The following issues were found
Userland/Applications/Spreadsheet/ConditionalFormatting.h
18 issues
Line: 26
};
class ConditionView : public GUI::Widget {
C_OBJECT(ConditionView)
public:
virtual ~ConditionView() override;
private:
ConditionView(ConditionalFormat&);
Reported by Cppcheck.
Line: 26
};
class ConditionView : public GUI::Widget {
C_OBJECT(ConditionView)
public:
virtual ~ConditionView() override;
private:
ConditionView(ConditionalFormat&);
Reported by Cppcheck.
Line: 26
};
class ConditionView : public GUI::Widget {
C_OBJECT(ConditionView)
public:
virtual ~ConditionView() override;
private:
ConditionView(ConditionalFormat&);
Reported by Cppcheck.
Line: 26
};
class ConditionView : public GUI::Widget {
C_OBJECT(ConditionView)
public:
virtual ~ConditionView() override;
private:
ConditionView(ConditionalFormat&);
Reported by Cppcheck.
Line: 26
};
class ConditionView : public GUI::Widget {
C_OBJECT(ConditionView)
public:
virtual ~ConditionView() override;
private:
ConditionView(ConditionalFormat&);
Reported by Cppcheck.
Line: 26
};
class ConditionView : public GUI::Widget {
C_OBJECT(ConditionView)
public:
virtual ~ConditionView() override;
private:
ConditionView(ConditionalFormat&);
Reported by Cppcheck.
Line: 26
};
class ConditionView : public GUI::Widget {
C_OBJECT(ConditionView)
public:
virtual ~ConditionView() override;
private:
ConditionView(ConditionalFormat&);
Reported by Cppcheck.
Line: 26
};
class ConditionView : public GUI::Widget {
C_OBJECT(ConditionView)
public:
virtual ~ConditionView() override;
private:
ConditionView(ConditionalFormat&);
Reported by Cppcheck.
Line: 26
};
class ConditionView : public GUI::Widget {
C_OBJECT(ConditionView)
public:
virtual ~ConditionView() override;
private:
ConditionView(ConditionalFormat&);
Reported by Cppcheck.
Line: 26
};
class ConditionView : public GUI::Widget {
C_OBJECT(ConditionView)
public:
virtual ~ConditionView() override;
private:
ConditionView(ConditionalFormat&);
Reported by Cppcheck.
Userland/Libraries/LibGUI/TreeView.cpp
18 issues
Line: 20
Column: 10
CWE codes:
362
namespace GUI {
struct TreeView::MetadataForIndex {
bool open { false };
};
TreeView::MetadataForIndex& TreeView::ensure_metadata_for_index(const ModelIndex& index) const
{
VERIFY(index.is_valid());
Reported by FlawFinder.
Line: 92
Column: 78
CWE codes:
362
}
}
void TreeView::set_open_state_of_all_in_subtree(const ModelIndex& root, bool open)
{
if (root.is_valid()) {
ensure_metadata_for_index(root).open = open;
if (model()->row_count(root)) {
if (on_toggle)
Reported by FlawFinder.
Line: 95
Column: 48
CWE codes:
362
void TreeView::set_open_state_of_all_in_subtree(const ModelIndex& root, bool open)
{
if (root.is_valid()) {
ensure_metadata_for_index(root).open = open;
if (model()->row_count(root)) {
if (on_toggle)
on_toggle(root, open);
}
}
Reported by FlawFinder.
Line: 98
Column: 33
CWE codes:
362
ensure_metadata_for_index(root).open = open;
if (model()->row_count(root)) {
if (on_toggle)
on_toggle(root, open);
}
}
int row_count = model()->row_count(root);
int column = model()->tree_column();
for (int row = 0; row < row_count; ++row) {
Reported by FlawFinder.
Line: 105
Column: 49
CWE codes:
362
int column = model()->tree_column();
for (int row = 0; row < row_count; ++row) {
auto index = model()->index(row, column, root);
set_open_state_of_all_in_subtree(index, open);
}
}
void TreeView::expand_all_parents_of(const ModelIndex& index)
{
Reported by FlawFinder.
Line: 150
Column: 31
CWE codes:
362
{
VERIFY(model()->row_count(index));
auto& metadata = ensure_metadata_for_index(index);
metadata.open = !metadata.open;
if (!metadata.open && index.is_parent_of(cursor_index()))
set_cursor(index, SelectionUpdate::Set);
if (on_toggle)
Reported by FlawFinder.
Line: 152
Column: 19
CWE codes:
362
auto& metadata = ensure_metadata_for_index(index);
metadata.open = !metadata.open;
if (!metadata.open && index.is_parent_of(cursor_index()))
set_cursor(index, SelectionUpdate::Set);
if (on_toggle)
on_toggle(index, metadata.open);
update_column_sizes();
Reported by FlawFinder.
Line: 156
Column: 35
CWE codes:
362
set_cursor(index, SelectionUpdate::Set);
if (on_toggle)
on_toggle(index, metadata.open);
update_column_sizes();
update_content_size();
update();
}
Reported by FlawFinder.
Line: 192
Column: 27
CWE codes:
362
return IterationDecision::Break;
y_offset += row_height();
// NOTE: Skip traversing children if this index is closed!
if (!metadata.open)
return IterationDecision::Continue;
}
if (indent_level > 0 && !index.is_valid())
return IterationDecision::Continue;
Reported by FlawFinder.
Line: 363
Column: 34
CWE codes:
362
if (!toggle_rect.is_empty()) {
auto& metadata = ensure_metadata_for_index(index);
if (metadata.open)
painter.blit(toggle_rect.location(), *m_collapse_bitmap, m_collapse_bitmap->rect());
else
painter.blit(toggle_rect.location(), *m_expand_bitmap, m_expand_bitmap->rect());
}
Reported by FlawFinder.
Kernel/Memory/Region.h
16 issues
Line: 52
Column: 182
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
Yes,
};
static KResultOr<NonnullOwnPtr<Region>> try_create_user_accessible(VirtualRange const&, NonnullRefPtr<VMObject>, size_t offset_in_vmobject, OwnPtr<KString> name, Region::Access access, Cacheable, bool shared);
static KResultOr<NonnullOwnPtr<Region>> try_create_kernel_only(VirtualRange const&, NonnullRefPtr<VMObject>, size_t offset_in_vmobject, OwnPtr<KString> name, Region::Access access, Cacheable = Cacheable::Yes);
~Region();
VirtualRange const& range() const { return m_range; }
Reported by FlawFinder.
Line: 53
Column: 178
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
};
static KResultOr<NonnullOwnPtr<Region>> try_create_user_accessible(VirtualRange const&, NonnullRefPtr<VMObject>, size_t offset_in_vmobject, OwnPtr<KString> name, Region::Access access, Cacheable, bool shared);
static KResultOr<NonnullOwnPtr<Region>> try_create_kernel_only(VirtualRange const&, NonnullRefPtr<VMObject>, size_t offset_in_vmobject, OwnPtr<KString> name, Region::Access access, Cacheable = Cacheable::Yes);
~Region();
VirtualRange const& range() const { return m_range; }
VirtualAddress vaddr() const { return m_range.base(); }
Reported by FlawFinder.
Line: 71
Column: 20
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
bool is_cacheable() const { return m_cacheable; }
StringView name() const { return m_name ? m_name->view() : StringView {}; }
OwnPtr<KString> take_name() { return move(m_name); }
Region::Access access() const { return static_cast<Region::Access>(m_access); }
void set_name(OwnPtr<KString> name) { m_name = move(name); }
VMObject const& vmobject() const { return *m_vmobject; }
VMObject& vmobject() { return *m_vmobject; }
Reported by FlawFinder.
Line: 186
Column: 117
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
void set_syscall_region(bool b) { m_syscall_region = b; }
private:
Region(VirtualRange const&, NonnullRefPtr<VMObject>, size_t offset_in_vmobject, OwnPtr<KString>, Region::Access access, Cacheable, bool shared);
bool remap_vmobject_page(size_t page_index, bool with_flush = true);
bool do_remap_vmobject_page(size_t page_index, bool with_flush = true);
void set_access_bit(Access access, bool b)
Reported by FlawFinder.
Line: 191
Column: 32
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
bool remap_vmobject_page(size_t page_index, bool with_flush = true);
bool do_remap_vmobject_page(size_t page_index, bool with_flush = true);
void set_access_bit(Access access, bool b)
{
if (b)
m_access |= access | (access << 4);
else
m_access &= ~access;
Reported by FlawFinder.
Line: 194
Column: 35
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
void set_access_bit(Access access, bool b)
{
if (b)
m_access |= access | (access << 4);
else
m_access &= ~access;
}
PageFaultResponse handle_cow_fault(size_t page_index);
Reported by FlawFinder.
Line: 194
Column: 25
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
void set_access_bit(Access access, bool b)
{
if (b)
m_access |= access | (access << 4);
else
m_access &= ~access;
}
PageFaultResponse handle_cow_fault(size_t page_index);
Reported by FlawFinder.
Line: 196
Column: 26
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (b)
m_access |= access | (access << 4);
else
m_access &= ~access;
}
PageFaultResponse handle_cow_fault(size_t page_index);
PageFaultResponse handle_inode_fault(size_t page_index);
PageFaultResponse handle_zero_fault(size_t page_index);
Reported by FlawFinder.
Line: 230
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
Region::Access access = Region::Access::None;
if (prot & PROT_READ)
access |= Region::Access::Read;
if (prot & PROT_WRITE)
access |= Region::Access::Write;
if (prot & PROT_EXEC)
access |= Region::Access::Execute;
return access;
Reported by FlawFinder.
Line: 232
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (prot & PROT_READ)
access |= Region::Access::Read;
if (prot & PROT_WRITE)
access |= Region::Access::Write;
if (prot & PROT_EXEC)
access |= Region::Access::Execute;
return access;
}
Reported by FlawFinder.
Userland/Applications/FileManager/main.cpp
16 issues
Line: 210
Column: 18
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
}
if (!unzip_pid) {
int rc = execlp("/bin/unzip", "/bin/unzip", "-d", output_directory_path.characters(), archive_file_path.characters(), nullptr);
if (rc < 0) {
perror("execlp");
_exit(1);
}
} else {
Reported by FlawFinder.
Line: 230
Column: 70
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (selected.is_empty()) {
properties = window->add<PropertiesWindow>(path, true);
} else {
properties = window->add<PropertiesWindow>(selected.first(), access(container_dir_path.characters(), W_OK) != 0);
}
properties->on_close = [properties = properties.ptr()] {
properties->remove_from_parent();
};
properties->center_on_screen();
Reported by FlawFinder.
Line: 349
Column: 87
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
do_paste(directory_view.path(), directory_view.window());
},
window);
paste_action->set_enabled(GUI::Clipboard::the().mime_type() == "text/uri-list" && access(directory_view.path().characters(), W_OK) == 0);
GUI::Clipboard::the().on_change = [&](String const& data_type) {
paste_action->set_enabled(data_type == "text/uri-list" && access(directory_view.path().characters(), W_OK) == 0);
};
Reported by FlawFinder.
Line: 352
Column: 67
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
paste_action->set_enabled(GUI::Clipboard::the().mime_type() == "text/uri-list" && access(directory_view.path().characters(), W_OK) == 0);
GUI::Clipboard::the().on_change = [&](String const& data_type) {
paste_action->set_enabled(data_type == "text/uri-list" && access(directory_view.path().characters(), W_OK) == 0);
};
auto desktop_view_context_menu = GUI::Menu::construct("Directory View");
auto file_manager_action = GUI::Action::create("Show in File &Manager", {}, Gfx::Bitmap::try_load_from_file("/res/icons/16x16/app-file-manager.png"), [&](GUI::Action const&) {
Reported by FlawFinder.
Line: 816
Column: 67
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
GUI::Clipboard::the().on_change = [&](String const& data_type) {
auto current_location = directory_view.path();
paste_action->set_enabled(data_type == "text/uri-list" && access(current_location.characters(), W_OK) == 0);
};
auto tree_view_delete_action = GUI::CommonActions::make_delete_action(
[&](auto&) {
delete_paths(tree_view_selected_file_paths(), true, window);
Reported by FlawFinder.
Line: 1085
Column: 43
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
auto& node = directory_view.node(index);
if (node.is_directory()) {
auto should_get_enabled = access(node.full_path().characters(), W_OK) == 0 && GUI::Clipboard::the().mime_type() == "text/uri-list";
folder_specific_paste_action->set_enabled(should_get_enabled);
directory_context_menu->popup(event.screen_position());
} else {
file_context_menu = GUI::Menu::construct("Directory View File");
file_context_menu->add_action(cut_action);
Reported by FlawFinder.
Line: 1202
Column: 87
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
directory_view.open(initial_location);
directory_view.set_focus(true);
paste_action->set_enabled(GUI::Clipboard::the().mime_type() == "text/uri-list" && access(initial_location.characters(), W_OK) == 0);
window->set_rect({ left, top, width, height });
if (was_maximized)
window->set_maximized(true);
Reported by FlawFinder.
Line: 358
Column: 28
CWE codes:
362
auto desktop_view_context_menu = GUI::Menu::construct("Directory View");
auto file_manager_action = GUI::Action::create("Show in File &Manager", {}, Gfx::Bitmap::try_load_from_file("/res/icons/16x16/app-file-manager.png"), [&](GUI::Action const&) {
Desktop::Launcher::open(URL::create_with_file_protocol(directory_view.path()));
});
auto display_properties_action = GUI::Action::create("&Display Settings", {}, Gfx::Bitmap::try_load_from_file("/res/icons/16x16/app-display-settings.png"), [&](GUI::Action const&) {
Desktop::Launcher::open(URL::create_with_file_protocol("/bin/DisplaySettings"));
});
Reported by FlawFinder.
Line: 362
Column: 28
CWE codes:
362
});
auto display_properties_action = GUI::Action::create("&Display Settings", {}, Gfx::Bitmap::try_load_from_file("/res/icons/16x16/app-display-settings.png"), [&](GUI::Action const&) {
Desktop::Launcher::open(URL::create_with_file_protocol("/bin/DisplaySettings"));
});
desktop_view_context_menu->add_action(directory_view.mkdir_action());
desktop_view_context_menu->add_action(directory_view.touch_action());
desktop_view_context_menu->add_action(paste_action);
Reported by FlawFinder.
Line: 499
Column: 24
CWE codes:
362
progressbar.set_frame_thickness(1);
location_textbox.on_return_pressed = [&] {
directory_view.open(location_textbox.text());
};
auto refresh_tree_view = [&] {
directories_model->invalidate();
Reported by FlawFinder.
Kernel/KBuffer.h
16 issues
Line: 30
Column: 89
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
class KBufferImpl : public RefCounted<KBufferImpl> {
public:
static RefPtr<KBufferImpl> try_create_with_size(size_t size, Memory::Region::Access access, StringView name = "KBuffer", AllocationStrategy strategy = AllocationStrategy::Reserve)
{
auto region = MM.allocate_kernel_region(Memory::page_round_up(size), name, access, strategy);
if (!region)
return nullptr;
return adopt_ref_if_nonnull(new (nothrow) KBufferImpl(region.release_nonnull(), size, strategy));
Reported by FlawFinder.
Line: 32
Column: 84
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
public:
static RefPtr<KBufferImpl> try_create_with_size(size_t size, Memory::Region::Access access, StringView name = "KBuffer", AllocationStrategy strategy = AllocationStrategy::Reserve)
{
auto region = MM.allocate_kernel_region(Memory::page_round_up(size), name, access, strategy);
if (!region)
return nullptr;
return adopt_ref_if_nonnull(new (nothrow) KBufferImpl(region.release_nonnull(), size, strategy));
}
Reported by FlawFinder.
Line: 38
Column: 98
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return adopt_ref_if_nonnull(new (nothrow) KBufferImpl(region.release_nonnull(), size, strategy));
}
static RefPtr<KBufferImpl> try_create_with_bytes(ReadonlyBytes bytes, Memory::Region::Access access, StringView name = "KBuffer", AllocationStrategy strategy = AllocationStrategy::Reserve)
{
auto region = MM.allocate_kernel_region(Memory::page_round_up(bytes.size()), name, access, strategy);
if (!region)
return nullptr;
memcpy(region->vaddr().as_ptr(), bytes.data(), bytes.size());
Reported by FlawFinder.
Line: 40
Column: 92
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static RefPtr<KBufferImpl> try_create_with_bytes(ReadonlyBytes bytes, Memory::Region::Access access, StringView name = "KBuffer", AllocationStrategy strategy = AllocationStrategy::Reserve)
{
auto region = MM.allocate_kernel_region(Memory::page_round_up(bytes.size()), name, access, strategy);
if (!region)
return nullptr;
memcpy(region->vaddr().as_ptr(), bytes.data(), bytes.size());
return adopt_ref_if_nonnull(new (nothrow) KBufferImpl(region.release_nonnull(), bytes.size(), strategy));
Reported by FlawFinder.
Line: 48
Column: 85
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return adopt_ref_if_nonnull(new (nothrow) KBufferImpl(region.release_nonnull(), bytes.size(), strategy));
}
static RefPtr<KBufferImpl> create_with_size(size_t size, Memory::Region::Access access, StringView name, AllocationStrategy strategy = AllocationStrategy::Reserve)
{
return try_create_with_size(size, access, name, strategy);
}
static RefPtr<KBufferImpl> copy(const void* data, size_t size, Memory::Region::Access access, StringView name)
Reported by FlawFinder.
Line: 50
Column: 43
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static RefPtr<KBufferImpl> create_with_size(size_t size, Memory::Region::Access access, StringView name, AllocationStrategy strategy = AllocationStrategy::Reserve)
{
return try_create_with_size(size, access, name, strategy);
}
static RefPtr<KBufferImpl> copy(const void* data, size_t size, Memory::Region::Access access, StringView name)
{
auto buffer = create_with_size(size, access, name, AllocationStrategy::AllocateNow);
Reported by FlawFinder.
Line: 53
Column: 91
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return try_create_with_size(size, access, name, strategy);
}
static RefPtr<KBufferImpl> copy(const void* data, size_t size, Memory::Region::Access access, StringView name)
{
auto buffer = create_with_size(size, access, name, AllocationStrategy::AllocateNow);
if (!buffer)
return {};
memcpy(buffer->data(), data, size);
Reported by FlawFinder.
Line: 55
Column: 46
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static RefPtr<KBufferImpl> copy(const void* data, size_t size, Memory::Region::Access access, StringView name)
{
auto buffer = create_with_size(size, access, name, AllocationStrategy::AllocateNow);
if (!buffer)
return {};
memcpy(buffer->data(), data, size);
return buffer;
}
Reported by FlawFinder.
Line: 64
Column: 118
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
[[nodiscard]] bool expand(size_t new_capacity)
{
auto new_region = MM.allocate_kernel_region(Memory::page_round_up(new_capacity), m_region->name(), m_region->access(), m_allocation_strategy);
if (!new_region)
return false;
if (m_size > 0)
memcpy(new_region->vaddr().as_ptr(), data(), min(m_region->size(), m_size));
m_region = new_region.release_nonnull();
Reported by FlawFinder.
Line: 109
Column: 61
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
[[nodiscard]] static OwnPtr<KBuffer> try_create_with_size(size_t size, Memory::Region::Access access = Memory::Region::Access::ReadWrite, StringView name = "KBuffer", AllocationStrategy strategy = AllocationStrategy::Reserve)
{
auto impl = KBufferImpl::try_create_with_size(size, access, name, strategy);
if (!impl)
return {};
return adopt_own_if_nonnull(new (nothrow) KBuffer(impl.release_nonnull()));
}
Reported by FlawFinder.
Tests/LibELF/test-elf.cpp
15 issues
Line: 64
Column: 14
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
auto elf_path = Core::File::read_link(String::formatted("/proc/{}/fd/{}", getpid(), fd));
EXPECT(elf_path.characters());
int rc = execl(elf_path.characters(), "test-elf", nullptr);
EXPECT_EQ(rc, -1);
EXPECT_EQ(errno, 8);
EXPECT_EQ(unlink(path), 0);
}
Reported by FlawFinder.
Line: 118
Column: 14
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
auto elf_path = Core::File::read_link(String::formatted("/proc/{}/fd/{}", getpid(), fd));
EXPECT(elf_path.characters());
int rc = execl(elf_path.characters(), "test-elf", nullptr);
EXPECT_EQ(rc, -1);
EXPECT_EQ(errno, 8);
EXPECT_EQ(unlink(path), 0);
}
Reported by FlawFinder.
Line: 176
Column: 14
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
auto elf_path = Core::File::read_link(String::formatted("/proc/{}/fd/{}", getpid(), fd));
EXPECT(elf_path.characters());
int rc = execl(elf_path.characters(), "test-elf", nullptr);
EXPECT_EQ(rc, -1);
EXPECT_EQ(errno, 8);
EXPECT_EQ(unlink(path), 0);
}
Reported by FlawFinder.
Line: 231
Column: 14
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
auto elf_path = Core::File::read_link(String::formatted("/proc/{}/fd/{}", getpid(), fd));
EXPECT(elf_path.characters());
int rc = execl(elf_path.characters(), "test-elf", nullptr);
EXPECT_EQ(rc, -1);
EXPECT_EQ(errno, 8);
EXPECT_EQ(unlink(path), 0);
}
Reported by FlawFinder.
Line: 286
Column: 14
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
auto elf_path = Core::File::read_link(String::formatted("/proc/{}/fd/{}", getpid(), fd));
EXPECT(elf_path.characters());
int rc = execl(elf_path.characters(), "test-elf", nullptr);
EXPECT_EQ(rc, -1);
EXPECT_EQ(errno, 8);
EXPECT_EQ(unlink(path), 0);
}
Reported by FlawFinder.
Line: 17
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TEST_CASE(test_interp_header_tiny_p_filesz)
{
char buffer[0x2000];
auto& header = *(Elf32_Ehdr*)buffer;
header.e_ident[EI_MAG0] = ELFMAG0;
header.e_ident[EI_MAG1] = ELFMAG1;
header.e_ident[EI_MAG2] = ELFMAG2;
Reported by FlawFinder.
Line: 54
Column: 15
CWE codes:
377
ph[0].p_filesz = 1;
char path[] = "/tmp/test-elf.XXXXXX";
auto fd = mkstemp(path);
EXPECT_NE(fd, -1);
EXPECT_EQ(fchmod(fd, 0700), 0);
int nwritten = write(fd, buffer, sizeof(buffer));
EXPECT(nwritten);
Reported by FlawFinder.
Line: 73
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TEST_CASE(test_interp_header_p_filesz_larger_than_p_memsz)
{
char buffer[0x2000];
auto& header = *(Elf32_Ehdr*)buffer;
header.e_ident[EI_MAG0] = ELFMAG0;
header.e_ident[EI_MAG1] = ELFMAG1;
header.e_ident[EI_MAG2] = ELFMAG2;
Reported by FlawFinder.
Line: 108
Column: 15
CWE codes:
377
ph[0].p_filesz = 0x1000;
char path[] = "/tmp/test-elf.XXXXXX";
auto fd = mkstemp(path);
EXPECT_NE(fd, -1);
EXPECT_EQ(fchmod(fd, 0700), 0);
int nwritten = write(fd, buffer, sizeof(buffer));
EXPECT(nwritten);
Reported by FlawFinder.
Line: 127
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TEST_CASE(test_interp_header_p_filesz_plus_p_offset_overflow_p_memsz)
{
char buffer[0x2000];
auto& header = *(Elf32_Ehdr*)buffer;
header.e_ident[EI_MAG0] = ELFMAG0;
header.e_ident[EI_MAG1] = ELFMAG1;
header.e_ident[EI_MAG2] = ELFMAG2;
Reported by FlawFinder.
Userland/Libraries/LibC/unistd.h
15 issues
Line: 88
Column: 9
CWE codes:
362
20
Suggestion:
Reconsider approach
int usleep(useconds_t);
int gethostname(char*, size_t);
int sethostname(const char*, ssize_t);
ssize_t readlink(const char* path, char* buffer, size_t);
char* ttyname(int fd);
int ttyname_r(int fd, char* buffer, size_t);
off_t lseek(int fd, off_t, int whence);
int link(const char* oldpath, const char* newpath);
int unlink(const char* pathname);
Reported by FlawFinder.
Line: 107
Column: 5
CWE codes:
362
Suggestion:
Use fchown( ) instead
long fpathconf(int fd, int name);
long pathconf(const char* path, int name);
char* getlogin();
int chown(const char* pathname, uid_t, gid_t);
int fchown(int fd, uid_t, gid_t);
int ftruncate(int fd, off_t length);
int truncate(const char* path, off_t length);
int halt();
int reboot();
Reported by FlawFinder.
Line: 42
Column: 5
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
int getpagesize();
pid_t fork();
pid_t vfork();
int execv(const char* path, char* const argv[]);
int execve(const char* filename, char* const argv[], char* const envp[]);
int execvpe(const char* filename, char* const argv[], char* const envp[]);
int execvp(const char* filename, char* const argv[]);
int execl(const char* filename, const char* arg, ...);
int execle(const char* filename, const char* arg, ...);
Reported by FlawFinder.
Line: 45
Column: 5
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
int execv(const char* path, char* const argv[]);
int execve(const char* filename, char* const argv[], char* const envp[]);
int execvpe(const char* filename, char* const argv[], char* const envp[]);
int execvp(const char* filename, char* const argv[]);
int execl(const char* filename, const char* arg, ...);
int execle(const char* filename, const char* arg, ...);
int execlp(const char* filename, const char* arg, ...);
void sync();
__attribute__((noreturn)) void _exit(int status);
Reported by FlawFinder.
Line: 46
Column: 5
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
int execve(const char* filename, char* const argv[], char* const envp[]);
int execvpe(const char* filename, char* const argv[], char* const envp[]);
int execvp(const char* filename, char* const argv[]);
int execl(const char* filename, const char* arg, ...);
int execle(const char* filename, const char* arg, ...);
int execlp(const char* filename, const char* arg, ...);
void sync();
__attribute__((noreturn)) void _exit(int status);
pid_t getsid(pid_t);
Reported by FlawFinder.
Line: 47
Column: 5
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
int execvpe(const char* filename, char* const argv[], char* const envp[]);
int execvp(const char* filename, char* const argv[]);
int execl(const char* filename, const char* arg, ...);
int execle(const char* filename, const char* arg, ...);
int execlp(const char* filename, const char* arg, ...);
void sync();
__attribute__((noreturn)) void _exit(int status);
pid_t getsid(pid_t);
pid_t setsid();
Reported by FlawFinder.
Line: 48
Column: 5
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
int execvp(const char* filename, char* const argv[]);
int execl(const char* filename, const char* arg, ...);
int execle(const char* filename, const char* arg, ...);
int execlp(const char* filename, const char* arg, ...);
void sync();
__attribute__((noreturn)) void _exit(int status);
pid_t getsid(pid_t);
pid_t setsid();
int setpgid(pid_t pid, pid_t pgid);
Reported by FlawFinder.
Line: 101
Column: 5
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int pipe(int pipefd[2]);
int pipe2(int pipefd[2], int flags);
unsigned int alarm(unsigned int seconds);
int access(const char* pathname, int mode);
int isatty(int fd);
int mknod(const char* pathname, mode_t, dev_t);
long fpathconf(int fd, int name);
long pathconf(const char* path, int name);
char* getlogin();
Reported by FlawFinder.
Line: 106
Column: 7
CWE codes:
807
Suggestion:
Use getpwuid(geteuid()) and extract the desired information instead
int mknod(const char* pathname, mode_t, dev_t);
long fpathconf(int fd, int name);
long pathconf(const char* path, int name);
char* getlogin();
int chown(const char* pathname, uid_t, gid_t);
int fchown(int fd, uid_t, gid_t);
int ftruncate(int fd, off_t length);
int truncate(const char* path, off_t length);
int halt();
Reported by FlawFinder.
Line: 117
Column: 7
CWE codes:
676
120
20
Suggestion:
Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space
int umount(const char* mountpoint);
int pledge(const char* promises, const char* execpromises);
int unveil(const char* path, const char* permissions);
char* getpass(const char* prompt);
int pause();
enum {
_PC_NAME_MAX,
_PC_PATH_MAX,
Reported by FlawFinder.
Userland/Libraries/LibArchive/Tar.h
15 issues
Line: 80
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void calculate_checksum();
private:
char m_filename[100];
char m_mode[8];
char m_uid[8];
char m_gid[8];
char m_size[12];
char m_timestamp[12];
Reported by FlawFinder.
Line: 81
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
private:
char m_filename[100];
char m_mode[8];
char m_uid[8];
char m_gid[8];
char m_size[12];
char m_timestamp[12];
char m_checksum[8]; // an uninitialized header's checksum is filled with spaces
Reported by FlawFinder.
Line: 82
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
private:
char m_filename[100];
char m_mode[8];
char m_uid[8];
char m_gid[8];
char m_size[12];
char m_timestamp[12];
char m_checksum[8]; // an uninitialized header's checksum is filled with spaces
char m_type_flag;
Reported by FlawFinder.
Line: 83
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char m_filename[100];
char m_mode[8];
char m_uid[8];
char m_gid[8];
char m_size[12];
char m_timestamp[12];
char m_checksum[8]; // an uninitialized header's checksum is filled with spaces
char m_type_flag;
char m_link_name[100];
Reported by FlawFinder.
Line: 84
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char m_mode[8];
char m_uid[8];
char m_gid[8];
char m_size[12];
char m_timestamp[12];
char m_checksum[8]; // an uninitialized header's checksum is filled with spaces
char m_type_flag;
char m_link_name[100];
char m_magic[6];
Reported by FlawFinder.
Line: 85
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char m_uid[8];
char m_gid[8];
char m_size[12];
char m_timestamp[12];
char m_checksum[8]; // an uninitialized header's checksum is filled with spaces
char m_type_flag;
char m_link_name[100];
char m_magic[6];
char m_version[2];
Reported by FlawFinder.
Line: 86
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char m_gid[8];
char m_size[12];
char m_timestamp[12];
char m_checksum[8]; // an uninitialized header's checksum is filled with spaces
char m_type_flag;
char m_link_name[100];
char m_magic[6];
char m_version[2];
char m_owner_name[32];
Reported by FlawFinder.
Line: 88
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char m_timestamp[12];
char m_checksum[8]; // an uninitialized header's checksum is filled with spaces
char m_type_flag;
char m_link_name[100];
char m_magic[6];
char m_version[2];
char m_owner_name[32];
char m_group_name[32];
char m_major[8];
Reported by FlawFinder.
Line: 89
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char m_checksum[8]; // an uninitialized header's checksum is filled with spaces
char m_type_flag;
char m_link_name[100];
char m_magic[6];
char m_version[2];
char m_owner_name[32];
char m_group_name[32];
char m_major[8];
char m_minor[8];
Reported by FlawFinder.
Line: 90
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char m_type_flag;
char m_link_name[100];
char m_magic[6];
char m_version[2];
char m_owner_name[32];
char m_group_name[32];
char m_major[8];
char m_minor[8];
char m_prefix[155]; // zero out the prefix for archiving
Reported by FlawFinder.
Userland/Libraries/LibC/string.cpp
15 issues
Line: 172
Column: 7
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return AK::memmem(haystack, haystack_length, needle, needle_length);
}
char* strcpy(char* dest, const char* src)
{
char* original_dest = dest;
while ((*dest++ = *src++) != '\0')
;
return original_dest;
Reported by FlawFinder.
Line: 245
Column: 7
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
return last;
}
char* strcat(char* dest, const char* src)
{
size_t dest_length = strlen(dest);
size_t i;
for (i = 0; src[i] != '\0'; i++)
dest[dest_length + i] = src[i];
Reported by FlawFinder.
Line: 68
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
size_t len = strlen(str);
char* new_str = (char*)malloc(len + 1);
memcpy(new_str, str, len);
new_str[len] = '\0';
return new_str;
}
char* strndup(const char* str, size_t maxlen)
Reported by FlawFinder.
Line: 77
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
size_t len = strnlen(str, maxlen);
char* new_str = (char*)malloc(len + 1);
memcpy(new_str, str, len);
new_str[len] = 0;
return new_str;
}
int strcmp(const char* s1, const char* s2)
Reported by FlawFinder.
Line: 114
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return 0;
}
void* memcpy(void* dest_ptr, const void* src_ptr, size_t n)
{
void* original_dest = dest_ptr;
asm volatile(
"rep movsb"
: "+D"(dest_ptr), "+S"(src_ptr), "+c"(n)::"memory");
Reported by FlawFinder.
Line: 158
Column: 16
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void* memmove(void* dest, const void* src, size_t n)
{
if (dest < src)
return memcpy(dest, src, n);
u8* pd = (u8*)dest;
const u8* ps = (const u8*)src;
for (pd += n, ps += n; n--;)
*--pd = *--ps;
Reported by FlawFinder.
Line: 48
Column: 8
CWE codes:
126
}
}
size_t strlen(const char* str)
{
size_t len = 0;
while (*(str++))
++len;
return len;
Reported by FlawFinder.
Line: 66
Column: 18
CWE codes:
126
char* strdup(const char* str)
{
size_t len = strlen(str);
char* new_str = (char*)malloc(len + 1);
memcpy(new_str, str, len);
new_str[len] = '\0';
return new_str;
}
Reported by FlawFinder.
Line: 180
Column: 7
CWE codes:
120
return original_dest;
}
char* strncpy(char* dest, const char* src, size_t n)
{
size_t i;
for (i = 0; i < n && src[i] != '\0'; ++i)
dest[i] = src[i];
for (; i < n; ++i)
Reported by FlawFinder.
Line: 247
Column: 26
CWE codes:
126
char* strcat(char* dest, const char* src)
{
size_t dest_length = strlen(dest);
size_t i;
for (i = 0; src[i] != '\0'; i++)
dest[dest_length + i] = src[i];
dest[dest_length + i] = '\0';
return dest;
Reported by FlawFinder.
Tests/Kernel/TestEFault.cpp
15 issues
Line: 49
Column: 14
CWE codes:
362
TEST_CASE(test_efault)
{
int fd = open("/dev/zero", O_RDONLY);
int rc = -1;
// Test a one-page mapping (4KB)
u8* one_page = (u8*)mmap(nullptr, 4096, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
VERIFY(one_page);
Reported by FlawFinder.
Line: 55
Column: 15
CWE codes:
120
20
// Test a one-page mapping (4KB)
u8* one_page = (u8*)mmap(nullptr, 4096, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
VERIFY(one_page);
EXPECT_OK(read, one_page, 4096);
EXPECT_EFAULT(read, one_page, 4097);
EXPECT_EFAULT(read, one_page - 1, 4096);
// Test a two-page mapping (8KB)
u8* two_page = (u8*)mmap(nullptr, 8192, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
Reported by FlawFinder.
Line: 56
Column: 19
CWE codes:
120
20
u8* one_page = (u8*)mmap(nullptr, 4096, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
VERIFY(one_page);
EXPECT_OK(read, one_page, 4096);
EXPECT_EFAULT(read, one_page, 4097);
EXPECT_EFAULT(read, one_page - 1, 4096);
// Test a two-page mapping (8KB)
u8* two_page = (u8*)mmap(nullptr, 8192, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
VERIFY(two_page);
Reported by FlawFinder.
Line: 57
Column: 19
CWE codes:
120
20
VERIFY(one_page);
EXPECT_OK(read, one_page, 4096);
EXPECT_EFAULT(read, one_page, 4097);
EXPECT_EFAULT(read, one_page - 1, 4096);
// Test a two-page mapping (8KB)
u8* two_page = (u8*)mmap(nullptr, 8192, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
VERIFY(two_page);
Reported by FlawFinder.
Line: 63
Column: 15
CWE codes:
120
20
u8* two_page = (u8*)mmap(nullptr, 8192, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
VERIFY(two_page);
EXPECT_OK(read, two_page, 4096);
EXPECT_OK(read, two_page + 4096, 4096);
EXPECT_OK(read, two_page, 8192);
EXPECT_OK(read, two_page + 4095, 4097);
EXPECT_OK(read, two_page + 1, 8191);
EXPECT_EFAULT(read, two_page, 8193);
Reported by FlawFinder.
Line: 64
Column: 15
CWE codes:
120
20
VERIFY(two_page);
EXPECT_OK(read, two_page, 4096);
EXPECT_OK(read, two_page + 4096, 4096);
EXPECT_OK(read, two_page, 8192);
EXPECT_OK(read, two_page + 4095, 4097);
EXPECT_OK(read, two_page + 1, 8191);
EXPECT_EFAULT(read, two_page, 8193);
EXPECT_EFAULT(read, two_page - 1, 1);
Reported by FlawFinder.
Line: 65
Column: 15
CWE codes:
120
20
EXPECT_OK(read, two_page, 4096);
EXPECT_OK(read, two_page + 4096, 4096);
EXPECT_OK(read, two_page, 8192);
EXPECT_OK(read, two_page + 4095, 4097);
EXPECT_OK(read, two_page + 1, 8191);
EXPECT_EFAULT(read, two_page, 8193);
EXPECT_EFAULT(read, two_page - 1, 1);
Reported by FlawFinder.
Line: 66
Column: 15
CWE codes:
120
20
EXPECT_OK(read, two_page, 4096);
EXPECT_OK(read, two_page + 4096, 4096);
EXPECT_OK(read, two_page, 8192);
EXPECT_OK(read, two_page + 4095, 4097);
EXPECT_OK(read, two_page + 1, 8191);
EXPECT_EFAULT(read, two_page, 8193);
EXPECT_EFAULT(read, two_page - 1, 1);
// Check validation of pages between the first and last address.
Reported by FlawFinder.
Line: 67
Column: 15
CWE codes:
120
20
EXPECT_OK(read, two_page + 4096, 4096);
EXPECT_OK(read, two_page, 8192);
EXPECT_OK(read, two_page + 4095, 4097);
EXPECT_OK(read, two_page + 1, 8191);
EXPECT_EFAULT(read, two_page, 8193);
EXPECT_EFAULT(read, two_page - 1, 1);
// Check validation of pages between the first and last address.
ptrdiff_t distance = two_page - one_page;
Reported by FlawFinder.
Line: 68
Column: 19
CWE codes:
120
20
EXPECT_OK(read, two_page, 8192);
EXPECT_OK(read, two_page + 4095, 4097);
EXPECT_OK(read, two_page + 1, 8191);
EXPECT_EFAULT(read, two_page, 8193);
EXPECT_EFAULT(read, two_page - 1, 1);
// Check validation of pages between the first and last address.
ptrdiff_t distance = two_page - one_page;
EXPECT_EFAULT(read, one_page, (u32)distance + 1024);
Reported by FlawFinder.