The following issues were found
AK/kstdio.h
4 issues
Line: 17
Column: 68
CWE codes:
134
Suggestion:
Use a constant for the format specification
# include <stdarg.h>
extern "C" {
void dbgputstr(const char*, size_t);
int sprintf(char* buf, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
int snprintf(char* buffer, size_t, const char* fmt, ...) __attribute__((format(printf, 3, 4)));
}
# endif
#else
# include <stdio.h>
Reported by FlawFinder.
Line: 17
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
# include <stdarg.h>
extern "C" {
void dbgputstr(const char*, size_t);
int sprintf(char* buf, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
int snprintf(char* buffer, size_t, const char* fmt, ...) __attribute__((format(printf, 3, 4)));
}
# endif
#else
# include <stdio.h>
Reported by FlawFinder.
Line: 18
Column: 80
CWE codes:
134
Suggestion:
Use a constant for the format specification
extern "C" {
void dbgputstr(const char*, size_t);
int sprintf(char* buf, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
int snprintf(char* buffer, size_t, const char* fmt, ...) __attribute__((format(printf, 3, 4)));
}
# endif
#else
# include <stdio.h>
inline void dbgputstr(const char* characters, size_t length)
Reported by FlawFinder.
Line: 18
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
extern "C" {
void dbgputstr(const char*, size_t);
int sprintf(char* buf, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
int snprintf(char* buffer, size_t, const char* fmt, ...) __attribute__((format(printf, 3, 4)));
}
# endif
#else
# include <stdio.h>
inline void dbgputstr(const char* characters, size_t length)
Reported by FlawFinder.
Tests/AK/TestUFixedBigInt.cpp
4 issues
Line: 25
Column: 5
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
TEST_CASE(identities)
{
srand(0);
for (int i = 0; i < test_iterations; ++i) {
auto x = get_random<u256>();
if ((x >> 255u) & 1u) {
// ignore numbers that could overflow
--i;
Reported by FlawFinder.
Line: 45
Column: 5
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
TEST_CASE(sqrt)
{
srand(0);
for (int i = 0; i < test_iterations; ++i) {
u256 x = get_random<u128>();
EXPECT_EQ((x * x).sqrt(), x);
}
}
Reported by FlawFinder.
Line: 66
Column: 5
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
TEST_CASE(simple_multiplication)
{
srand(0);
for (int i = 0; i < test_iterations; ++i) {
u256 a = get_random<u256>();
EXPECT_EQ(a * 0u, 0u);
EXPECT_EQ(a * 1u, a);
Reported by FlawFinder.
Line: 81
Column: 5
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
TEST_CASE(div_mod)
{
srand(0);
for (int i = 0; i < test_iterations; ++i) {
u256 a = get_random<u256>();
u256 b = get_random<u256>();
u256 mod;
u256 div = a.div_mod(b, mod);
Reported by FlawFinder.
Tests/AK/TestSpan.cpp
4 issues
Line: 124
Column: 49
CWE codes:
126
TEST_CASE(span_from_c_string)
{
const char* str = "Serenity";
[[maybe_unused]] ReadonlyBytes bytes { str, strlen(str) };
}
TEST_CASE(starts_with)
{
const char* str = "HeyFriends!";
Reported by FlawFinder.
Line: 130
Column: 32
CWE codes:
126
TEST_CASE(starts_with)
{
const char* str = "HeyFriends!";
ReadonlyBytes bytes { str, strlen(str) };
const char* str_hey = "Hey";
ReadonlyBytes hey_bytes { str_hey, strlen(str_hey) };
EXPECT(bytes.starts_with(hey_bytes));
const char* str_nah = "Nah";
ReadonlyBytes nah_bytes { str_nah, strlen(str_nah) };
Reported by FlawFinder.
Line: 132
Column: 40
CWE codes:
126
const char* str = "HeyFriends!";
ReadonlyBytes bytes { str, strlen(str) };
const char* str_hey = "Hey";
ReadonlyBytes hey_bytes { str_hey, strlen(str_hey) };
EXPECT(bytes.starts_with(hey_bytes));
const char* str_nah = "Nah";
ReadonlyBytes nah_bytes { str_nah, strlen(str_nah) };
EXPECT(!bytes.starts_with(nah_bytes));
Reported by FlawFinder.
Line: 135
Column: 40
CWE codes:
126
ReadonlyBytes hey_bytes { str_hey, strlen(str_hey) };
EXPECT(bytes.starts_with(hey_bytes));
const char* str_nah = "Nah";
ReadonlyBytes nah_bytes { str_nah, strlen(str_nah) };
EXPECT(!bytes.starts_with(nah_bytes));
const u8 hey_array[3] = { 'H', 'e', 'y' };
ReadonlyBytes hey_bytes_u8 { hey_array, 3 };
EXPECT(bytes.starts_with(hey_bytes_u8));
Reported by FlawFinder.
Userland/Games/Chess/Engine.h
4 issues
Line: 14
#include <sys/types.h>
class Engine : public Chess::UCI::Endpoint {
C_OBJECT(Engine)
public:
virtual ~Engine() override;
Engine(const StringView& command);
Reported by Cppcheck.
Line: 14
#include <sys/types.h>
class Engine : public Chess::UCI::Endpoint {
C_OBJECT(Engine)
public:
virtual ~Engine() override;
Engine(const StringView& command);
Reported by Cppcheck.
Line: 14
#include <sys/types.h>
class Engine : public Chess::UCI::Endpoint {
C_OBJECT(Engine)
public:
virtual ~Engine() override;
Engine(const StringView& command);
Reported by Cppcheck.
Line: 14
#include <sys/types.h>
class Engine : public Chess::UCI::Endpoint {
C_OBJECT(Engine)
public:
virtual ~Engine() override;
Engine(const StringView& command);
Reported by Cppcheck.
Userland/Libraries/LibSQL/Value.cpp
4 issues
Line: 207
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m_deserialize = [&](ByteBuffer& buffer, size_t& at_offset) {
int len;
memcpy(&len, buffer.offset_pointer((int)at_offset), sizeof(int));
at_offset += sizeof(int);
m_impl = String((const char*)buffer.offset_pointer((int)at_offset));
at_offset += 64;
};
Reported by FlawFinder.
Line: 214
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
m_serialize = [&](ByteBuffer& buffer) {
char zeroes[64];
int len = min((int)m_impl.get<String>().length(), 63);
buffer.append(&len, sizeof(int));
buffer.append(m_impl.get<String>().characters(), len);
memset(zeroes, 0, 64);
Reported by FlawFinder.
Line: 286
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m_size = []() { return sizeof(int); };
m_deserialize = [&](ByteBuffer& buffer, size_t& at_offset) {
memcpy(m_impl.get_pointer<int>(), buffer.offset_pointer((int)at_offset), sizeof(int));
at_offset += sizeof(int);
};
m_serialize = [&](ByteBuffer& buffer) {
buffer.append(m_impl.get_pointer<int>(), sizeof(int));
Reported by FlawFinder.
Line: 353
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m_size = []() { return sizeof(double); };
m_deserialize = [&](ByteBuffer& buffer, size_t& at_offset) {
memcpy(m_impl.get_pointer<double>(), buffer.offset_pointer((int)at_offset), sizeof(double));
at_offset += sizeof(double);
};
m_serialize = [&](ByteBuffer& buffer) {
buffer.append(m_impl.get_pointer<double>(), sizeof(double));
Reported by FlawFinder.
Kernel/Arch/PC/BIOS.h
4 issues
Line: 22
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
namespace Kernel::SMBIOS {
struct [[gnu::packed]] LegacyEntryPoint32bit {
char legacy_sig[5];
u8 checksum2;
u16 smboios_table_length;
u32 smbios_table_ptr;
u16 smbios_tables_count;
u8 smbios_bcd_revision;
Reported by FlawFinder.
Line: 31
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct [[gnu::packed]] EntryPoint32bit {
char sig[4];
u8 checksum;
u8 length;
u8 major_version;
u8 minor_version;
u16 maximum_structure_size;
Reported by FlawFinder.
Line: 38
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 minor_version;
u16 maximum_structure_size;
u8 implementation_revision;
char formatted_area[5];
LegacyEntryPoint32bit legacy_structure;
};
struct [[gnu::packed]] EntryPoint64bit {
char sig[5];
Reported by FlawFinder.
Line: 43
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct [[gnu::packed]] EntryPoint64bit {
char sig[5];
u8 checksum;
u8 length;
u8 major_version;
u8 minor_version;
u8 document_revision;
Reported by FlawFinder.
Userland/Libraries/LibJS/Runtime/MathObject.cpp
4 issues
Line: 82
}
// 21.3.2.1 Math.abs ( x ), https://tc39.es/ecma262/#sec-math.abs
JS_DEFINE_NATIVE_FUNCTION(MathObject::abs)
{
auto number = vm.argument(0).to_number(global_object);
if (vm.exception())
return {};
if (number.is_nan())
Reported by Cppcheck.
Line: 28
Column: 45
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
Object::initialize(global_object);
u8 attr = Attribute::Writable | Attribute::Configurable;
define_native_function(vm.names.abs, abs, 1, attr);
define_native_function(vm.names.random, random, 0, attr);
define_native_function(vm.names.sqrt, sqrt, 1, attr);
define_native_function(vm.names.floor, floor, 1, attr);
define_native_function(vm.names.ceil, ceil, 1, attr);
define_native_function(vm.names.round, round, 1, attr);
define_native_function(vm.names.max, max, 2, attr);
Reported by FlawFinder.
Line: 28
Column: 37
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
Object::initialize(global_object);
u8 attr = Attribute::Writable | Attribute::Configurable;
define_native_function(vm.names.abs, abs, 1, attr);
define_native_function(vm.names.random, random, 0, attr);
define_native_function(vm.names.sqrt, sqrt, 1, attr);
define_native_function(vm.names.floor, floor, 1, attr);
define_native_function(vm.names.ceil, ceil, 1, attr);
define_native_function(vm.names.round, round, 1, attr);
define_native_function(vm.names.max, max, 2, attr);
Reported by FlawFinder.
Line: 97
Column: 39
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
// 21.3.2.27 Math.random ( ), https://tc39.es/ecma262/#sec-math.random
JS_DEFINE_NATIVE_FUNCTION(MathObject::random)
{
#ifdef __serenity__
double r = (double)get_random<u32>() / (double)UINT32_MAX;
#else
double r = (double)rand() / (double)RAND_MAX;
Reported by FlawFinder.
Userland/DevTools/HackStudio/HackStudioWidget.cpp
4 issues
Line: 854
Column: 20
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
auto selections = m_project_tree_view->selection().indices();
auto it = selections.find_if([&](auto selected_file) {
return access(m_project->model().full_path(selected_file.parent()).characters(), W_OK) == 0;
});
bool has_permissions = it != selections.end();
m_delete_action->set_enabled(!m_project_tree_view->selection().is_empty() && has_permissions);
};
Reported by FlawFinder.
Line: 374
Column: 20
CWE codes:
362
filepath = String::formatted("{}{}", filepath, filename);
auto file = Core::File::construct(filepath);
if (!file->open((Core::OpenMode)(Core::OpenMode::WriteOnly | Core::OpenMode::MustBeNew))) {
GUI::MessageBox::show(window(), String::formatted("Failed to create '{}'", filepath), "Error", GUI::MessageBox::Type::Error);
return;
}
open_file(filepath);
});
Reported by FlawFinder.
Line: 429
Column: 32
CWE codes:
362
auto show_in_file_manager_action = GUI::Action::create("Show in File Manager", [this](const GUI::Action&) {
auto files = selected_file_paths();
for (auto& file : files)
Desktop::Launcher::open(URL::create_with_file_protocol(m_project->root_path(), file));
});
show_in_file_manager_action->set_enabled(true);
show_in_file_manager_action->set_icon(GUI::Icon::default_icon("app-file-manager").bitmap_for_size(16));
return show_in_file_manager_action;
Reported by FlawFinder.
Line: 1036
Column: 20
CWE codes:
362
hide_action_tabs();
});
auto open_locator_action = GUI::Action::create("Open &Locator", { Mod_Ctrl, Key_K }, [this](auto&) {
m_locator->open();
});
auto& view_menu = window.add_menu("&View");
view_menu.add_action(hide_action_tabs_action);
view_menu.add_action(open_locator_action);
Reported by FlawFinder.
Userland/DevTools/IPCCompiler/main.cpp
4 issues
Line: 88
Column: 16
CWE codes:
362
}
auto file = Core::File::construct(argv[1]);
if (!file->open(Core::OpenMode::ReadOnly)) {
warnln("Error: Cannot open {}: {}", argv[1], file->error_string());
return 1;
}
auto file_contents = file->read_all();
Reported by FlawFinder.
Line: 667
Column: 34
CWE codes:
120
20
)~~~");
if constexpr (GENERATE_DEBUG) {
endpoint_generator.append(R"~~~(
dbgln("Failed to read message endpoint magic");
)~~~");
}
endpoint_generator.append(R"~~~(
return {};
}
Reported by FlawFinder.
Line: 691
Column: 34
CWE codes:
120
20
)~~~");
if constexpr (GENERATE_DEBUG) {
endpoint_generator.append(R"~~~(
dbgln("Failed to read message ID");
)~~~");
}
endpoint_generator.append(R"~~~(
return {};
}
Reported by FlawFinder.
Line: 737
Column: 34
CWE codes:
120
20
)~~~");
if constexpr (GENERATE_DEBUG) {
endpoint_generator.append(R"~~~(
dbgln("Failed to read the message");
)~~~");
}
endpoint_generator.append(R"~~~(
return {};
}
Reported by FlawFinder.
Userland/Libraries/LibDesktop/Launcher.cpp
4 issues
Line: 40
class LaunchServerConnection final
: public IPC::ServerConnection<LaunchClientEndpoint, LaunchServerEndpoint>
, public LaunchClientEndpoint {
C_OBJECT(LaunchServerConnection)
private:
LaunchServerConnection()
: IPC::ServerConnection<LaunchClientEndpoint, LaunchServerEndpoint>(*this, "/tmp/portal/launch")
{
}
Reported by Cppcheck.
Line: 94
Column: 16
CWE codes:
362
return true;
}
bool Launcher::open(const URL& url, const String& handler_name)
{
return connection().open_url(url, handler_name);
}
bool Launcher::open(const URL& url, const Details& details)
Reported by FlawFinder.
Line: 99
Column: 16
CWE codes:
362
return connection().open_url(url, handler_name);
}
bool Launcher::open(const URL& url, const Details& details)
{
VERIFY(details.launcher_type != LauncherType::Application); // Launcher should not be used to execute arbitrary applications
return open(url, details.executable);
}
Reported by FlawFinder.
Line: 102
Column: 12
CWE codes:
362
bool Launcher::open(const URL& url, const Details& details)
{
VERIFY(details.launcher_type != LauncherType::Application); // Launcher should not be used to execute arbitrary applications
return open(url, details.executable);
}
Vector<String> Launcher::get_handlers_for_url(const URL& url)
{
return connection().get_handlers_for_url(url.to_string());
Reported by FlawFinder.