The following issues were found
Kernel/MiniStdLib.cpp
3 issues
Line: 11
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
extern "C" {
void* memcpy(void* dest_ptr, const void* src_ptr, size_t n)
{
size_t dest = (size_t)dest_ptr;
size_t src = (size_t)src_ptr;
// FIXME: Support starting at an unaligned address.
if (!(dest & 0x3) && !(src & 0x3) && n >= 12) {
Reported by FlawFinder.
Line: 44
Column: 16
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void* memmove(void* dest, const void* src, size_t n)
{
if (dest < src)
return memcpy(dest, src, n);
u8* pd = (u8*)dest;
const u8* ps = (const u8*)src;
for (pd += n, ps += n; n--;)
*--pd = *--ps;
Reported by FlawFinder.
Line: 85
Column: 8
CWE codes:
126
return dest_ptr;
}
size_t strlen(const char* str)
{
size_t len = 0;
while (*(str++))
++len;
return len;
Reported by FlawFinder.
Userland/Applications/Help/ManualSectionNode.cpp
3 issues
Line: 41
Column: 39
CWE codes:
362
m_children.append(make<ManualPageNode>(*this, move(page_name)));
}
void ManualSectionNode::set_open(bool open)
{
if (m_open == open)
return;
m_open = open;
}
Reported by FlawFinder.
Line: 43
Column: 19
CWE codes:
362
void ManualSectionNode::set_open(bool open)
{
if (m_open == open)
return;
m_open = open;
}
Reported by FlawFinder.
Line: 45
Column: 14
CWE codes:
362
{
if (m_open == open)
return;
m_open = open;
}
Reported by FlawFinder.
Userland/Applications/Help/main.cpp
3 issues
Line: 181
Column: 72
CWE codes:
362
open_page(path);
};
tree_view.on_toggle = [&](const GUI::ModelIndex& index, const bool open) {
model->update_section_node_on_toggle(index, open);
};
auto open_external = [&](auto& url) {
if (!Desktop::Launcher::open(url)) {
Reported by FlawFinder.
Line: 182
Column: 53
CWE codes:
362
};
tree_view.on_toggle = [&](const GUI::ModelIndex& index, const bool open) {
model->update_section_node_on_toggle(index, open);
};
auto open_external = [&](auto& url) {
if (!Desktop::Launcher::open(url)) {
GUI::MessageBox::show(window,
Reported by FlawFinder.
Line: 186
Column: 33
CWE codes:
362
};
auto open_external = [&](auto& url) {
if (!Desktop::Launcher::open(url)) {
GUI::MessageBox::show(window,
String::formatted("The link to '{}' could not be opened.", url),
"Failed to open link",
GUI::MessageBox::Type::Error);
}
Reported by FlawFinder.
Userland/Libraries/LibCrypt/crypt.cpp
3 issues
Line: 18
Column: 7
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
static struct crypt_data crypt_data;
char* crypt(const char* key, const char* salt)
{
crypt_data.initialized = true;
return crypt_r(key, salt, &crypt_data);
}
Reported by FlawFinder.
Line: 21
Column: 12
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
char* crypt(const char* key, const char* salt)
{
crypt_data.initialized = true;
return crypt_r(key, salt, &crypt_data);
}
static constexpr size_t crypt_salt_max = 16;
static constexpr size_t sha_string_length = 44;
Reported by FlawFinder.
Line: 27
Column: 7
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
static constexpr size_t crypt_salt_max = 16;
static constexpr size_t sha_string_length = 44;
char* crypt_r(const char* key, const char* salt, struct crypt_data* data)
{
if (!data->initialized) {
errno = EINVAL;
return nullptr;
}
Reported by FlawFinder.
Userland/Libraries/LibCrypt/crypt.h
3 issues
Line: 25
Column: 7
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
char result[65];
};
char* crypt(const char* key, const char* salt);
char* crypt_r(const char* key, const char* salt, struct crypt_data* data);
__END_DECLS
Reported by FlawFinder.
Line: 26
Column: 7
CWE codes:
327
Suggestion:
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt
};
char* crypt(const char* key, const char* salt);
char* crypt_r(const char* key, const char* salt, struct crypt_data* data);
__END_DECLS
Reported by FlawFinder.
Line: 22
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct crypt_data {
int initialized;
char result[65];
};
char* crypt(const char* key, const char* salt);
char* crypt_r(const char* key, const char* salt, struct crypt_data* data);
Reported by FlawFinder.
Kernel/Arch/x86/common/Processor.cpp
3 issues
Line: 374
Column: 26
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
CPUID hypervisor_leaf_range(0x40000000);
// Get signature of hypervisor.
alignas(sizeof(u32)) char hypervisor_signature_buffer[13];
*reinterpret_cast<u32*>(hypervisor_signature_buffer) = hypervisor_leaf_range.ebx();
*reinterpret_cast<u32*>(hypervisor_signature_buffer + 4) = hypervisor_leaf_range.ecx();
*reinterpret_cast<u32*>(hypervisor_signature_buffer + 8) = hypervisor_leaf_range.edx();
hypervisor_signature_buffer[12] = '\0';
StringView hypervisor_signature(hypervisor_signature_buffer);
Reported by FlawFinder.
Line: 395
Column: 26
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
CPUID hypervisor_interface(0x40000001);
// Get signature of hypervisor interface.
alignas(sizeof(u32)) char interface_signature_buffer[5];
*reinterpret_cast<u32*>(interface_signature_buffer) = hypervisor_interface.eax();
interface_signature_buffer[4] = '\0';
StringView hyperv_interface_signature(interface_signature_buffer);
dmesgln("CPU[{}]: Hyper-V interface signature '{}' ({:#x})", id(), hyperv_interface_signature, hypervisor_interface.eax());
Reported by FlawFinder.
Line: 292
Column: 33
CWE codes:
126
else
builder.append(' ');
auto str = feature_to_str(static_cast<CPUFeature>(flag));
builder.append(str, strlen(str));
}
}
return builder.build();
}
Reported by FlawFinder.
Userland/Libraries/LibCore/IODevice.h
3 issues
Line: 88
Column: 18
CWE codes:
362
bool seek(i64, SeekMode = SeekMode::SetPosition, off_t* = nullptr);
virtual bool open(OpenMode) = 0;
virtual bool close();
LineIterator line_begin() & { return LineIterator(*this); }
LineIterator line_end() { return LineIterator(*this, true); }
Reported by FlawFinder.
Line: 71
Column: 9
CWE codes:
120
20
bool has_error() const { return m_error != 0; }
int read(u8* buffer, int length);
ByteBuffer read(size_t max_size);
ByteBuffer read_all();
String read_line(size_t max_size = 16384);
Reported by FlawFinder.
Line: 73
Column: 16
CWE codes:
120
20
int read(u8* buffer, int length);
ByteBuffer read(size_t max_size);
ByteBuffer read_all();
String read_line(size_t max_size = 16384);
bool write(const u8*, int size);
bool write(const StringView&);
Reported by FlawFinder.
Userland/Libraries/LibCore/File.h
3 issues
Line: 22
Column: 49
CWE codes:
362
public:
virtual ~File() override;
static Result<NonnullRefPtr<File>, OSError> open(String filename, OpenMode, mode_t = 0644);
String filename() const { return m_filename; }
void set_filename(const String filename) { m_filename = move(filename); }
bool is_directory() const;
Reported by FlawFinder.
Line: 80
Column: 18
CWE codes:
362
};
static Result<void, RemoveError> remove(String const& path, RecursionMode, bool force);
virtual bool open(OpenMode) override;
enum class ShouldCloseFileDescriptor {
No = 0,
Yes
};
Reported by FlawFinder.
Line: 86
Column: 10
CWE codes:
362
No = 0,
Yes
};
bool open(int fd, OpenMode, ShouldCloseFileDescriptor);
[[nodiscard]] int leak_fd();
static NonnullRefPtr<File> standard_input();
static NonnullRefPtr<File> standard_output();
static NonnullRefPtr<File> standard_error();
Reported by FlawFinder.
AK/MemoryStream.h
3 issues
Line: 27
Column: 12
CWE codes:
120
20
bool unreliable_eof() const override { return eof(); }
bool eof() const { return m_offset >= m_bytes.size(); }
size_t read(Bytes bytes) override
{
if (has_any_error())
return 0;
const auto count = min(bytes.size(), remaining());
Reported by FlawFinder.
Line: 217
Column: 16
CWE codes:
120
20
return false;
}
return read(bytes) == bytes.size();
}
size_t write(ReadonlyBytes bytes) override
{
// FIXME: This doesn't write around chunk borders correctly?
Reported by FlawFinder.
Userland/Libraries/LibCoreDump/Reader.cpp
3 issues
Line: 81
Column: 89
CWE codes:
126
switch (type()) {
case ELF::Core::NotesEntryHeader::Type::ProcessInfo: {
const auto* current = reinterpret_cast<const ELF::Core::ProcessInfo*>(m_current);
m_current = reinterpret_cast<const ELF::Core::NotesEntry*>(current->json_data + strlen(current->json_data) + 1);
break;
}
case ELF::Core::NotesEntryHeader::Type::ThreadInfo: {
const auto* current = reinterpret_cast<const ELF::Core::ThreadInfo*>(m_current);
m_current = reinterpret_cast<const ELF::Core::NotesEntry*>(current + 1);
Reported by FlawFinder.
Line: 91
Column: 91
CWE codes:
126
}
case ELF::Core::NotesEntryHeader::Type::MemoryRegionInfo: {
const auto* current = reinterpret_cast<const ELF::Core::MemoryRegionInfo*>(m_current);
m_current = reinterpret_cast<const ELF::Core::NotesEntry*>(current->region_name + strlen(current->region_name) + 1);
break;
}
case ELF::Core::NotesEntryHeader::Type::Metadata: {
const auto* current = reinterpret_cast<const ELF::Core::Metadata*>(m_current);
m_current = reinterpret_cast<const ELF::Core::NotesEntry*>(current->json_data + strlen(current->json_data) + 1);
Reported by FlawFinder.
Line: 96
Column: 89
CWE codes:
126
}
case ELF::Core::NotesEntryHeader::Type::Metadata: {
const auto* current = reinterpret_cast<const ELF::Core::Metadata*>(m_current);
m_current = reinterpret_cast<const ELF::Core::NotesEntry*>(current->json_data + strlen(current->json_data) + 1);
break;
}
default:
VERIFY_NOT_REACHED();
}
Reported by FlawFinder.