The following issues were found
rerere.c
11 issues
Line: 32
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct rerere_dir {
int status_alloc, status_nr;
unsigned char *status;
char name[FLEX_ARRAY];
};
static struct strmap rerere_dirs = STRMAP_INIT;
static void free_rerere_dirs(void)
Reported by FlawFinder.
Line: 194
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
return;
while (!strbuf_getwholeline(&buf, in, '\0')) {
char *path;
unsigned char hash[GIT_MAX_RAWSZ];
struct rerere_id *id;
int variant;
const unsigned hexsz = the_hash_algo->hexsz;
/* There has to be the hash, tab, path and then NUL */
Reported by FlawFinder.
Line: 461
Column: 13
CWE codes:
362
memset(&io, 0, sizeof(io));
io.io.getline = rerere_file_getline;
io.input = fopen(path, "r");
io.io.wrerror = 0;
if (!io.input)
return error_errno(_("could not open '%s'"), path);
if (output) {
Reported by FlawFinder.
Line: 467
Column: 18
CWE codes:
362
return error_errno(_("could not open '%s'"), path);
if (output) {
io.io.output = fopen(output, "w");
if (!io.io.output) {
error_errno(_("could not write '%s'"), output);
fclose(io.input);
return -1;
}
Reported by FlawFinder.
Line: 672
Column: 6
CWE codes:
362
rerere_path(id, "postimage"));
/* Update "path" with the resolution */
f = fopen(path, "w");
if (!f)
return error_errno(_("could not open '%s'"), path);
if (fwrite(result.ptr, result.size, 1, f) != 1)
error_errno(_("could not write '%s'"), path);
if (fclose(f))
Reported by FlawFinder.
Line: 811
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
for (i = 0; i < conflict.nr; i++) {
struct rerere_id *id;
unsigned char hash[GIT_MAX_RAWSZ];
const char *path = conflict.items[i].string;
int ret;
/*
* Ask handle_file() to scan and assign a
Reported by FlawFinder.
Line: 990
Column: 18
CWE codes:
362
memset(&io, 0, sizeof(io));
io.io.getline = rerere_mem_getline;
if (output)
io.io.output = fopen(output, "w");
else
io.io.output = NULL;
strbuf_init(&io.input, 0);
strbuf_attach(&io.input, result.ptr, result.size, result.size);
Reported by FlawFinder.
Line: 1013
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
const char *filename;
struct rerere_id *id;
unsigned char hash[GIT_MAX_RAWSZ];
int ret;
struct string_list_item *item;
/*
* Recreate the original conflict from the stages in the
Reported by FlawFinder.
Line: 282
Column: 16
CWE codes:
126
static inline void ferr_puts(const char *s, FILE *fp, int *err)
{
ferr_write(s, strlen(s), fp, err);
}
static void rerere_io_putstr(const char *str, struct rerere_io *io)
{
if (io->output)
Reported by FlawFinder.
Line: 952
Column: 8
CWE codes:
126
/*
* Reproduce the conflicted merge in-core
*/
len = strlen(path);
pos = index_name_pos(istate, path, len);
if (0 <= pos)
return -1;
pos = -pos - 1;
Reported by FlawFinder.
t/helper/test-path-utils.c
11 issues
Line: 308
Column: 21
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
if (argc >= 2 && !strcmp(argv[1], "real_path")) {
struct strbuf realpath = STRBUF_INIT;
while (argc > 2) {
strbuf_realpath(&realpath, argv[2], 1);
puts(realpath.buf);
argc--;
argv++;
}
strbuf_release(&realpath);
Reported by FlawFinder.
Line: 309
Column: 9
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
struct strbuf realpath = STRBUF_INIT;
while (argc > 2) {
strbuf_realpath(&realpath, argv[2], 1);
puts(realpath.buf);
argc--;
argv++;
}
strbuf_release(&realpath);
return 0;
Reported by FlawFinder.
Line: 313
Column: 19
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
argc--;
argv++;
}
strbuf_release(&realpath);
return 0;
}
if (argc >= 2 && !strcmp(argv[1], "absolute_path")) {
while (argc > 2) {
Reported by FlawFinder.
Line: 61
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *funcname)
{
int failed = 0, i;
char buffer[1024];
char *to;
for (i = 0; data[i].to; i++) {
if (!data[i].from)
to = func(NULL);
Reported by FlawFinder.
Line: 431
Column: 12
CWE codes:
362
}
if (argc == 4 && !strcmp(argv[1], "skip-n-bytes")) {
int fd = open(argv[2], O_RDONLY), offset = atoi(argv[3]);
char buffer[65536];
if (fd < 0)
die_errno("could not open '%s'", argv[2]);
if (lseek(fd, offset, SEEK_SET) < 0)
Reported by FlawFinder.
Line: 431
Column: 46
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
if (argc == 4 && !strcmp(argv[1], "skip-n-bytes")) {
int fd = open(argv[2], O_RDONLY), offset = atoi(argv[3]);
char buffer[65536];
if (fd < 0)
die_errno("could not open '%s'", argv[2]);
if (lseek(fd, offset, SEEK_SET) < 0)
Reported by FlawFinder.
Line: 432
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (argc == 4 && !strcmp(argv[1], "skip-n-bytes")) {
int fd = open(argv[2], O_RDONLY), offset = atoi(argv[3]);
char buffer[65536];
if (fd < 0)
die_errno("could not open '%s'", argv[2]);
if (lseek(fd, offset, SEEK_SET) < 0)
die_errno("could not skip %d bytes", offset);
Reported by FlawFinder.
Line: 297
Column: 24
CWE codes:
126
int cmd__path_utils(int argc, const char **argv)
{
if (argc == 3 && !strcmp(argv[1], "normalize_path_copy")) {
char *buf = xmallocz(strlen(argv[2]));
int rv = normalize_path_copy(buf, argv[2]);
if (rv)
buf = "++failed++";
puts(buf);
return 0;
Reported by FlawFinder.
Line: 355
Column: 20
CWE codes:
126
if (argc >= 4 && !strcmp(argv[1], "prefix_path")) {
const char *prefix = argv[2];
int prefix_len = strlen(prefix);
int nongit_ok;
setup_git_directory_gently(&nongit_ok);
while (argc > 3) {
puts(prefix_path(prefix, prefix_len, argv[3]));
argc--;
Reported by FlawFinder.
Line: 386
Column: 9
CWE codes:
126
if (!rel)
puts("(null)");
else
puts(strlen(rel) > 0 ? rel : "(empty)");
strbuf_release(&sb);
return 0;
}
if (argc == 2 && !strcmp(argv[1], "basename"))
Reported by FlawFinder.
compat/terminal.c
11 issues
Line: 366
Column: 9
CWE codes:
676
120
20
Suggestion:
Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space
char *git_terminal_prompt(const char *prompt, int echo)
{
return getpass(prompt);
}
int read_key_without_echo(struct strbuf *buf)
{
static int warning_displayed;
Reported by FlawFinder.
Line: 380
Column: 8
CWE codes:
676
120
20
Suggestion:
Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space
warning_displayed = 1;
}
res = getpass("");
strbuf_reset(buf);
if (!res)
return EOF;
strbuf_addstr(buf, res);
return 0;
Reported by FlawFinder.
Line: 42
Column: 12
CWE codes:
362
{
struct termios t;
term_fd = open("/dev/tty", O_RDWR);
if (tcgetattr(term_fd, &t) < 0)
goto error;
old_term = t;
sigchain_push_common(restore_term_on_signal);
Reported by FlawFinder.
Line: 208
Column: 13
CWE codes:
362
int r;
FILE *input_fh, *output_fh;
input_fh = fopen(INPUT_PATH, "r" FORCE_TEXT);
if (!input_fh)
return NULL;
output_fh = fopen(OUTPUT_PATH, "w" FORCE_TEXT);
if (!output_fh) {
Reported by FlawFinder.
Line: 212
Column: 14
CWE codes:
362
if (!input_fh)
return NULL;
output_fh = fopen(OUTPUT_PATH, "w" FORCE_TEXT);
if (!output_fh) {
fclose(input_fh);
return NULL;
}
Reported by FlawFinder.
Line: 252
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
struct escape_sequence_entry {
struct hashmap_entry entry;
char sequence[FLEX_ARRAY];
};
static int sequence_entry_cmp(const void *hashmap_cmp_fn_data,
const struct escape_sequence_entry *e1,
const struct escape_sequence_entry *e2,
Reported by FlawFinder.
Line: 184
Column: 57
CWE codes:
120
20
DWORD read = 0;
unsigned char ch;
if (!ReadFile(GetStdHandle(STD_INPUT_HANDLE), &ch, 1, &read, NULL))
return EOF;
if (!read) {
error("Unexpected 0 read");
return EOF;
Reported by FlawFinder.
usage.c
11 issues
Line: 284
CWE codes:
664
if (BUG_exit_code)
exit(BUG_exit_code);
abort();
}
#ifdef HAVE_VARIADIC_MACROS
NORETURN void BUG_fl(const char *file, int line, const char *fmt, ...)
{
va_list ap;
Reported by Cppcheck.
Line: 21
Column: 6
CWE codes:
134
Suggestion:
Use a constant for the format specification
}
memcpy(msg, prefix, prefix_len);
p = msg + prefix_len;
if (vsnprintf(p, pend - p, err, params) < 0)
*p = '\0'; /* vsnprintf() failed, clip at prefix */
for (; p != pend - 1 && *p; p++) {
if (iscntrl(*p) && *p != '\t' && *p != '\n')
*p = '?';
Reported by FlawFinder.
Line: 11
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void vreportf(const char *prefix, const char *err, va_list params)
{
char msg[4096];
char *p, *pend = msg + sizeof(msg);
size_t prefix_len = strlen(prefix);
if (sizeof(msg) <= prefix_len) {
fprintf(stderr, "BUG!!! too long a prefix '%s'\n", prefix);
Reported by FlawFinder.
Line: 19
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
fprintf(stderr, "BUG!!! too long a prefix '%s'\n", prefix);
abort();
}
memcpy(msg, prefix, prefix_len);
p = msg + prefix_len;
if (vsnprintf(p, pend - p, err, params) < 0)
*p = '\0'; /* vsnprintf() failed, clip at prefix */
for (; p != pend - 1 && *p; p++) {
Reported by FlawFinder.
Line: 176
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char *fmt_with_err(char *buf, int n, const char *fmt)
{
char str_error[256], *err;
int i, j;
err = strerror(errno);
for (i = j = 0; err[i] && j < sizeof(str_error) - 1; ) {
if ((str_error[j++] = err[i++]) != '%')
Reported by FlawFinder.
Line: 200
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void NORETURN die_errno(const char *fmt, ...)
{
char buf[1024];
va_list params;
if (die_is_recursing()) {
fputs("fatal: recursion detected in die_errno handler\n",
stderr);
Reported by FlawFinder.
Line: 217
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#undef error_errno
int error_errno(const char *fmt, ...)
{
char buf[1024];
va_list params;
va_start(params, fmt);
error_routine(fmt_with_err(buf, sizeof(buf), fmt), params);
va_end(params);
Reported by FlawFinder.
Line: 239
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void warning_errno(const char *warn, ...)
{
char buf[1024];
va_list params;
va_start(params, warn);
warn_routine(fmt_with_err(buf, sizeof(buf), warn), params);
va_end(params);
Reported by FlawFinder.
Line: 261
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static NORETURN void BUG_vfl(const char *file, int line, const char *fmt, va_list params)
{
char prefix[256];
va_list params_copy;
static int in_bug;
va_copy(params_copy, params);
Reported by FlawFinder.
Line: 309
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static struct suppressed_leak_root {
struct suppressed_leak_root *next;
char data[FLEX_ARRAY];
} *suppressed_leaks;
struct suppressed_leak_root *root;
FLEX_ALLOC_MEM(root, data, ptr, len);
root->next = suppressed_leaks;
Reported by FlawFinder.
notes.c
11 issues
Line: 987
Column: 15
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
{
const char *notes_ref = NULL;
if (!notes_ref)
notes_ref = getenv(GIT_NOTES_REF_ENVIRONMENT);
if (!notes_ref)
notes_ref = notes_ref_name; /* value of core.notesRef config */
if (!notes_ref)
notes_ref = GIT_NOTES_DEFAULT_REF;
return notes_ref;
Reported by FlawFinder.
Line: 1094
Column: 21
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
if (!opt || opt->use_default_notes > 0 ||
(opt->use_default_notes == -1 && !opt->extra_notes_refs.nr)) {
string_list_append(&display_notes_refs, default_notes_ref());
display_ref_env = getenv(GIT_NOTES_DISPLAY_REF_ENVIRONMENT);
if (display_ref_env) {
string_list_add_refs_from_colon_sep(&display_notes_refs,
display_ref_env);
load_config_refs = 0;
} else
Reported by FlawFinder.
Line: 412
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
BUG("prefix_len (%"PRIuMAX") is out of range", (uintmax_t)prefix_len);
if (prefix_len * 2 < n)
BUG("prefix_len (%"PRIuMAX") is too small", (uintmax_t)prefix_len);
memcpy(object_oid.hash, subtree->key_oid.hash, prefix_len);
while (tree_entry(&desc, &entry)) {
unsigned char type;
struct leaf_node *l;
size_t path_len = strlen(entry.path);
Reported by FlawFinder.
Line: 563
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *p;
int ret = 0;
struct leaf_node *l;
static char path[FANOUT_PATH_MAX];
fanout = determine_fanout(tree, n, fanout);
for (i = 0; i < 16; i++) {
redo:
p = tree->a[i];
Reported by FlawFinder.
Line: 634
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct tree_write_stack {
struct tree_write_stack *next;
struct strbuf buf;
char path[2]; /* path to subtree in next, if any */
};
static inline int matches_tree_write_stack(struct tree_write_stack *tws,
const char *full_path)
{
Reported by FlawFinder.
Line: 831
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* concatenate cur_msg and new_msg into buf */
buf_len = cur_len + 2 + new_len;
buf = (char *) xmalloc(buf_len);
memcpy(buf, cur_msg, cur_len);
buf[cur_len] = '\n';
buf[cur_len + 1] = '\n';
memcpy(buf + cur_len + 2, new_msg, new_len);
free(cur_msg);
free(new_msg);
Reported by FlawFinder.
Line: 834
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(buf, cur_msg, cur_len);
buf[cur_len] = '\n';
buf[cur_len + 1] = '\n';
memcpy(buf + cur_len + 2, new_msg, new_len);
free(cur_msg);
free(new_msg);
/* create a new blob object from buf */
ret = write_object_file(buf, buf_len, blob_type, cur_oid);
Reported by FlawFinder.
Line: 416
Column: 21
CWE codes:
126
while (tree_entry(&desc, &entry)) {
unsigned char type;
struct leaf_node *l;
size_t path_len = strlen(entry.path);
if (path_len == 2 * (hashsz - prefix_len)) {
/* This is potentially the remainder of the SHA-1 */
if (!S_ISREG(entry.mode))
Reported by FlawFinder.
Line: 694
Column: 20
CWE codes:
126
const char *path, unsigned int mode,
const struct object_id *oid)
{
size_t path_len = strlen(path);
unsigned int n = 0;
int ret;
/* Determine common part of tree write stack */
while (tws && 3 * n < path_len &&
Reported by FlawFinder.
Line: 761
Column: 25
CWE codes:
126
{
struct write_each_note_data *d =
(struct write_each_note_data *) cb_data;
size_t note_path_len = strlen(note_path);
unsigned int mode = 0100644;
if (note_path[note_path_len - 1] == '/') {
/* subtree entry */
note_path_len--;
Reported by FlawFinder.
packfile.c
10 issues
Line: 1974
CWE codes:
908
}
hashcpy(oid.hash, sha1);
if (bsearch_pack(&oid, p, &result))
return nth_packed_object_offset(p, result);
return 0;
}
int is_pack_valid(struct packed_git *p)
Reported by Cppcheck.
Line: 375
Column: 8
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (!force_delete) {
strbuf_addstr(&buf, ".keep");
if (!access(buf.buf, F_OK)) {
strbuf_release(&buf);
return;
}
}
Reported by FlawFinder.
Line: 712
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
memcpy(p->pack_name, path, path_len);
xsnprintf(p->pack_name + path_len, alloc - path_len, ".keep");
if (!access(p->pack_name, F_OK))
p->pack_keep = 1;
xsnprintf(p->pack_name + path_len, alloc - path_len, ".promisor");
if (!access(p->pack_name, F_OK))
p->pack_promisor = 1;
Reported by FlawFinder.
Line: 716
Column: 7
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
p->pack_keep = 1;
xsnprintf(p->pack_name + path_len, alloc - path_len, ".promisor");
if (!access(p->pack_name, F_OK))
p->pack_promisor = 1;
xsnprintf(p->pack_name + path_len, alloc - path_len, ".pack");
if (stat(p->pack_name, &st) || !S_ISREG(st.st_mode)) {
free(p);
Reported by FlawFinder.
Line: 239
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t alloc = st_add(strlen(path), 1);
struct packed_git *p = alloc_packed_git(alloc);
memcpy(p->pack_name, path, alloc); /* includes NUL */
hashcpy(p->hash, sha1);
if (check_packed_git_idx(idx_path, p)) {
free(p);
return NULL;
}
Reported by FlawFinder.
Line: 522
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
struct stat st;
struct pack_header hdr;
unsigned char hash[GIT_MAX_RAWSZ];
unsigned char *idx_hash;
ssize_t read_result;
const unsigned hashsz = the_hash_algo->rawsz;
if (open_pack_index(p))
Reported by FlawFinder.
Line: 709
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
alloc = st_add3(path_len, strlen(".promisor"), 1);
p = alloc_packed_git(alloc);
memcpy(p->pack_name, path, path_len);
xsnprintf(p->pack_name + path_len, alloc - path_len, ".keep");
if (!access(p->pack_name, F_OK))
p->pack_keep = 1;
Reported by FlawFinder.
Line: 1088
Column: 11
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
off_t curpos)
{
const unsigned char *data;
unsigned char delta_head[20], *in;
git_zstream stream;
int st;
memset(&stream, 0, sizeof(stream));
stream.next_out = delta_head;
Reported by FlawFinder.
Line: 236
Column: 24
CWE codes:
126
struct packed_git *parse_pack_index(unsigned char *sha1, const char *idx_path)
{
const char *path = sha1_pack_name(sha1);
size_t alloc = st_add(strlen(path), 1);
struct packed_git *p = alloc_packed_git(alloc);
memcpy(p->pack_name, path, alloc); /* includes NUL */
hashcpy(p->hash, sha1);
if (check_packed_git_idx(idx_path, p)) {
Reported by FlawFinder.
Line: 707
Column: 28
CWE codes:
126
* ".promisor" is long enough to hold any suffix we're adding (and
* the use xsnprintf double-checks that)
*/
alloc = st_add3(path_len, strlen(".promisor"), 1);
p = alloc_packed_git(alloc);
memcpy(p->pack_name, path, path_len);
xsnprintf(p->pack_name + path_len, alloc - path_len, ".keep");
if (!access(p->pack_name, F_OK))
Reported by FlawFinder.
builtin/replace.c
10 issues
Line: 227
Column: 7
CWE codes:
362
struct child_process cmd = CHILD_PROCESS_INIT;
int fd;
fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0666);
if (fd < 0)
return error_errno(_("unable to open %s for writing"), filename);
strvec_push(&cmd.args, "--no-replace-objects");
strvec_push(&cmd.args, "cat-file");
Reported by FlawFinder.
Line: 256
Column: 7
CWE codes:
362
{
int fd;
fd = open(filename, O_RDONLY);
if (fd < 0)
return error_errno(_("unable to open %s for reading"), filename);
if (!raw && type == OBJ_TREE) {
const char *argv[] = { "mktree", NULL };
Reported by FlawFinder.
Line: 316
Column: 8
CWE codes:
377
static int edit_and_replace(const char *object_ref, int force, int raw)
{
char *tmpfile;
enum object_type type;
struct object_id old_oid, new_oid, prev;
struct strbuf ref = STRBUF_INIT;
if (get_oid(object_ref, &old_oid) < 0)
Reported by FlawFinder.
Line: 336
Column: 41
CWE codes:
377
strbuf_release(&ref);
tmpfile = git_pathdup("REPLACE_EDITOBJ");
if (export_object(&old_oid, type, raw, tmpfile)) {
free(tmpfile);
return -1;
}
if (launch_editor(tmpfile, NULL, NULL) < 0) {
free(tmpfile);
Reported by FlawFinder.
Line: 337
Column: 8
CWE codes:
377
tmpfile = git_pathdup("REPLACE_EDITOBJ");
if (export_object(&old_oid, type, raw, tmpfile)) {
free(tmpfile);
return -1;
}
if (launch_editor(tmpfile, NULL, NULL) < 0) {
free(tmpfile);
return error(_("editing object file failed"));
Reported by FlawFinder.
Line: 340
Column: 20
CWE codes:
377
free(tmpfile);
return -1;
}
if (launch_editor(tmpfile, NULL, NULL) < 0) {
free(tmpfile);
return error(_("editing object file failed"));
}
if (import_object(&new_oid, type, raw, tmpfile)) {
free(tmpfile);
Reported by FlawFinder.
Line: 341
Column: 8
CWE codes:
377
return -1;
}
if (launch_editor(tmpfile, NULL, NULL) < 0) {
free(tmpfile);
return error(_("editing object file failed"));
}
if (import_object(&new_oid, type, raw, tmpfile)) {
free(tmpfile);
return -1;
Reported by FlawFinder.
Line: 344
Column: 41
CWE codes:
377
free(tmpfile);
return error(_("editing object file failed"));
}
if (import_object(&new_oid, type, raw, tmpfile)) {
free(tmpfile);
return -1;
}
free(tmpfile);
Reported by FlawFinder.
Line: 345
Column: 8
CWE codes:
377
return error(_("editing object file failed"));
}
if (import_object(&new_oid, type, raw, tmpfile)) {
free(tmpfile);
return -1;
}
free(tmpfile);
if (oideq(&old_oid, &new_oid))
Reported by FlawFinder.
Line: 348
Column: 7
CWE codes:
377
free(tmpfile);
return -1;
}
free(tmpfile);
if (oideq(&old_oid, &new_oid))
return error(_("new object is the same as the old one: '%s'"), oid_to_hex(&old_oid));
return replace_object_oid(object_ref, &old_oid, "replacement", &new_oid, force);
Reported by FlawFinder.
refs/files-backend.c
10 issues
Line: 440
Column: 7
CWE codes:
362
* Anything else, just open it and try to use it as
* a ref
*/
fd = open(path, O_RDONLY);
if (fd < 0) {
if (errno == ENOENT && !S_ISLNK(st.st_mode))
/* inconsistent with lstat; retry */
goto stat_ref;
else
Reported by FlawFinder.
Line: 1015
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ref_to_prune {
struct ref_to_prune *next;
struct object_id oid;
char name[FLEX_ARRAY];
};
enum {
REMOVE_EMPTY_PARENTS_REF = 0x01,
REMOVE_EMPTY_PARENTS_REFLOG = 0x02
Reported by FlawFinder.
Line: 1533
Column: 8
CWE codes:
362
{
int *fd = cb;
*fd = open(path, O_APPEND | O_WRONLY | O_CREAT, 0666);
return (*fd < 0) ? -1 : 0;
}
/*
* Create a reflog for a ref. If force_create = 0, only create the
Reported by FlawFinder.
Line: 1572
Column: 12
CWE codes:
362
goto error;
}
} else {
*logfd = open(logfile, O_APPEND | O_WRONLY, 0666);
if (*logfd < 0) {
if (errno == ENOENT || errno == EISDIR) {
/*
* The logfile doesn't already exist,
* but that is not an error; it only
Reported by FlawFinder.
Line: 1946
Column: 10
CWE codes:
362
int ret = 0, at_tail = 1;
files_reflog_path(refs, &sb, refname);
logfp = fopen(sb.buf, "r");
strbuf_release(&sb);
if (!logfp)
return -1;
/* Jump to the end */
Reported by FlawFinder.
Line: 1959
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
while (!ret && 0 < pos) {
int cnt;
size_t nread;
char buf[BUFSIZ];
char *endp, *scanp;
/* Fill next block from the end */
cnt = (sizeof(buf) < pos) ? sizeof(buf) : pos;
if (fseek(logfp, pos - cnt, SEEK_SET)) {
Reported by FlawFinder.
Line: 2058
Column: 10
CWE codes:
362
int ret = 0;
files_reflog_path(refs, &sb, refname);
logfp = fopen(sb.buf, "r");
strbuf_release(&sb);
if (!logfp)
return -1;
while (!ret && !strbuf_getwholeline(&sb, logfp, '\n'))
Reported by FlawFinder.
Line: 223
Column: 20
CWE codes:
126
for (ip = 0; ip < ARRAY_SIZE(prefixes); ip++) {
const char *prefix = prefixes[ip];
int prefix_len = strlen(prefix);
struct ref_entry *child_entry;
int pos;
pos = search_ref_dir(dir, prefix, prefix_len);
if (pos >= 0)
Reported by FlawFinder.
Line: 247
Column: 19
CWE codes:
126
files_downcast(ref_store, REF_STORE_READ, "fill_ref_dir");
DIR *d;
struct dirent *de;
int dirnamelen = strlen(dirname);
struct strbuf refname;
struct strbuf path = STRBUF_INIT;
size_t path_baselen;
files_ref_path(refs, &path, dirname);
Reported by FlawFinder.
Line: 1509
Column: 16
CWE codes:
126
* the lockfile to. Hopefully it is empty; try to
* delete it.
*/
size_t len = strlen(path);
struct strbuf sb_path = STRBUF_INIT;
strbuf_attach(&sb_path, path, len, len);
/*
Reported by FlawFinder.
bundle.c
10 issues
Line: 29
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void bundle_header_init(struct bundle_header *header)
{
struct bundle_header blank = BUNDLE_HEADER_INIT;
memcpy(header, &blank, sizeof(*header));
}
void bundle_header_release(struct bundle_header *header)
{
string_list_clear(&header->prerequisites, 1);
Reported by FlawFinder.
Line: 137
Column: 11
CWE codes:
362
int read_bundle_header(const char *path, struct bundle_header *header)
{
int fd = open(path, O_RDONLY);
if (fd < 0)
return error(_("could not open '%s'"), path);
return parse_bundle_header(fd, header, path);
}
Reported by FlawFinder.
Line: 147
Column: 11
CWE codes:
362
int is_bundle(const char *path, int quiet)
{
struct bundle_header header = BUNDLE_HEADER_INIT;
int fd = open(path, O_RDONLY);
if (fd < 0)
return 0;
fd = parse_bundle_header(fd, &header, quiet ? NULL : path);
if (fd >= 0)
Reported by FlawFinder.
Line: 529
Column: 2
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
/* save revs.pending in revs_copy for later use */
memcpy(&revs_copy, &revs, sizeof(revs));
revs_copy.pending.nr = 0;
revs_copy.pending.alloc = 0;
revs_copy.pending.objects = NULL;
for (i = 0; i < revs.pending.nr; i++) {
struct object_array_entry *e = revs.pending.objects + i;
Reported by FlawFinder.
Line: 378
Column: 25
CWE codes:
126
if (e->item->flags & UNINTERESTING)
continue;
if (dwim_ref(e->name, strlen(e->name), &oid, &ref, 0) != 1)
goto skip_write_ref;
if (read_ref_full(e->name, RESOLVE_REF_READING, &oid, &flag))
flag = 0;
display_ref = (flag & REF_ISSYMREF) ? e->name : ref;
Reported by FlawFinder.
Line: 438
Column: 40
CWE codes:
126
ref_count++;
write_or_die(bundle_fd, oid_to_hex(&e->item->oid), the_hash_algo->hexsz);
write_or_die(bundle_fd, " ", 1);
write_or_die(bundle_fd, display_ref, strlen(display_ref));
write_or_die(bundle_fd, "\n", 1);
skip_write_ref:
free(ref);
}
Reported by FlawFinder.
Line: 508
Column: 48
CWE codes:
126
} else if (version < min_version) {
die(_("cannot write bundle version %d with algorithm %s"), version, the_hash_algo->name);
} else if (version == 2) {
write_or_die(bundle_fd, v2_bundle_signature, strlen(v2_bundle_signature));
} else {
const char *capability = "@object-format=";
write_or_die(bundle_fd, v3_bundle_signature, strlen(v3_bundle_signature));
write_or_die(bundle_fd, capability, strlen(capability));
write_or_die(bundle_fd, the_hash_algo->name, strlen(the_hash_algo->name));
Reported by FlawFinder.
Line: 511
Column: 48
CWE codes:
126
write_or_die(bundle_fd, v2_bundle_signature, strlen(v2_bundle_signature));
} else {
const char *capability = "@object-format=";
write_or_die(bundle_fd, v3_bundle_signature, strlen(v3_bundle_signature));
write_or_die(bundle_fd, capability, strlen(capability));
write_or_die(bundle_fd, the_hash_algo->name, strlen(the_hash_algo->name));
write_or_die(bundle_fd, "\n", 1);
}
Reported by FlawFinder.
Line: 512
Column: 39
CWE codes:
126
} else {
const char *capability = "@object-format=";
write_or_die(bundle_fd, v3_bundle_signature, strlen(v3_bundle_signature));
write_or_die(bundle_fd, capability, strlen(capability));
write_or_die(bundle_fd, the_hash_algo->name, strlen(the_hash_algo->name));
write_or_die(bundle_fd, "\n", 1);
}
/* init revs to list objects for pack-objects later */
Reported by FlawFinder.
Line: 513
Column: 48
CWE codes:
126
const char *capability = "@object-format=";
write_or_die(bundle_fd, v3_bundle_signature, strlen(v3_bundle_signature));
write_or_die(bundle_fd, capability, strlen(capability));
write_or_die(bundle_fd, the_hash_algo->name, strlen(the_hash_algo->name));
write_or_die(bundle_fd, "\n", 1);
}
/* init revs to list objects for pack-objects later */
save_commit_buffer = 0;
Reported by FlawFinder.
compat/simple-ipc/ipc-win32.c
10 issues
Line: 23
Column: 8
CWE codes:
134
Suggestion:
Make format string constant
if (!strbuf_realpath(&realpath, path, 0))
return -1;
off = swprintf(wpath, alloc, L"\\\\.\\pipe\\");
if (xutftowcs(wpath + off, realpath.buf, alloc - off) < 0)
return -1;
/* Handle drive prefix */
if (wpath[off] && wpath[off + 1] == L':') {
Reported by FlawFinder.
Line: 639
Column: 2
CWE codes:
120
Suggestion:
Consider using a function version that stops copying at the end of the buffer
server_data->hEventStopRequested = CreateEvent(NULL, TRUE, FALSE, NULL);
strbuf_init(&server_data->buf_path, 0);
strbuf_addstr(&server_data->buf_path, path);
wcscpy(server_data->wpath, wpath);
if (nr_threads < 1)
nr_threads = 1;
for (k = 0; k < nr_threads; k++) {
Reported by FlawFinder.
Line: 20
Column: 24
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
int off = 0;
struct strbuf realpath = STRBUF_INIT;
if (!strbuf_realpath(&realpath, path, 0))
return -1;
off = swprintf(wpath, alloc, L"\\\\.\\pipe\\");
if (xutftowcs(wpath + off, realpath.buf, alloc - off) < 0)
return -1;
Reported by FlawFinder.
Line: 24
Column: 29
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
return -1;
off = swprintf(wpath, alloc, L"\\\\.\\pipe\\");
if (xutftowcs(wpath + off, realpath.buf, alloc - off) < 0)
return -1;
/* Handle drive prefix */
if (wpath[off] && wpath[off + 1] == L':') {
wpath[off + 1] = L'_';
Reported by FlawFinder.
Line: 37
Column: 18
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
if (wpath[off] == L'/')
wpath[off] = L'\\';
strbuf_release(&realpath);
return 0;
}
static enum ipc_active_state get_active_state(wchar_t *pipe_path)
{
Reported by FlawFinder.
Line: 57
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
enum ipc_active_state ipc_get_active_state(const char *path)
{
wchar_t pipe_path[MAX_PATH];
if (initialize_pipe_name(path, pipe_path, ARRAY_SIZE(pipe_path)) < 0)
return IPC_STATE__INVALID_PATH;
return get_active_state(pipe_path);
Reported by FlawFinder.
Line: 171
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const struct ipc_client_connect_options *options,
struct ipc_client_connection **p_connection)
{
wchar_t wpath[MAX_PATH];
enum ipc_active_state state = IPC_STATE__OTHER_ERROR;
int fd = -1;
*p_connection = NULL;
Reported by FlawFinder.
Line: 336
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ipc_server_application_cb *application_cb;
void *application_data;
struct strbuf buf_path;
wchar_t wpath[MAX_PATH];
HANDLE hEventStopRequested;
struct ipc_server_thread_data *thread_list;
int is_stopped;
};
Reported by FlawFinder.
Line: 612
Column: 2
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void *application_data)
{
struct ipc_server_data *server_data;
wchar_t wpath[MAX_PATH];
HANDLE hPipeFirst = INVALID_HANDLE_VALUE;
int k;
int ret = 0;
int nr_threads = opts->nr_threads;
Reported by FlawFinder.
Line: 219
Column: 50
CWE codes:
126
trace2_region_enter("ipc-client", "send-command", NULL);
if (write_packetized_from_buf_no_flush(message, strlen(message),
connection->fd) < 0 ||
packet_flush_gently(connection->fd) < 0) {
ret = error(_("could not send IPC command"));
goto done;
}
Reported by FlawFinder.