
int ec = errno;
Reported by FlawFinder.
Line: 1328
Column: 6
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
strbuf_reset(&path);
strbuf_git_path(&path, "hooks/%s", name);
if (access(path.buf, X_OK) < 0) {
int err = errno;
#ifdef STRIP_EXTENSION
strbuf_addstr(&path, STRIP_EXTENSION);
if (access(path.buf, X_OK) >= 0)
Reported by FlawFinder.
Line: 1333
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
#ifdef STRIP_EXTENSION
strbuf_addstr(&path, STRIP_EXTENSION);
if (access(path.buf, X_OK) >= 0)
return path.buf;
if (errno == EACCES)
err = errno;
#endif
Reported by FlawFinder.
Line: 183
Column: 18
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
*/
static char *locate_in_PATH(const char *file)
{
const char *p = getenv("PATH");
struct strbuf buf = STRBUF_INIT;
if (!p || !*p)
return NULL;
Reported by FlawFinder.
Line: 612
Column: 15
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
const char *var = envs.items[i].string;
const char *val = envs.items[i].util;
if (val || !getenv(var))
continue;
if (!printed_unset) {
strbuf_addstr(dst, " unset");
printed_unset = 1;
Reported by FlawFinder.
Line: 633
Column: 12
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (!val)
continue;
oldval = getenv(var);
if (oldval && !strcmp(val, oldval))
continue;
strbuf_addf(dst, " %s=", var);
sq_quote_buf_pretty(dst, val);
Reported by FlawFinder.
Line: 15
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void child_process_init(struct child_process *child)
{
struct child_process blank = CHILD_PROCESS_INIT;
memcpy(child, &blank, sizeof(*child));
}
void child_process_clear(struct child_process *child)
{
strvec_clear(&child->args);
Reported by FlawFinder.
Line: 147
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* Now that we know it does not have an executable extension,
* peek into the file instead.
*/
char buf[3] = { 0 };
int n;
int fd = open(name, O_RDONLY);
st.st_mode &= ~S_IXUSR;
if (fd >= 0) {
n = read(fd, buf, 2);
Reported by FlawFinder.
Line: 149
Column: 11
CWE codes:
362
*/
char buf[3] = { 0 };
int n;
int fd = open(name, O_RDONLY);
st.st_mode &= ~S_IXUSR;
if (fd >= 0) {
n = read(fd, buf, 2);
if (n == 2)
/* look for a she-bang */
Reported by FlawFinder.
Line: 764
Column: 13
CWE codes:
362
notify_pipe[0] = notify_pipe[1] = -1;
if (cmd->no_stdin || cmd->no_stdout || cmd->no_stderr) {
null_fd = open("/dev/null", O_RDWR | O_CLOEXEC);
if (null_fd < 0)
die_errno(_("open /dev/null failed"));
set_cloexec(null_fd);
}
Reported by FlawFinder.
builtin/fast-export.c
15 issues
Line: 125
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct anonymized_entry {
struct hashmap_entry hash;
const char *anon;
const char orig[FLEX_ARRAY];
};
struct anonymized_entry_key {
struct hashmap_entry hash;
const char *orig;
Reported by FlawFinder.
Line: 1087
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void import_marks(char *input_file, int check_exists)
{
char line[512];
FILE *f;
struct stat sb;
if (check_exists && stat(input_file, &sb))
return;
Reported by FlawFinder.
Line: 146
Column: 11
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
const struct anonymized_entry_key *key = keydata;
int equal = !strncmp(a->orig, key->orig, key->orig_len) &&
!a->orig[key->orig_len];
return !equal;
}
b = container_of(entry_or_key, const struct anonymized_entry, hash);
return strcmp(a->orig, b->orig);
}
Reported by FlawFinder.
Line: 352
Column: 10
CWE codes:
126
name_a = a->one ? a->one->path : a->two->path;
name_b = b->one ? b->one->path : b->two->path;
len_a = strlen(name_a);
len_b = strlen(name_b);
len = (len_a < len_b) ? len_a : len_b;
/* strcmp will sort 'd' before 'd/e', we want 'd/e' before 'd' */
cmp = memcmp(name_a, name_b, len);
Reported by FlawFinder.
Line: 353
Column: 10
CWE codes:
126
name_b = b->one ? b->one->path : b->two->path;
len_a = strlen(name_a);
len_b = strlen(name_b);
len = (len_a < len_b) ? len_a : len_b;
/* strcmp will sort 'd' before 'd/e', we want 'd/e' before 'd' */
cmp = memcmp(name_a, name_b, len);
if (cmp)
Reported by FlawFinder.
Line: 419
Column: 15
CWE codes:
126
static const char *anonymize_oid(const char *oid_hex)
{
static struct hashmap objs;
size_t len = strlen(oid_hex);
return anonymize_str(&objs, generate_fake_oid, oid_hex, len, NULL);
}
static void show_filemodify(struct diff_queue_struct *q,
struct diff_options *options, void *data)
Reported by FlawFinder.
Line: 507
Column: 42
CWE codes:
126
const char *needle = "\nencoding ";
char *bol, *eol;
bol = memmem(begin, end ? end - begin : strlen(begin),
needle, strlen(needle));
if (!bol)
return NULL;
bol += strlen(needle);
eol = strchrnul(bol, '\n');
Reported by FlawFinder.
Line: 508
Column: 16
CWE codes:
126
char *bol, *eol;
bol = memmem(begin, end ? end - begin : strlen(begin),
needle, strlen(needle));
if (!bol)
return NULL;
bol += strlen(needle);
eol = strchrnul(bol, '\n');
*eol = '\0';
Reported by FlawFinder.
Line: 511
Column: 9
CWE codes:
126
needle, strlen(needle));
if (!bol)
return NULL;
bol += strlen(needle);
eol = strchrnul(bol, '\n');
*eol = '\0';
return bol;
}
Reported by FlawFinder.
Line: 710
Column: 8
CWE codes:
126
printf("encoding %s\n", encoding);
printf("data %u\n%s",
(unsigned)(reencoded
? strlen(reencoded) : message
? strlen(message) : 0),
reencoded ? reencoded : message ? message : "");
free(reencoded);
unuse_commit_buffer(commit, commit_buffer);
Reported by FlawFinder.
convert.c
15 issues
Line: 830
CWE codes:
908
sigchain_push(SIGPIPE, SIG_IGN);
assert(strlen(filter_type) < LARGE_PACKET_DATA_MAX - strlen("command=\n"));
err = packet_write_fmt_gently(process->in, "command=%s\n", filter_type);
if (err)
goto done;
err = strlen(path) > LARGE_PACKET_DATA_MAX - strlen("pathname=\n");
Reported by Cppcheck.
Line: 1134
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
continue;
}
memcpy(dst, "Id$", 3);
dst += 3;
len -= dollar + 1 - src;
src = dollar + 1;
}
}
Reported by FlawFinder.
Line: 1706
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct stream_filter filter;
struct stream_filter *one;
struct stream_filter *two;
char buf[FILTER_BUFFER];
int end, ptr;
};
static int cascade_filter_fn(struct stream_filter *filter,
const char *input, size_t *isize_p,
Reported by FlawFinder.
Line: 1813
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct stream_filter filter;
struct strbuf left;
int state;
char ident[GIT_MAX_HEXSZ + 5]; /* ": x40 $" */
};
static int is_foreign_ident(const char *str)
{
int i;
Reported by FlawFinder.
Line: 1836
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (*osize_p < to_drain)
to_drain = *osize_p;
if (to_drain) {
memcpy(*output_p, ident->left.buf, to_drain);
strbuf_remove(&ident->left, 0, to_drain);
*output_p += to_drain;
*osize_p -= to_drain;
}
if (!ident->left.len)
Reported by FlawFinder.
Line: 2015
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const struct checkout_metadata *src,
const struct object_id *blob)
{
memcpy(dst, src, sizeof(*dst));
if (blob)
oidcpy(&dst->blob, blob);
}
enum conv_attrs_classification classify_conv_attrs(const struct conv_attrs *ca)
Reported by FlawFinder.
Line: 283
Column: 42
CWE codes:
126
"The file '%s' contains a byte order "
"mark (BOM). Please use UTF-%.*s as "
"working-tree-encoding.");
int stripped_len = strlen(stripped) - strlen("BE");
advise(advise_msg, path, stripped_len, stripped);
if (die_on_error)
die(error_msg, path, enc);
else {
return error(error_msg, path, enc);
Reported by FlawFinder.
Line: 283
Column: 23
CWE codes:
126
"The file '%s' contains a byte order "
"mark (BOM). Please use UTF-%.*s as "
"working-tree-encoding.");
int stripped_len = strlen(stripped) - strlen("BE");
advise(advise_msg, path, stripped_len, stripped);
if (die_on_error)
die(error_msg, path, enc);
else {
return error(error_msg, path, enc);
Reported by FlawFinder.
Line: 346
Column: 17
CWE codes:
126
int len;
if (!found)
return 0;
next = found + strlen(enc_name);
len = strlen(check_roundtrip_encoding);
return (found && (
/*
* check that the found encoding is at the
* beginning of check_roundtrip_encoding or
Reported by FlawFinder.
Line: 347
Column: 8
CWE codes:
126
if (!found)
return 0;
next = found + strlen(enc_name);
len = strlen(check_roundtrip_encoding);
return (found && (
/*
* check that the found encoding is at the
* beginning of check_roundtrip_encoding or
* that it is prefixed with a space or comma
Reported by FlawFinder.
revision.c
15 issues
Line: 835
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct treesame_state {
unsigned int nparents;
unsigned char treesame[FLEX_ARRAY];
};
static struct treesame_state *initialise_treesame(struct rev_info *revs, struct commit *commit)
{
unsigned n = commit_list_count(commit->parents);
Reported by FlawFinder.
Line: 2182
Column: 21
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
if ((argcount = parse_long_opt("max-count", argv, &optarg))) {
revs->max_count = atoi(optarg);
revs->no_walk = 0;
return argcount;
} else if ((argcount = parse_long_opt("skip", argv, &optarg))) {
revs->skip_count = atoi(optarg);
return argcount;
Reported by FlawFinder.
Line: 2186
Column: 22
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
revs->no_walk = 0;
return argcount;
} else if ((argcount = parse_long_opt("skip", argv, &optarg))) {
revs->skip_count = atoi(optarg);
return argcount;
} else if ((*arg == '-') && isdigit(arg[1])) {
/* accept -<digit>, like traditional "head" */
if (strtol_i(arg + 1, 10, &revs->max_count) < 0 ||
revs->max_count < 0)
Reported by FlawFinder.
Line: 2197
Column: 21
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
} else if (!strcmp(arg, "-n")) {
if (argc <= 1)
return error("-n requires an argument");
revs->max_count = atoi(argv[1]);
revs->no_walk = 0;
return 2;
} else if (skip_prefix(arg, "-n", &optarg)) {
revs->max_count = atoi(optarg);
revs->no_walk = 0;
Reported by FlawFinder.
Line: 2201
Column: 21
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
revs->no_walk = 0;
return 2;
} else if (skip_prefix(arg, "-n", &optarg)) {
revs->max_count = atoi(optarg);
revs->no_walk = 0;
} else if ((argcount = parse_long_opt("max-age", argv, &optarg))) {
revs->max_age = atoi(optarg);
return argcount;
} else if ((argcount = parse_long_opt("since", argv, &optarg))) {
Reported by FlawFinder.
Line: 2204
Column: 19
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
revs->max_count = atoi(optarg);
revs->no_walk = 0;
} else if ((argcount = parse_long_opt("max-age", argv, &optarg))) {
revs->max_age = atoi(optarg);
return argcount;
} else if ((argcount = parse_long_opt("since", argv, &optarg))) {
revs->max_age = approxidate(optarg);
return argcount;
} else if ((argcount = parse_long_opt("after", argv, &optarg))) {
Reported by FlawFinder.
Line: 2213
Column: 19
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
revs->max_age = approxidate(optarg);
return argcount;
} else if ((argcount = parse_long_opt("min-age", argv, &optarg))) {
revs->min_age = atoi(optarg);
return argcount;
} else if ((argcount = parse_long_opt("before", argv, &optarg))) {
revs->min_age = approxidate(optarg);
return argcount;
} else if ((argcount = parse_long_opt("until", argv, &optarg))) {
Reported by FlawFinder.
Line: 2282
Column: 23
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
} else if (!strcmp(arg, "--no-merges")) {
revs->max_parents = 1;
} else if (skip_prefix(arg, "--min-parents=", &optarg)) {
revs->min_parents = atoi(optarg);
} else if (!strcmp(arg, "--no-min-parents")) {
revs->min_parents = 0;
} else if (skip_prefix(arg, "--max-parents=", &optarg)) {
revs->max_parents = atoi(optarg);
} else if (!strcmp(arg, "--no-max-parents")) {
Reported by FlawFinder.
Line: 2286
Column: 23
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
} else if (!strcmp(arg, "--no-min-parents")) {
revs->min_parents = 0;
} else if (skip_prefix(arg, "--max-parents=", &optarg)) {
revs->max_parents = atoi(optarg);
} else if (!strcmp(arg, "--no-max-parents")) {
revs->max_parents = -1;
} else if (!strcmp(arg, "--boundary")) {
revs->boundary = 1;
} else if (!strcmp(arg, "--left-right")) {
Reported by FlawFinder.
Line: 319
Column: 20
CWE codes:
126
revs->no_walk = 0;
if (revs->reflog_info && obj->type == OBJ_COMMIT) {
struct strbuf buf = STRBUF_INIT;
size_t namelen = strlen(name);
int len = interpret_branch_name(name, namelen, &buf, &options);
if (0 < len && len < namelen && buf.len)
strbuf_addstr(&buf, name + len);
add_reflog_for_walk(revs->reflog_info,
Reported by FlawFinder.
archive-tar.c
15 issues
Line: 15
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define RECORDSIZE (512)
#define BLOCKSIZE (RECORDSIZE * 20)
static char block[BLOCKSIZE];
static unsigned long offset;
static int tar_umask = 002;
static int write_tar_filter_archive(const struct archiver *ar,
Reported by FlawFinder.
Line: 62
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
unsigned long chunk = BLOCKSIZE - offset;
if (size < chunk)
chunk = size;
memcpy(block + offset, buf, chunk);
size -= chunk;
offset += chunk;
buf += chunk;
write_if_needed();
}
Reported by FlawFinder.
Line: 74
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
buf += BLOCKSIZE;
}
if (size) {
memcpy(block + offset, buf, size);
offset += size;
}
}
static void finish_record(void)
Reported by FlawFinder.
Line: 120
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct git_istream *st;
enum object_type type;
unsigned long sz;
char buf[BLOCKSIZE];
ssize_t readlen;
st = open_istream(r, oid, &type, &sz, NULL);
if (!st)
return error(_("cannot stream blob %s"), oid_to_hex(oid));
Reported by FlawFinder.
Line: 173
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *keyword,
uintmax_t value)
{
char buf[40]; /* big enough for 2^128 in decimal, plus NUL */
int len;
len = xsnprintf(buf, sizeof(buf), "%"PRIuMAX, value);
strbuf_append_ext_header(sb, keyword, buf, len);
}
Reported by FlawFinder.
Line: 221
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
xsnprintf(header->devmajor, sizeof(header->devmajor), "%07o", 0);
xsnprintf(header->devminor, sizeof(header->devminor), "%07o", 0);
memcpy(header->magic, "ustar", 6);
memcpy(header->version, "00", 2);
xsnprintf(header->chksum, sizeof(header->chksum), "%07o", ustar_header_chksum(header));
}
Reported by FlawFinder.
Line: 222
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
xsnprintf(header->devminor, sizeof(header->devminor), "%07o", 0);
memcpy(header->magic, "ustar", 6);
memcpy(header->version, "00", 2);
xsnprintf(header->chksum, sizeof(header->chksum), "%07o", ustar_header_chksum(header));
}
static void write_extended_header(struct archiver_args *args,
Reported by FlawFinder.
Line: 273
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sizeof(header.prefix));
size_t rest = pathlen - plen - 1;
if (plen > 0 && rest <= sizeof(header.name)) {
memcpy(header.prefix, path, plen);
memcpy(header.name, path + plen + 1, rest);
} else {
xsnprintf(header.name, sizeof(header.name), "%s.data",
oid_to_hex(oid));
strbuf_append_ext_header(&ext_header, "path",
Reported by FlawFinder.
Line: 274
Column: 4
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t rest = pathlen - plen - 1;
if (plen > 0 && rest <= sizeof(header.name)) {
memcpy(header.prefix, path, plen);
memcpy(header.name, path + plen + 1, rest);
} else {
xsnprintf(header.name, sizeof(header.name), "%s.data",
oid_to_hex(oid));
strbuf_append_ext_header(&ext_header, "path",
path, pathlen);
Reported by FlawFinder.
Line: 282
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
path, pathlen);
}
} else
memcpy(header.name, path, pathlen);
if (S_ISLNK(mode)) {
if (size > sizeof(header.linkname)) {
xsnprintf(header.linkname, sizeof(header.linkname),
"see %s.paxheader", oid_to_hex(oid));
Reported by FlawFinder.
path.h
15 issues
Line: 17
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
* Return a statically allocated path.
*/
const char *mkpath(const char *fmt, ...)
__attribute__((format (printf, 1, 2)));
/*
* Return a path.
*/
char *mkpathdup(const char *fmt, ...)
Reported by FlawFinder.
Line: 23
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
* Return a path.
*/
char *mkpathdup(const char *fmt, ...)
__attribute__((format (printf, 1, 2)));
/*
* Construct a path and place the result in the provided buffer `buf`.
*/
char *mksnpath(char *buf, size_t n, const char *fmt, ...)
Reported by FlawFinder.
Line: 29
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
* Construct a path and place the result in the provided buffer `buf`.
*/
char *mksnpath(char *buf, size_t n, const char *fmt, ...)
__attribute__((format (printf, 3, 4)));
/*
* The `git_common_path` family of functions will construct a path into a
* repository's common git directory, which is shared by all worktrees.
*/
Reported by FlawFinder.
Line: 43
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
void strbuf_git_common_path(struct strbuf *sb,
const struct repository *repo,
const char *fmt, ...)
__attribute__((format (printf, 3, 4)));
/*
* Return a statically allocated path into the main repository's
* (the_repository) common git directory.
*/
Reported by FlawFinder.
Line: 50
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
* (the_repository) common git directory.
*/
const char *git_common_path(const char *fmt, ...)
__attribute__((format (printf, 1, 2)));
/*
* The `git_path` family of functions will construct a path into a repository's
* git directory.
Reported by FlawFinder.
Line: 71
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
*/
char *repo_git_path(const struct repository *repo,
const char *fmt, ...)
__attribute__((format (printf, 2, 3)));
/*
* Construct a path into the git directory of repository `repo` and append it
* to the provided buffer `sb`.
*/
Reported by FlawFinder.
Line: 80
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
void strbuf_repo_git_path(struct strbuf *sb,
const struct repository *repo,
const char *fmt, ...)
__attribute__((format (printf, 3, 4)));
/*
* Return a statically allocated path into the main repository's
* (the_repository) git directory.
*/
Reported by FlawFinder.
Line: 87
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
* (the_repository) git directory.
*/
const char *git_path(const char *fmt, ...)
__attribute__((format (printf, 1, 2)));
/*
* Return a path into the main repository's (the_repository) git directory.
*/
char *git_pathdup(const char *fmt, ...)
Reported by FlawFinder.
Line: 93
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
* Return a path into the main repository's (the_repository) git directory.
*/
char *git_pathdup(const char *fmt, ...)
__attribute__((format (printf, 1, 2)));
/*
* Construct a path into the main repository's (the_repository) git directory
* and place it in the provided buffer `buf`, the contents of the buffer will
* be overridden.
Reported by FlawFinder.
Line: 101
Column: 25
CWE codes:
134
Suggestion:
Use a constant for the format specification
* be overridden.
*/
char *git_path_buf(struct strbuf *buf, const char *fmt, ...)
__attribute__((format (printf, 2, 3)));
/*
* Construct a path into the main repository's (the_repository) git directory
* and append it to the provided buffer `sb`.
*/
Reported by FlawFinder.
remote.c
15 issues
Line: 1709
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
return refname_match(branch->merge[i]->src, refname);
}
__attribute__((format (printf,2,3)))
static const char *error_buf(struct strbuf *err, const char *fmt, ...)
{
if (err) {
va_list ap;
va_start(ap, fmt);
Reported by FlawFinder.
Line: 868
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
size_t len = strlen(name);
struct ref *ref = xcalloc(1, st_add4(sizeof(*ref), prefixlen, len, 1));
memcpy(ref->name, prefix, prefixlen);
memcpy(ref->name + prefixlen, name, len);
return ref;
}
struct ref *alloc_ref(const char *name)
Reported by FlawFinder.
Line: 869
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t len = strlen(name);
struct ref *ref = xcalloc(1, st_add4(sizeof(*ref), prefixlen, len, 1));
memcpy(ref->name, prefix, prefixlen);
memcpy(ref->name + prefixlen, name, len);
return ref;
}
struct ref *alloc_ref(const char *name)
{
Reported by FlawFinder.
Line: 886
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return NULL;
len = st_add3(sizeof(struct ref), strlen(ref->name), 1);
cpy = xmalloc(len);
memcpy(cpy, ref, len);
cpy->next = NULL;
cpy->symref = xstrdup_or_null(ref->symref);
cpy->remote_status = xstrdup_or_null(ref->remote_status);
cpy->peer_ref = copy_ref(ref->peer_ref);
return cpy;
Reported by FlawFinder.
Line: 143
Column: 9
CWE codes:
126
struct hashmap_entry lookup_entry, *e;
if (!len)
len = strlen(name);
init_remotes_hash();
lookup.str = name;
lookup.len = len;
hashmap_entry_init(&lookup_entry, memhash(name, len));
Reported by FlawFinder.
Line: 221
Column: 52
CWE codes:
126
{
ALLOC_GROW(rewrite->instead_of, rewrite->instead_of_nr + 1, rewrite->instead_of_alloc);
rewrite->instead_of[rewrite->instead_of_nr].s = instead_of;
rewrite->instead_of[rewrite->instead_of_nr].len = strlen(instead_of);
rewrite->instead_of_nr++;
}
static const char *skip_spaces(const char *s)
{
Reported by FlawFinder.
Line: 458
Column: 43
CWE codes:
126
const char *head_ref = resolve_ref_unsafe("HEAD", 0, NULL, &flag);
if (head_ref && (flag & REF_ISSYMREF) &&
skip_prefix(head_ref, "refs/heads/", &head_ref)) {
current_branch = make_branch(head_ref, strlen(head_ref));
}
}
git_config(handle_config, NULL);
alias_all_urls();
}
Reported by FlawFinder.
Line: 668
Column: 15
CWE codes:
126
if (!kstar)
die(_("key '%s' of pattern had no '*'"), key);
klen = kstar - key;
ksuffixlen = strlen(kstar + 1);
namelen = strlen(name);
ret = !strncmp(name, key, klen) && namelen >= klen + ksuffixlen &&
!memcmp(name + namelen - ksuffixlen, kstar + 1, ksuffixlen);
if (ret && value) {
struct strbuf sb = STRBUF_INIT;
Reported by FlawFinder.
Line: 669
Column: 12
CWE codes:
126
die(_("key '%s' of pattern had no '*'"), key);
klen = kstar - key;
ksuffixlen = strlen(kstar + 1);
namelen = strlen(name);
ret = !strncmp(name, key, klen) && namelen >= klen + ksuffixlen &&
!memcmp(name + namelen - ksuffixlen, kstar + 1, ksuffixlen);
if (ret && value) {
struct strbuf sb = STRBUF_INIT;
const char *vstar = strchr(value, '*');
Reported by FlawFinder.
Line: 866
Column: 15
CWE codes:
126
static struct ref *alloc_ref_with_prefix(const char *prefix, size_t prefixlen,
const char *name)
{
size_t len = strlen(name);
struct ref *ref = xcalloc(1, st_add4(sizeof(*ref), prefixlen, len, 1));
memcpy(ref->name, prefix, prefixlen);
memcpy(ref->name + prefixlen, name, len);
return ref;
}
Reported by FlawFinder.
fsck.c
14 issues
Line: 207
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
return opts && oid && oidset_contains(&opts->skiplist, oid);
}
__attribute__((format (printf, 5, 6)))
static int report(struct fsck_options *options,
const struct object_id *oid, enum object_type object_type,
enum fsck_msg_id msg_id, const char *fmt, ...)
{
va_list ap;
Reported by FlawFinder.
Line: 46
Column: 13
CWE codes:
126
/* convert id_string to lower case, without underscores. */
for (i = 0; i < FSCK_MSG_MAX; i++) {
const char *p = msg_id_info[i].id_string;
int len = strlen(p);
char *q = xmalloc(len);
msg_id_info[i].downcased = q;
while (*p)
if (*p == '_')
Reported by FlawFinder.
Line: 169
Column: 34
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
int done = 0;
while (!done) {
int len = strcspn(buf, " ,|"), equal;
done = !buf[len];
if (!len) {
buf++;
continue;
Reported by FlawFinder.
Line: 179
Column: 8
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
buf[len] = '\0';
for (equal = 0;
equal < len && buf[equal] != '=' && buf[equal] != ':';
equal++)
buf[equal] = tolower(buf[equal]);
buf[equal] = '\0';
if (!strcmp(buf, "skiplist")) {
Reported by FlawFinder.
Line: 179
Column: 27
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
buf[len] = '\0';
for (equal = 0;
equal < len && buf[equal] != '=' && buf[equal] != ':';
equal++)
buf[equal] = tolower(buf[equal]);
buf[equal] = '\0';
if (!strcmp(buf, "skiplist")) {
Reported by FlawFinder.
Line: 179
Column: 48
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
buf[len] = '\0';
for (equal = 0;
equal < len && buf[equal] != '=' && buf[equal] != ':';
equal++)
buf[equal] = tolower(buf[equal]);
buf[equal] = '\0';
if (!strcmp(buf, "skiplist")) {
Reported by FlawFinder.
Line: 181
Column: 8
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
for (equal = 0;
equal < len && buf[equal] != '=' && buf[equal] != ':';
equal++)
buf[equal] = tolower(buf[equal]);
buf[equal] = '\0';
if (!strcmp(buf, "skiplist")) {
if (equal == len)
die("skiplist requires a path");
Reported by FlawFinder.
Line: 181
Column: 29
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
for (equal = 0;
equal < len && buf[equal] != '=' && buf[equal] != ':';
equal++)
buf[equal] = tolower(buf[equal]);
buf[equal] = '\0';
if (!strcmp(buf, "skiplist")) {
if (equal == len)
die("skiplist requires a path");
Reported by FlawFinder.
Line: 182
Column: 7
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
equal < len && buf[equal] != '=' && buf[equal] != ':';
equal++)
buf[equal] = tolower(buf[equal]);
buf[equal] = '\0';
if (!strcmp(buf, "skiplist")) {
if (equal == len)
die("skiplist requires a path");
oidset_parse_file(&options->skiplist, buf + equal + 1);
Reported by FlawFinder.
Line: 371
Column: 13
CWE codes:
126
parents = commit->parents;
if (name && parents) {
int len = strlen(name), power;
if (len && name[len - 1] == '^') {
generation = 1;
name_prefix_len = len - 1;
}
Reported by FlawFinder.
ref-filter.c
14 issues
Line: 216
Column: 24
CWE codes:
134
Suggestion:
Use a constant for the format specification
* Expand string, append it to strbuf *sb, then return error code ret.
* Allow to save few lines of code.
*/
__attribute__((format (printf, 3, 4)))
static int strbuf_addf_ret(struct strbuf *sb, int ret, const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
strbuf_vaddf(sb, fmt, ap);
Reported by FlawFinder.
Line: 177
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
cmp_type type;
info_source source;
union {
char color[COLOR_MAXLEN];
struct align align;
struct {
enum {
RR_REF, RR_TRACK, RR_TRACKSHORT, RR_REMOTE_NAME, RR_REMOTE_REF
} option;
Reported by FlawFinder.
Line: 1822
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
v->s = xstrdup(atom->u.color);
continue;
} else if (atom_type == ATOM_FLAG) {
char buf[256], *cp = buf;
if (ref->flag & REF_ISSYMREF)
cp = copy_advance(cp, ",symref");
if (ref->flag & REF_ISPACKED)
cp = copy_advance(cp, ",packed");
if (cp == buf)
Reported by FlawFinder.
Line: 650
Column: 13
CWE codes:
126
/* Do we have the atom already used elsewhere? */
for (i = 0; i < used_atom_cnt; i++) {
int len = strlen(used_atom[i].name);
if (len == ep - atom && !memcmp(used_atom[i].name, atom, len))
return i;
}
/*
Reported by FlawFinder.
Line: 666
Column: 13
CWE codes:
126
/* Is the atom a valid one? */
for (i = 0; i < ARRAY_SIZE(valid_atom); i++) {
int len = strlen(valid_atom[i].name);
if (len == atom_len && !memcmp(valid_atom[i].name, sp, len))
break;
}
if (ARRAY_SIZE(valid_atom) <= i)
Reported by FlawFinder.
Line: 1225
Column: 15
CWE codes:
126
static void grab_person(const char *who, struct atom_value *val, int deref, void *buf)
{
int i;
int wholen = strlen(who);
const char *wholine = NULL;
for (i = 0; i < used_atom_cnt; i++) {
const char *name = used_atom[i].name;
struct atom_value *v = &val[i];
Reported by FlawFinder.
Line: 1291
Column: 26
CWE codes:
126
struct strbuf payload = STRBUF_INIT;
struct strbuf signature = STRBUF_INIT;
const char *eol;
const char *end = buf + strlen(buf);
const char *sigstart;
/* parse signature first; we might not even have a subject line */
parse_signature(buf, end - buf, &payload, &signature);
Reported by FlawFinder.
Line: 1308
Column: 44
CWE codes:
126
while (*buf == '\n')
buf++;
*sig = strbuf_detach(&signature, siglen);
sigstart = buf + parse_signed_buffer(buf, strlen(buf));
/* subject is first non-empty line */
*sub = buf;
/* subject goes to first empty line before signature begins */
if ((eol = strstr(*sub, "\n\n"))) {
Reported by FlawFinder.
Line: 1331
Column: 13
CWE codes:
126
while (*buf == '\n' || *buf == '\r')
buf++;
*body = buf;
*bodylen = strlen(buf);
*nonsiglen = sigstart - buf;
}
/*
* If 'lines' is greater than 0, append that many lines from the given
Reported by FlawFinder.
Line: 1395
Column: 42
CWE codes:
126
} else if (atom->u.contents.option == C_BODY_DEP)
v->s = xmemdupz(bodypos, bodylen);
else if (atom->u.contents.option == C_LENGTH)
v->s = xstrfmt("%"PRIuMAX, (uintmax_t)strlen(subpos));
else if (atom->u.contents.option == C_BODY)
v->s = xmemdupz(bodypos, nonsiglen);
else if (atom->u.contents.option == C_SIG)
v->s = xmemdupz(sigpos, siglen);
else if (atom->u.contents.option == C_LINES) {
Reported by FlawFinder.