The following issues were found
Kernel/Arch/PC/BIOS.h
4 issues
Line: 22
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
namespace Kernel::SMBIOS {
struct [[gnu::packed]] LegacyEntryPoint32bit {
char legacy_sig[5];
u8 checksum2;
u16 smboios_table_length;
u32 smbios_table_ptr;
u16 smbios_tables_count;
u8 smbios_bcd_revision;
Reported by FlawFinder.
Line: 31
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct [[gnu::packed]] EntryPoint32bit {
char sig[4];
u8 checksum;
u8 length;
u8 major_version;
u8 minor_version;
u16 maximum_structure_size;
Reported by FlawFinder.
Line: 38
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
u8 minor_version;
u16 maximum_structure_size;
u8 implementation_revision;
char formatted_area[5];
LegacyEntryPoint32bit legacy_structure;
};
struct [[gnu::packed]] EntryPoint64bit {
char sig[5];
Reported by FlawFinder.
Line: 43
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct [[gnu::packed]] EntryPoint64bit {
char sig[5];
u8 checksum;
u8 length;
u8 major_version;
u8 minor_version;
u8 document_revision;
Reported by FlawFinder.
Userland/Libraries/LibVT/TerminalWidget.cpp
4 issues
Line: 723
Column: 32
CWE codes:
362
auto attribute = m_terminal.attribute_at(buffer_position_at(event.position()));
if (!attribute.href_id.is_null()) {
dbgln("Open hyperlinked URL: '{}'", attribute.href);
Desktop::Launcher::open(attribute.href);
return;
}
m_triple_click_timer.start();
Reported by FlawFinder.
Line: 1066
Column: 36
CWE codes:
362
if (!af->is_valid())
continue;
auto action = GUI::Action::create(String::formatted("&Open in {}", af->name()), af->icon().bitmap_for_size(16), [this, handler](auto&) {
Desktop::Launcher::open(m_context_menu_href, handler);
});
if (context_menu_default_action.is_null()) {
context_menu_default_action = action;
}
Reported by FlawFinder.
Line: 1170
Column: 43
CWE codes:
362
"White"
};
auto color_config = Core::ConfigFile::open(String::formatted("/res/terminal-colors/{}.ini", name));
m_show_bold_text_as_bright = color_config->read_bool_entry("Options", "ShowBoldTextAsBright", true);
auto default_background = Gfx::Color::from_string(color_config->read_entry("Primary", "Background"));
if (default_background.has_value())
Reported by FlawFinder.
Line: 52
Column: 25
CWE codes:
120
20
m_notifier = Core::Notifier::construct(m_ptm_fd, Core::Notifier::Read);
m_notifier->on_ready_to_read = [this] {
u8 buffer[BUFSIZ];
ssize_t nread = read(m_ptm_fd, buffer, sizeof(buffer));
if (nread < 0) {
dbgln("Terminal read error: {}", strerror(errno));
perror("read(ptm)");
GUI::Application::the()->quit(1);
return;
Reported by FlawFinder.
Userland/Libraries/LibSQL/Value.cpp
4 issues
Line: 207
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m_deserialize = [&](ByteBuffer& buffer, size_t& at_offset) {
int len;
memcpy(&len, buffer.offset_pointer((int)at_offset), sizeof(int));
at_offset += sizeof(int);
m_impl = String((const char*)buffer.offset_pointer((int)at_offset));
at_offset += 64;
};
Reported by FlawFinder.
Line: 214
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
m_serialize = [&](ByteBuffer& buffer) {
char zeroes[64];
int len = min((int)m_impl.get<String>().length(), 63);
buffer.append(&len, sizeof(int));
buffer.append(m_impl.get<String>().characters(), len);
memset(zeroes, 0, 64);
Reported by FlawFinder.
Line: 286
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m_size = []() { return sizeof(int); };
m_deserialize = [&](ByteBuffer& buffer, size_t& at_offset) {
memcpy(m_impl.get_pointer<int>(), buffer.offset_pointer((int)at_offset), sizeof(int));
at_offset += sizeof(int);
};
m_serialize = [&](ByteBuffer& buffer) {
buffer.append(m_impl.get_pointer<int>(), sizeof(int));
Reported by FlawFinder.
Line: 353
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m_size = []() { return sizeof(double); };
m_deserialize = [&](ByteBuffer& buffer, size_t& at_offset) {
memcpy(m_impl.get_pointer<double>(), buffer.offset_pointer((int)at_offset), sizeof(double));
at_offset += sizeof(double);
};
m_serialize = [&](ByteBuffer& buffer) {
buffer.append(m_impl.get_pointer<double>(), sizeof(double));
Reported by FlawFinder.
Userland/Games/Chess/Engine.h
4 issues
Line: 14
#include <sys/types.h>
class Engine : public Chess::UCI::Endpoint {
C_OBJECT(Engine)
public:
virtual ~Engine() override;
Engine(const StringView& command);
Reported by Cppcheck.
Line: 14
#include <sys/types.h>
class Engine : public Chess::UCI::Endpoint {
C_OBJECT(Engine)
public:
virtual ~Engine() override;
Engine(const StringView& command);
Reported by Cppcheck.
Line: 14
#include <sys/types.h>
class Engine : public Chess::UCI::Endpoint {
C_OBJECT(Engine)
public:
virtual ~Engine() override;
Engine(const StringView& command);
Reported by Cppcheck.
Line: 14
#include <sys/types.h>
class Engine : public Chess::UCI::Endpoint {
C_OBJECT(Engine)
public:
virtual ~Engine() override;
Engine(const StringView& command);
Reported by Cppcheck.
Userland/Services/WindowServer/Compositor.h
4 issues
Line: 89
};
class Compositor final : public Core::Object {
C_OBJECT(Compositor)
friend struct CompositorScreenData;
friend class Overlay;
public:
static Compositor& the();
Reported by Cppcheck.
Line: 89
};
class Compositor final : public Core::Object {
C_OBJECT(Compositor)
friend struct CompositorScreenData;
friend class Overlay;
public:
static Compositor& the();
Reported by Cppcheck.
Line: 89
};
class Compositor final : public Core::Object {
C_OBJECT(Compositor)
friend struct CompositorScreenData;
friend class Overlay;
public:
static Compositor& the();
Reported by Cppcheck.
Line: 89
};
class Compositor final : public Core::Object {
C_OBJECT(Compositor)
friend struct CompositorScreenData;
friend class Overlay;
public:
static Compositor& the();
Reported by Cppcheck.
Userland/Libraries/LibJS/Runtime/MathObject.cpp
4 issues
Line: 82
}
// 21.3.2.1 Math.abs ( x ), https://tc39.es/ecma262/#sec-math.abs
JS_DEFINE_NATIVE_FUNCTION(MathObject::abs)
{
auto number = vm.argument(0).to_number(global_object);
if (vm.exception())
return {};
if (number.is_nan())
Reported by Cppcheck.
Line: 28
Column: 45
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
Object::initialize(global_object);
u8 attr = Attribute::Writable | Attribute::Configurable;
define_native_function(vm.names.abs, abs, 1, attr);
define_native_function(vm.names.random, random, 0, attr);
define_native_function(vm.names.sqrt, sqrt, 1, attr);
define_native_function(vm.names.floor, floor, 1, attr);
define_native_function(vm.names.ceil, ceil, 1, attr);
define_native_function(vm.names.round, round, 1, attr);
define_native_function(vm.names.max, max, 2, attr);
Reported by FlawFinder.
Line: 28
Column: 37
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
Object::initialize(global_object);
u8 attr = Attribute::Writable | Attribute::Configurable;
define_native_function(vm.names.abs, abs, 1, attr);
define_native_function(vm.names.random, random, 0, attr);
define_native_function(vm.names.sqrt, sqrt, 1, attr);
define_native_function(vm.names.floor, floor, 1, attr);
define_native_function(vm.names.ceil, ceil, 1, attr);
define_native_function(vm.names.round, round, 1, attr);
define_native_function(vm.names.max, max, 2, attr);
Reported by FlawFinder.
Line: 97
Column: 39
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
// 21.3.2.27 Math.random ( ), https://tc39.es/ecma262/#sec-math.random
JS_DEFINE_NATIVE_FUNCTION(MathObject::random)
{
#ifdef __serenity__
double r = (double)get_random<u32>() / (double)UINT32_MAX;
#else
double r = (double)rand() / (double)RAND_MAX;
Reported by FlawFinder.
Kernel/FileSystem/Plan9FileSystem.cpp
4 issues
Line: 950
Column: 23
CWE codes:
362
Suggestion:
Use fchmod( ) instead
return ENOTIMPL;
}
KResult Plan9FSInode::chmod(mode_t)
{
// TODO
return ENOTIMPL;
}
Reported by FlawFinder.
Line: 956
Column: 23
CWE codes:
362
Suggestion:
Use fchown( ) instead
return ENOTIMPL;
}
KResult Plan9FSInode::chown(uid_t, gid_t)
{
// TODO
return ENOTIMPL;
}
Reported by FlawFinder.
Line: 569
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (!buffer)
return ENOMEM;
// Copy the already read header into the buffer.
memcpy(buffer->data(), &header, sizeof(header));
result = do_read(buffer->data() + sizeof(header), header.size - sizeof(header));
if (result.is_error())
return result;
MutexLocker locker(m_lock);
Reported by FlawFinder.
Line: 541
Column: 43
CWE codes:
120
20
return EINTR;
}
auto data_buffer = UserOrKernelBuffer::for_kernel_buffer(data);
auto nread_or_error = description.read(data_buffer, size);
if (nread_or_error.is_error())
return nread_or_error.error();
auto nread = nread_or_error.value();
if (nread == 0)
return EIO;
Reported by FlawFinder.
Userland/DevTools/HackStudio/HackStudioWidget.cpp
4 issues
Line: 854
Column: 20
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
auto selections = m_project_tree_view->selection().indices();
auto it = selections.find_if([&](auto selected_file) {
return access(m_project->model().full_path(selected_file.parent()).characters(), W_OK) == 0;
});
bool has_permissions = it != selections.end();
m_delete_action->set_enabled(!m_project_tree_view->selection().is_empty() && has_permissions);
};
Reported by FlawFinder.
Line: 374
Column: 20
CWE codes:
362
filepath = String::formatted("{}{}", filepath, filename);
auto file = Core::File::construct(filepath);
if (!file->open((Core::OpenMode)(Core::OpenMode::WriteOnly | Core::OpenMode::MustBeNew))) {
GUI::MessageBox::show(window(), String::formatted("Failed to create '{}'", filepath), "Error", GUI::MessageBox::Type::Error);
return;
}
open_file(filepath);
});
Reported by FlawFinder.
Line: 429
Column: 32
CWE codes:
362
auto show_in_file_manager_action = GUI::Action::create("Show in File Manager", [this](const GUI::Action&) {
auto files = selected_file_paths();
for (auto& file : files)
Desktop::Launcher::open(URL::create_with_file_protocol(m_project->root_path(), file));
});
show_in_file_manager_action->set_enabled(true);
show_in_file_manager_action->set_icon(GUI::Icon::default_icon("app-file-manager").bitmap_for_size(16));
return show_in_file_manager_action;
Reported by FlawFinder.
Line: 1036
Column: 20
CWE codes:
362
hide_action_tabs();
});
auto open_locator_action = GUI::Action::create("Open &Locator", { Mod_Ctrl, Key_K }, [this](auto&) {
m_locator->open();
});
auto& view_menu = window.add_menu("&View");
view_menu.add_action(hide_action_tabs_action);
view_menu.add_action(open_locator_action);
Reported by FlawFinder.
Userland/Libraries/LibDesktop/Launcher.cpp
4 issues
Line: 40
class LaunchServerConnection final
: public IPC::ServerConnection<LaunchClientEndpoint, LaunchServerEndpoint>
, public LaunchClientEndpoint {
C_OBJECT(LaunchServerConnection)
private:
LaunchServerConnection()
: IPC::ServerConnection<LaunchClientEndpoint, LaunchServerEndpoint>(*this, "/tmp/portal/launch")
{
}
Reported by Cppcheck.
Line: 94
Column: 16
CWE codes:
362
return true;
}
bool Launcher::open(const URL& url, const String& handler_name)
{
return connection().open_url(url, handler_name);
}
bool Launcher::open(const URL& url, const Details& details)
Reported by FlawFinder.
Line: 99
Column: 16
CWE codes:
362
return connection().open_url(url, handler_name);
}
bool Launcher::open(const URL& url, const Details& details)
{
VERIFY(details.launcher_type != LauncherType::Application); // Launcher should not be used to execute arbitrary applications
return open(url, details.executable);
}
Reported by FlawFinder.
Line: 102
Column: 12
CWE codes:
362
bool Launcher::open(const URL& url, const Details& details)
{
VERIFY(details.launcher_type != LauncherType::Application); // Launcher should not be used to execute arbitrary applications
return open(url, details.executable);
}
Vector<String> Launcher::get_handlers_for_url(const URL& url)
{
return connection().get_handlers_for_url(url.to_string());
Reported by FlawFinder.
Userland/DevTools/IPCCompiler/main.cpp
4 issues
Line: 88
Column: 16
CWE codes:
362
}
auto file = Core::File::construct(argv[1]);
if (!file->open(Core::OpenMode::ReadOnly)) {
warnln("Error: Cannot open {}: {}", argv[1], file->error_string());
return 1;
}
auto file_contents = file->read_all();
Reported by FlawFinder.
Line: 667
Column: 34
CWE codes:
120
20
)~~~");
if constexpr (GENERATE_DEBUG) {
endpoint_generator.append(R"~~~(
dbgln("Failed to read message endpoint magic");
)~~~");
}
endpoint_generator.append(R"~~~(
return {};
}
Reported by FlawFinder.
Line: 691
Column: 34
CWE codes:
120
20
)~~~");
if constexpr (GENERATE_DEBUG) {
endpoint_generator.append(R"~~~(
dbgln("Failed to read message ID");
)~~~");
}
endpoint_generator.append(R"~~~(
return {};
}
Reported by FlawFinder.
Line: 737
Column: 34
CWE codes:
120
20
)~~~");
if constexpr (GENERATE_DEBUG) {
endpoint_generator.append(R"~~~(
dbgln("Failed to read the message");
)~~~");
}
endpoint_generator.append(R"~~~(
return {};
}
Reported by FlawFinder.